The dangerous Angler exploit kit has a new piece of ammunition to use in its attacks: a fresh Adobe Flash zero-day vulnerability.
A researcher has developed a bypass for Microsoft’s latest memory corruption mitigations in Internet Explorer, Heap Isolation and Delay Free.
Two flaws in Schneider Electric’s ETG3000 FactoryCast HMI Gateway allow unauthenticated remote access to the device’s FTP server and configuration file.
Oracle’s January 2015 Critical Patch update includes a fix for a backdoor found in the Oracle E-Business Suite by researcher David Litchfield. The patch is among 169 released in the CPU.
Researchers have peeled back more layers on Vawtrak, a relatively new banking Trojan so complex that those who have taken it apart have likened it to a Matryoshka, or Russian nesting doll.
Ubuntu has released a number of patches for security vulnerabilities in several versions of the OS, including some remote code execution flaws in Thunderbird, which is included with Ubuntu. Thunderbird is Mozilla’s email client, and the company recently fixed several memory corruption vulnerabilities, along with a cross-site request forgery bug and a flaw that could lead to[…]
Researchers describe an attack leverage Siri on jailbroken iOS devices to steal secrets such as credit card numbers or passwords.
Oracle on Tuesday will release a huge number of security fixes as part of its quarterly critical patch update, and one of them is a patch for a vulnerability that a well-known security researcher said looks a lot like a back door but was likely just a terrible mistake. The flaw is found in Oracle’s[…]
A cross site request forgery vulnerability in GoDaddy domain settings has been patched two days after it was reported to the domain registrar.
The Cisco 2015 Annual Security report shows that CISOs and other security personnel are confident about their strategies despite that they are not patching.