In this Threatpost Op-Ed, Katie Moussouris explains the significance of the newly free availability of ISO Standard 29147 Vulnerability disclosure, and why it keeps an important dialogue open between hackers and industry.
Browsing Category: Vulnerabilities
The Zero Day Initiative has publicly disclosed a pair of serious vulnerabilities in Apple QuickTime for Windows that will not be patched because Apple is deprecating the product.
Mike Mimoso talks to Katie Moussouris about her newly launched consultancy Luta Security, the Hack the Pentagon bug bounty program, and more.
“Double-headed beast” Trojan, GozNym, drains $4 million from banks in past two weeks.
Google updated Chrome to version 50.0.2662.75, patching 20 vulnerabilities, including two high-severity bugs that qualified for rewards.
Current versions of IBM SDK 7 and SDK 8 remain vulnerable to a 2013 Java vulnerability. Security Explorations discovered the original patch is broken and disclosed details on the flaw and a proof-of-concept exploit.
CBS recently fixed a vulnerability in its popular Sports application that could have exposed users to man-in-the-middle attacks and inadvertently leaked personal data.
Microsoft released six critical vulnerabilities in addition to patching the much-hyped Badlock vulnerability.
The much anticipated Badlock vulnerability wasn’t in the SMB protocol after all, but in SAM and LSAD and exposed Windows machines to privilege escalation.
Atmos banking malware has perilous pedigree that includes Citadel and ZeuS.