Vulnerabilities

Facebook Bug Bounty Submissions Climb in 2014

Facebook released final numbers on 2014 submissions and payouts from its bug bounty program, showing continued growth in both areas.

More than 1 Million WordPress Sites Open to SQL Injection Attacks

More than one million different WordPress sites may be vulnerable to a critical plugin issue that could lead to SQL injections and in turn, total site takeover.

Google Pwnium Program Now Open All Year

Google is expanding its successful Pwnium vulnerability reward program–which has run at various security conferences for a couple of years now–to run continuously and offer an unlimited pool of financial rewards. Pwnium originally was established as an alternative to the Pwn2Own hacking contest at CanSecWest every spring. The Pwn2Own contest has been the origin of […]

PrivDog Poses Bigger Risk Than Superfish

by Michael Mimoso

February 24, 2015

Software called PrivDog has been unearthed with a similar Superfish-type vulnerability that breaks SSL connections.

Mike Mimoso on SAS 2015

by Dennis Fisher

February 23, 2015

Dennis Fisher and Mike Mimoso discuss their takeaways from the SAS 2015 conference, including the Equation Group APT analysis, hacking car washes, indexing the dark web and hacking home appliances.

Katie Moussouris on Starting a Bug Bounty Program

by Chris Brook

February 23, 2015

In this video from last week’s Security Analyst Summit, HackerOne’s Katie Moussouris explains the main thing companies that want to start a bounty program or vulnerability incentive program need to know: There is no one size fits all.

Trey Ford on Mapping the Internet with Project Sonar

by Dennis Fisher

February 20, 2015

Trey Ford from Project Sonar describes the group’s initiative at Kaspersky’s Security Analyst Summit. The Rapid 7 service scans public-facing networks for apps, software, and hardware, then analyzes that cache of information to gain insight to trends and common vulnerabilities.

Lenovo Superfish Certificate Password Cracked

by Michael Mimoso

February 19, 2015

Researcher Rob Graham has cracked the certificate password for Superfish adware pre-installed on Lenovo laptops.

‘Yes, Your Car Wash Is On Facebook’

by Dennis Fisher

February 19, 2015

Looking in one of the more obscure corners of the web, Billy Rios discovered how to hack automated car wash equipment.

Tracking Malware That Uses DNS for Exfiltration

by Chris Brook

February 17, 2015

Attackers have long used distributed denial of service attacks to knock domain-name servers offline but over the last several months malware creators have taken to using DNS requests to tunnel stolen data.

Vulnerabilities

Facebook Bug Bounty Submissions Climb in 2014

More than 1 Million WordPress Sites Open to SQL Injection Attacks

Google Pwnium Program Now Open All Year

PrivDog Poses Bigger Risk Than Superfish

Mike Mimoso on SAS 2015

Katie Moussouris on Starting a Bug Bounty Program

Trey Ford on Mapping the Internet with Project Sonar

Lenovo Superfish Certificate Password Cracked

‘Yes, Your Car Wash Is On Facebook’

Tracking Malware That Uses DNS for Exfiltration

InfoSec Insider

Securing Your Move to the Hybrid Cloud

Why Physical Security Maintenance Should Never Be an Afterthought

Conti’s Reign of Chaos: Costa Rica in the Crosshairs

How War Impacts Cyber Insurance

Rethinking Vulnerability Management in a Heightened Threat Landscape

Topics

Authors

Threatpost

Vulnerabilities

InfoSec Insider

Topics

Authors

Threatpost

Infosec Insider Post

Sponsored Content