The OpenSSL Project has released several new versions of the software that fix eight security vulnerabilities, including several certificate issues and a couple of denial-of-service flaws. The patches included in OpenSSL 1.0.0p, 1.0.1k and 0.98zd are not for critical or high-risk vulnerabilities, but they do fix some interesting vulnerabilities. Two of the bugs are rated moderate and the other[…]
Browsing Tag: vulnerabilities
Researchers have detected a malvertising campaign running on a pair of sites owned by Huffington Post that is using ads distributed through an AOL ad network. The attack is sending victims through a series of redirects that eventually brings them to a landing page that is running an exploit kit.
A researcher has called out U.K.-based personalized greeting card vendor Moonpig for a 17-month-old vulnerability that puts customer and payment card data at risk.
The maintainers of the Openwall security enhanced Linux distribution have released a new stable version, which includes fixes for a number of serious vulnerabilities, such as the Shellshock Bash bug and the flaw in SSLv3 that leads to the POODLE attack.
A new year begins at midnight and Threatpost highlights seven things you’re bound to contend with in 2015.
Researchers Tobias Engel and Karsten Nohl demonstrated serious vulnerabilities in the SS7 protocol for cellular service, putting the privacy of phone calls and users’ location data at risk for intercept.
HP’s Zero Day Initiative has decided to adjust its guidelines and criteria or buying some vulnerabilities in the future, eliminating some large classes of bugs from its menu. The group, which has been among the more visible and prominent of the vulnerability purchasing programs since its inception several years ago, has decided that it will[…]
The wonderful and terrifying thing about the security world is that things never stay calm for long. As soon as you think you have a chance to catch your breath, someone breaks something and it’s time to scramble again. In 2014, those small moments of downtime were hard to come by.
Staples confirmed that it lost close to 1.2 million payment cards in a data breach lasting close to six months and affecting 115 locations in 35 states.
Researchers have identified a wide range of vulnerabilities in remote terminal units manufactured by Emerson Process Management that are widely used in oil and gas pipelines and other applications. The vulnerabilities include a number of hidden functions in the RTUs, an authentication bypass and hardcoded credentials. All of the vulnerabilities are remotely exploitable and an[…]