Exploit vendor Zerodium will host a month-long million-dollar bug bounty focused on Apple iOS 9.
Browsing Category: Vulnerabilities
As expected, Google formally announced its intent to move away from the stream cipher RC4 and the protocol SSLv3 this week, citing a long history of weaknesses in both.
Private keys used to sign D-Link software were included in open-source firmware published by the company.
Bugzilla users should upgrade to current versions after a privilege escalation vulnerability was reported and patched.
Schneider Electric has published new firmware for its StruxureWare Building Expert building automation system that patches a remotely exploitable vulnerability.
Google recently patched a lockscreen bypass in its Android-based Nexus phones that was discovered and reported by the University of Texas Information Security Office.
WordPress upgraded to 4.3.1, patching a pair of vulnerabilities in the core engine, including a cross-site scripting issue enabled by a vulnerability in shortcodes.
Cisco routers are built into the fabric of the Internet and enterprise networks, a fact that makes them highly attractive targets for attackers. Researchers at FireEye have come across attacks recently in which hackers have been modifying the firmware of Cisco routers and using that foothold to maintain persistence on the victim’s network. Such a technique[…]
Researchers with a DARPA-led team are looking into new ways to combat reverse engineering by using obfuscation to tidy up shoddy commercial and government security.
The maintainers of Debian have released new packages to fix several vulnerabilities, including a number of bugs in PHP and an unspecified flaw in Oracle’s VirtualBox application. Among the patches is one for the VirtualBox bug, which is difficult to describe, because Oracle no longer publishes any security information on VirtualBox. “This update fixes an unspecified[…]