Details on WordPress Zero Day Disclosed
A Finnish researcher has disclosed details on an unpatched stored cross-site scripting vulnerability in the WordPress core engine.
Vulnerabilities
Second Crypto Bug in Networking Library Could Affect 25,000 Apps
A few weeks after the developers of the AFNetworking library that’s popular among iOS and OS X app developers patched a serious bug in the library that enabled man-in-the-middle attacks, another, similar flaw has surfaced. The new vulnerability is related to how the AFNetworking library handles domain name validation for certificates. As it turns out, the library […]
Siemens Patches Ghost Flaw in Simatic Product
Siemens has released an update for some of its ICS products that are affected but the glibc Ghost vulnerability that was disclosed in January. The vulnerability affected both the Siemens Sinumerik and Simatic HMI Basic applications, which are used in a variety of industrial situations. “The affected products, SINUMERIK, SIMATIC HMI Basic, and Ruggedcom, are used as an […]
The high-profile DDoS attack against GitHub that went on for several days last month was the end result of an operation that included several phases and extensive testing and optimization by the attackers. Researchers at Google analyzed the attack traffic over several weeks and found that the attackers used both Javascript replacement and HTML injections. […]
Enterprises can use existing networking tools to put up internal barriers against hackers in order to frustrate them on to other targets.
SAN FRANCISCO–For years, Apple has enjoyed a pretty good reputation among users for the security of its products. That halo has been enhanced by the addition of new security features such as Gatekeeper and XProtect to OS X recently, but one researcher said that all of those protections are simple to bypass and gaining persistence […]
Researchers stumbled upon a vulnerability recently that can force any iPhone or iPad into a perpetual reboot loop.
Microsoft announced a two-month bug bounty for its new Project Spartan browser.
CERT researcher Will Dormann presented an update on his research looking at Android apps that fail to validate SSL; Google meanwhile, says it will get stricter with enforcement.
SAN FRANCISCO–One of the downsides to being a software company with a huge customer base is that your products are going to be prime targets for attackers. But the flip side to that coin is that you’re going to gather a lot of data about vulnerabilities and attacks. Microsoft has been collecting that data for […]
