Mitre Corporation will introduce a pilot program for classifying CVEs in response to critics who contend the agency is failing to keep pace with a massive influx of CVE number requests.
Browsing Category: Vulnerabilities
Thousands of serial servers connected to the internet aren’t password protected and lack encryption, leaving any data that transfers between them and devices they’re connected to open to snooping, experts warn.
Hackers took down Apple Safari and Adobe Flash earning $282,500 in prizes on Wednesday, the first day of the annual Pwn2Own hacking challenge in Vancouver.
New malware called AceDeceiver targets iOS devices in China and enables man-in-the-middle attacks that enable hackers to silently drop apps on infected devices.
VMware patched two cross-site scripting vulnerabilities in its products this week that if exploited, could lead to the compromise of a user’s client workstation.
Malvertisers tricked ad networks to run ads which link to Angler EK on major websites such as Answers.com.
Last week’s OpenSSH security update warrants a close look for users who re-enable X11Forwarding in OpenSSH.
OpenSSH patched a vulnerability that affects all versions of OpenSSH prior to 7.2p2 with X11Forwarding enabled, and could expose files to theft and manipulation.
A patch for a critical 2013 Java vulnerability is incomplete, and exposes Java servers and clients to a sandbox bypass, researchers at Security Explorations of Poland said.
Mike Mimoso and Chris Brook discuss the week in news, including how Amazon is backtracking on encryption when it comes to their devices, a new set of alleged passcode bypasses for iOS, and the new OS X ransomware KeRanger.