Vulnerabilities in Stagefright, which processes media formats in Android, put 950 million devices at risk to remote attacks.
Officials at the United States Census Bureau say that the attackers who compromised one of the bureau’s databases last week did not get access to any confidential information, but only data such as names and phone numbers of organizations that submit information to the Federal Audit Clearinghouse. The data breach appears to have hit only[…]
The commenting period regarding the Wassenaar Arrangement expired on Monday but the echo chamber around the largely maligned proposal continues to reverberate.
A few days after issuing a patch and reassuring owners that the attack that shut down the transmission and other systems remotely on a Jeep was not a huge risk, Fiat Chrysler has decided to recall nearly 1.5 million vehicles as a result of the bug exposed in the research. The recall is the result of[…]
Chaouki Bekrar, the founder of VUPEN, has announced a new zero-day acquisition firm Zerodium.
There are several critical vulnerabilities in a middleware layer used in Drupal, including both cross-site scripting and cross-site request forgery bugs, that can be exploited remotely. The vulnerabilities are in the Open Semantic Framework, which is a third-party project and not part of the Drupal Core. The framework is used to allow “structured data (RDF)[…]
WordPress rolled out a new version of its content management system this morning that addresses a nasty cross-site scripting (XSS) vulnerability that could ultimately lead to site compromise.
Dennis Fisher talks with Chris Valasek of IOActive about the new research he did with Charlie Miller on remotely hacking a Jeep, how the disclosure process worked, what auto makers can do to secure their vehicles’ on-board systems, and how much of a threat these attacks pose to drivers.
UPDATE–As if all of the vulnerabilities in Flash and Windows discovered in the Hacking Team document cache and the 193 bugs Oracle fixed last week weren’t enough for organizations to deal with, HP’s Zero Day Initiative has released four new zero days in Internet Explorer Mobile that can lead to remote code execution on Windows Phones.[…]
Some strains of Bartalex malware, a macro-based malware that first surfaced earlier this year, are dropping Pony malware and the Dyre banking Trojan.