Cisco has released patches for three vulnerabilities in its Secure Access Control System, including two flaws that could enable a remote attacker to take complete control of an affected system.
Twitter has begun enforcing HTTPS connections between applications and its API.
Among the 144 patches released as part of Oracle’s quarterly Critical Patch Update were 36 patches for Java, a prominent reminder the Java security house is still not in order.
Bug bounty programs, for the most part, have been the domain of large software vendors and Web companies such as Google, Mozilla, Microsoft, PayPal and Facebook. But some smaller companies are now getting involved, with the latest one to announce a bounty being Wickr, the maker of secure messaging apps for Android and iOS, and[...]
In a mostly friendly and non-confrontational hearing on Tuesday, members of the Senate Judiciary Committee spent a couple of hours talking to members of the White House-appointed NSA review board about the extent of the agency’s surveillance and the panel’s recommendations for reform
Adobe patched five critical vulnerabilities in its Flash, Reader, and Acrobat Players that could give attackers the ability to cause crashes and wrest control of affected machines.
Microsoft released four security bulletins today as part of its January 2014 Patch Tuesday updates. All of the bulletins are rated important, including a patch for a zero day in Windows XP.
Google has fixed five vulnerabilities in its Chrome browser and also has activated a feature that will block malicious file downloads automatically. The change is a major security upgrade for Chrome and will help prevent users from unwittingly downloading harmful files, an attack vector that attackers count on for the success of drive-by downloads and other attacks.
US-CERT issued an alert warning of the recent rash of network time protocol (NTP) amplification attacks. NTP attacks have been blamed for recent DDoS attacks against popular online gaming sites.
Dennis Fisher talks with Rich Mogull of Securosis about the Target data breach, how the attack may have worked, why these breaches are still so common and what can be done to improve the situation.