Browsing Tag: vulnerabilities

Stonesoft Claims To Find More Evasion Techniques in Security Products

Categories: Vulnerabilities

Four months after it first went public with a warning about widespread vulnerabilities in network security products, Stonesoft said it has found more than 100 new holes, and that security vendors are doing little to address the problem.

Read more...

Chrome 9 Security Update

Categories: Vulnerabilities

Following last week’s release of Chrome 9 and a rather brazen $20,000
offering to anyone who can hack their browser at CanSecWest, Google
released a stable
channel update addressing some security flaws and containing a new version
of Flash Player (10.2).

Read more...

Microsoft Pushes Fix to Disable AutoRun

Categories: Malware, Vulnerabilities

As malware authors and attackers have continued to employ the Windows AutoRun functionality to help spread their malicious creations–culminating famously in the Stuxnet worm–Microsoft has been making gradual changes to help prevent these attacks. This week the company took the major step of putting an optional fix into Windows Update that will disable Autorun.

Read more...

The Joys of Running a Bug Bounty Program

Categories: Vulnerabilities

When Barracuda Networks started its bug bounty program about three months ago, company officials weren’t exactly sure what to expect. They didn’t know whether there’d be an onslaught of submissions or the sound of crickets chirping. The reality turned out to be somewhere in the middle.

Read more...

Adobe Releases Huge Batch of Patches for Flash, Reader and Shockwave

Categories: Vulnerabilities

Adobe has released a massive set of patches that fix vulnerabilities in most of its more popular applications, including a number of critical bugs in Flash, Reader and Shockwave.

Read more...

Microsoft Ships 12 Bulletins in February’s Patch Tuesday

Categories: Vulnerabilities

Microsoft addressed 22 flaws with 12 separate bulletins in February’s edition of Patch
Tuesday, including three bulletins that were rated critical with the remaining nine
rated as important. Among the programs affected are Microsoft Windows, Internet
Explorer, Office, Visual Studio, and IIS.

Read more...

Opera Closes Critical Security Flaw With Version 11.01

Opera has released a new version of its flagship browser, which, among other things, fixes a remotely exploitable critical vulnerability that was disclosed late last week. Opera 11.01 also includes some other stability upgrades.

Read more...

2011’s First Patch Tuesday Fixes Three Windows Flaws

Categories: Vulnerabilities

Microsoft released just two bulletins in this month’s
edition of patch Tuesday. Both bulletins cover vulnerabilities in Windows, and Microsoft is recommending that users install the critical fix for the two vulnerabilities covered in MS11-02 immediately.

Read more...

Ten Years Later, Rethinking Microsoft’s Vuln Ratings

Microsoft’s vulnerability Severity Rating System is closing in on its tenth birthday. While the security landscape has been transformed during that time, the Ratings have endured. But do they still work? Threatpost asked prominent vulnerability researchers to give us their opinion. You may be surprised at what they had to say.  

Read more...

After A Decade, Time To Rethink Microsoft’s Vulnerability Ratings?

Security Experts will tell you that one year is a lifetime in the world of online threats and attacks. But eight years after Microsoft introduced its innovative severity rating system for software vulnerability, the company says its original definitions of what makes a software hole important still apply. Security experts aren’t so sure.

Read more...