Research from the University of Maryland proposes new security metrics that can help enterprises understand risks to their products and prioritize patching and vulnerability management.
Browsing Tag: vulnerabilities
The deadline for a syntax change for CVE identifiers is coming on Jan. 13 when the four-digit format will support five or more. Vendors must update vulnerability management products to support the new syntax.
UPDATE–There are several unpatched, remotely exploitable vulnerabilities in a number of Schneider Electric’s SCADA products, one of which could be used to perform a shutdown of the SCADA server. Another of the vulnerabilities is an authentication bypass that could give an attacker access to sensitive data. The vulnerabilities affect a variety of Schneider Electric StruxureWare[…]
FreeBSD patched a vulnerability in the way the OS handles TCP packet processing that could lead to a denial-of-service attack on a server.
A relatively new exploit kit that exploits old versions of Adobe Flash, Reader and, Silverlight has begun to make the rounds.
The United States Air Force is attempting to enhance its cyber situational awareness in order to contend with “increasingly sophisticated” threats to its networks and systems.
The makers of the popular IDA disassembly and debugging tool have fixed more than a dozen security vulnerabilities in a variety of versions. Some of the vulnerabilities are a couple of years old, and patches are provided for versions from 6.1 up through 6.6. IDA is a tool used by malware analysts, security researchers and[…]
Four different remotely exploitable vulnerabilities were recently discovered and patched in a popular SCADA server.
Some older versions of Apache Tomcat, the company’s open source web server and servlet container, are vulnerable to remote code execution.
Researchers from the University of New Haven have taken to Youtube this week to publicize vulnerabilities in a dozen Android apps, including Instagram, Vine and OKCupid.