Two researchers took down the four major browsers, Internet Explorer, Firefox, Chrome, and Safari yesterday as Pwn2Own wrapped up in Vancouver.
Yoast addressed a cross-site scripting vulnerability in its Google Analytics WordPress plugin that allows a hacker to store code in the WordPress administrator dashboard that executes upon viewing.
Four different research teams cracked four different products on Wednesday–Adobe Flash, Reader, Mozilla Firefox, and Microsoft Internet Explorer—and collectively earned a payout of $317,000 on the first day of Pwn2Own 2015.
The anticipated high severity patch in OpenSSL is for a denial-of-service vulnerability in the recently released version 1.0.2 that can crash a client or server with a malformed certificate.
Researchers are expected to present at CanSecWest a BIOS rootkit that automates BIOS vulnerability discovery and implants persistent malware.
Hackers wriggled their way into the servers of health insurance provider Premera Blue Cross last year, and potentially exposed the information of 11 million members, employees and other associates.
Apple released new versions of Safari that patch a number of WebKit vulnerabilities.
FireEye scanned iOS and Android apps downloaded billions of times in aggregate and determined that, despite the availability of patches, because the apps still connect to vulnerable HTTPS servers, they’re subject to FREAK attacks.
Pinterest announced this week that it would begin paying cash rewards through its bug bounty program, and said that its move to HTTPS paved the way.
Researchers from Royal Holloway University in London published a paper demonstrating inexpensive ways to crack the 512-bit export-grade RSA keys vulnerable to the FREAK attack.