A new version of Adobe Shockwave Player patches two memory corruption vulnerabilities that could lead to remote code execution.
There was a cross-site scripting vulnerability in an eBay domain that could have allowed an attacker to steal users’ session cookies and take over their accounts. The company has removed the vulnerable page, according to the researcher who discovered the bug and disclosed it to eBay, Aditya Sood. The vulnerability existed on an eBay subdomain,[…]
After more than a year of legal wrangling, the federal government has agreed to hand over its policy on vulnerability use and disclosure. The government had said that the policy was classified and too sensitive to release, but relented late last week and sent the document to the EFF, albeit a heavily redacted version. Know as[…]
Officials at Mozilla discovered that an attacker was able to compromise a Bugzilla user’s account by using a password taken from a data breach on a separate site.
The Department of Justice has established a new policy that requires federal law enforcement agents–and state and local agencies working with the department–to obtain search warrants in order to use Stingray devices.
Dennis Fisher and Mike Mimoso talk about the potential US sanctions against China over cyberespionage, the browser vendors dumping RC4, the trouble at Mobile Pwn2Own and more security news of the week.
HP, a longtime sponsor of the Pwn2Own hacking contests, has decided it will not participate in November’s Mobile Pwn2Own event in Japan because of concerns over the country’s implementation of the Wassenaar Arrangement rules.
Cisco has patched a remote file-overwrite vulnerability in a couple of its products that could allow an attacker to replace arbitrary files and cause target systems to become unstable.
A new strain of Android ransomware disguised as a video player app uses an instant messaging protocol called XMPP to receive commands and communicate with the command and control server.
Dennis Fisher talks with Window Snyder of Fastly about her early interest in technology, what it was like meeting the L0pht crew at the MIT Flea as a teenager, her time at @stake, working on XP SP2 at Microsoft, Apple’s security evolution and much more.