Browsing Category: Vulnerabilities

There are several critical vulnerabilities in a middleware layer used in Drupal, including both cross-site scripting and cross-site request forgery bugs, that can be exploited remotely. The vulnerabilities are in the Open Semantic Framework, which is a third-party project and not part of the Drupal Core. The framework is used to allow “structured data (RDF)[…]

Read more...

Dennis Fisher talks with Chris Valasek of IOActive about the new research he did with Charlie Miller on remotely hacking a Jeep, how the disclosure process worked, what auto makers can do to secure their vehicles’ on-board systems, and how much of a threat these attacks pose to drivers.

Read more...

UPDATE–As if all of the vulnerabilities in Flash and Windows discovered in the Hacking Team document cache and the 193 bugs Oracle fixed last week weren’t enough for organizations to deal with, HP’s Zero Day Initiative has released four new zero days in Internet Explorer Mobile that can lead to remote code execution on Windows Phones.[…]

Read more...

Car hacking is a relatively new phenomenon, but it is evolving at a frighteningly quick pace. While just a year or two ago security researchers were still trying to work out exactly how the internal electronics and communications gear in vehicles works, now a pair of researchers has discovered a method to compromise some Chrysler vehicles remotely[…]

Read more...

As the clock winds down on the comment period for the United States government’s proposed implementation of the Wassenaar Arrangement export controls for intrusion software, Google officials say that the rules would have a “significant negative impact” on security research. The Department of Commerce’s Bureau of Industry and Security has proposed a set of regulations[…]

Read more...