Looking to put pressure on software vendors who procrastinate on fixing security flaws, the world’s biggest broker of vulnerability data is drawing a line in the sand.Starting August 4, TippingPoint’s Zero Day Initiative (ZDI) will enforce a six-month deadline for patches on all vulnerabilities bought from the security research community and reported to software vendors.
Microsoft has rushed out and emergency patch for all supported versions of Windows to cover a gaping — and under attack — security flaw in the way shortcuts are displayed by the operating system.
LAS VEGAS — Using home-brewed software tools and exploiting a gaping security hole in the authentication mechanism used to update the firmware on automated teller machines (ATMs), a security researcher hacked into ATMs made by Triton and Tranax and planted a rootkit that dispensed cash on demand.
LAS VEGAS — Microsoft today released a new tool to help IT administrators backport anti-exploit mitigations like ASLR (Address Space Layout Randomization) and DEP (Data Execution Prevention) to older versions of Windows.
LAS VEGAS — Adobe’s push to beef up its security posture took another leap forward here with the announcement of plans to start sharing details on software vulnerabilities with security vendors ahead of time to help reduce the window of exposure to hacker attacks.
A prominent security researcher is urging users of Apple’s Safari browser to immediately turn off the AutoFill feature to block hackers from stealing sensitive information.
According to Jeremiah Grossman, founder and Chief Technology Officer of WhiteHat Security, the AutoFill Web Forms feature can be hacked to steal data from the computer’s address book.
Cisco has shipped a critical bulletin to warn about a serious security hole in the Cisco Internet Streamer application, which is part of the Cisco Content Delivery System. In an advisory, Cisco warned that exploitation of this vulnerability may allow a remote, unauthenticated attacker to obtain sensitive information, including password files and system logs.
Dell has confirmed that some of its PowerEdge server motherboards were shipped to customers with malware code on the embedded server management firmware.The infected motherboard was found on replacement Dell PowerEdge R410 rack servers, according to a post on a Dell support forum.
Mozilla has shipped a mega patch for Firefox to fix a total of 16 security flaws that expose Web surfers to drive-by download, data theft and local bar spoofing attacks.The latest Firefox 3.6.7 update includes fixes for nine “critical” issues that could be exploited to launch remote code execution attacks. Two of the 16 bugs are rated “high risk” while five carry a “moderate” severity rating.
The next major version of Adobe’s PDF Reader will feature new sandboxing technology aimed at curbing a surge in malicious hacker attacks against the widely deployed software.The security feature, called “Protected Mode,” is similar to the Google Chrome sandbox and Microsoft Office 2010 Protected Viewing Mode, according to Adobe’s security chief Brad Arkin.
Infosec Insider content is written by a trusted community of Threatpost cybersecurity subject matter experts. Each contribution has a goal of bringing a unique voice to important cybersecurity topics. Content strives to be of the highest quality, objective and non-commercial.
Sponsored Content is paid for by an advertiser. Sponsored content is written and edited by members of our sponsor community. This content creates an opportunity for a sponsor to provide insight and commentary from their point-of-view directly to the Threatpost audience. The Threatpost editorial team does not participate in the writing or editing of Sponsored Content.
