In the days and weeks following the public disclosure of the OpenSSL Heartbleed vulnerability in April, security researchers and others wondered aloud whether there were some organizations–perhaps the NSA–that had known about the bug for some time and had been using it for targeted attacks. A definitive answer to that question may never come, but[…]
Browsing Tag: vulnerabilities
A handful of bugs, mostly XSS and CSRF vulnerabilities, have been plaguing at least eight different WordPress plugins as of late.
Mozilla has released Firefox 32, the latest version of its browser, which now supports public-key pinning and also includes fixes for several critical security vulnerabilities. The move to support public-key pinning is an important one for Firefox, as it helps protect users against man-in-the-middle attacks that rely on forged certificates. The feature binds a set[…]
The 2014 IBM X-Force Threat Intelligence Quarterly takes a look back at Heartbleed and how organizations were affected by it.
Google has fixed 50 security vulnerabilities in its Chrome browser, including a critical string of bugs that can allow an attacker to execute arbitrary code outside of the browser’s sandbox. This is one of the larger batches of fixes that Google has produced for Chrome recently. The company releases frequent updates for the browser and often[…]
Tor Executive Director Andrew Lewman told the BBC that intelligence agency insiders share bug information with Tor developers under their bosses’ noses.
An iSEC Partners report examining hardening features of the Tor Browser recommends moving off Firefox to Chrome, but budget and feature constraints make that unlikely.
Siemens released an update for its SIMATIC S7-1500 CPU last week, patching a denial of service vulnerability in the programmable logic controller.
Google patched its Chrome browser this week, fixing 12 vulnerabilities including both a serious information disclosure bug and a use-after-free vulnerability that could let users obtain potentially sensitive information and execute arbitrary code.
Dennis Fisher and Mike Mimoso look back on the news from the last week in Las Vegas at Black Hat and DEF CON, including the Blackphone rooting, the Computrace research and the more upbeat mood at the conferences this year.