The Linux Foundation’s Core Infrastructure Initiative announced it was releasing to open source data from the Census Project, which uses metrics identify under-resourced open source projects at risk.
Browsing Category: Vulnerabilities
Security researchers and software vendors have spent decades trying to work out the process of vulnerability disclosure, with limited success. Now the federal government is joining the fray in hopes of getting the two sides to play nice. The National Telecommunications and Information Administration, a unit of the Department of Commerce, is launching what it[…]
Security company Volexity said that the Wekby APT group, allegedly responsible for hitting Community Health Systems last year, is using the Hacking Team Flash Player zero-day exploit.
A high-severity bug in OpenSSL was disclosed today, and it affects only organizations that installed an update released in June, and allows anyone with an untrusted TLS certificate to become a CA.
There’s a severe vulnerability in the way that all versions of Android handle the restoration of backups that can allow an attacker to inject a malicious APK file into the backup archive.
Mozilla has rolled out a new version of its Firefox browser, an update that includes patches for four critical security vulnerabilities and several less-severe bugs.
Three exploit kits–Angler, Nuclear Pack and Neutrino–have already weaponized the Adobe Flash Player zero day found among the data stolen from Hacking Team.
Adobe is expected tomorrow to patch a Flash zero day vulnerability uncovered among the data stolen in the Hacking Team breach.
Developers at Node.js over the weekend released a critical update to the runtime environment that addresses a bug that could be used to cause denial of service attacks.
Thirteen cryptography leaders and pioneers published a paper warning of the economic and social pitfalls associated with the government’s desire for “exceptional access” to cryptographic keys.