The Federal Aviation Administration needs to upgrade and update its information security capabilities–including building a threat-modeling capability and implementing federal security guidelines–in order to ensure the safety of the nation’s aviation infrastructure, according to a new report by the General Accounting Office. The report is the result of a review of the FAA’s security practices[…]
SearchBlox, a provider of enterprise search technology, has patched several serious vulnerabilities in its flagship product, including cross-site scripting, cross-site request forgery and other issues. The company, which sells a variety of enterprise search products, has released version 8.2 of the main SearchBlox product to address the vulnerabilities, which were report to the CERT/CC at[…]
Researchers at Bishop Fox disclose details on a patched authentication vulnerability in the AirDroid web application that could give attackers remote control over Android devices.
Apple recently fixed a cookie vulnerability that existed in all versions of Safari – iOS, OS X, and Windows – that may have affected 1 billion devices.
Microsoft and Adobe released security bulletins addressing critical vulnerabilities in their respective products.
Dell released its annual threat report yesterday, ringing the alarm bells on point-of-sale and industrial control system attack in 2014 and beyond.
Google has released Chrome 42, a major security upgrade to the browser that includes patches for 45 vulnerabilities. The latest version of Chrome carries with it fixes for a number of high-severity bugs, including a cross-origin bypass in the HTML parser. That vulnerability earned an anonymous security researcher a reward of $7,500 from Google. In all,[…]
Data breaches are expensive to victim organizations, but that cost is going down, according to Verizon, which today released its annual Data Breach Investigations Report.
It’s an interesting time for certificate authorities. On the one hand, interest has never been higher in Web encryption, privacy and transport security, thanks to Edward Snowden. But on the other hand, the last few years has seen a steady stream of compromises of CAs, mis-issued certificates and other problems. CAs hold the security and[…]
The US-CERT is warning administrators and network operators that a misconfiguration issue with some DNS servers that has been known about for more than 15 years and can give attackers detailed information about DNS zones is coming back around thanks to new scans that show a high number of servers vulnerable to the issue. The problem[…]