Vulnerabilities

Adobe released updates for both its Flash Player and AIR software yesterday, patching four critical vulnerabilities, including one that was exposed at last month’s Pwn2Own hacking competition.

The list of products and sites affected by the OpenSSL heartbleed vulnerability continues to grow, and as security teams implement the patch and dig into the thornier work of revoking certificates, a new problem is emerging: It’s difficult to know whether an attacker has exploited the vulnerability on a given system.

Etsy security engineer Kenneth Lee told Source Boston attendees about the online marketplace’s application security program, in particular its use of Feature Flags.

The BEAST attack on some TLS implementations made major news when it was disclosed, showing that attackers could intercept and decrypt SSL-protected sessions in real time, breaking a significant portion of the confidentiality model of the protocol. Vendors rushed to patch and implement mitigations. That was in 2011. Nearly three years later, Siemens is pushing […]

As expected, Microsoft issued its final epitaph for Windows XP today, pushing out four security bulletins for 11 vulnerabilities, including the last updates it will address in the oft maligned, thirteen-year-old operating system.

Dow Jones head of cyber risk Justine Aitel stressed the importance of softer skills in the maturity of the security industry.

Google has patched a long list of serious security vulnerabilities in Chrome, including at least 19 highly rated flaws. The company patched a total of 31 vulnerabilities in Chrome 34 and paid out more than $28,000 in rewards to researchers who reported bugs to Google. Among the security fixes in Chrome 34 are patches for […]