Web Security

Open source VPN software providers OpenVPN released an update Monday that patches a critical denial-of-service vulnerability.

IBM has fixed a serious vulnerability in its Endpoint Manager product that could allow a remote, unauthenticated attacker to execute arbitrary code on a vulnerable system. The vulnerability lies in the Endpoint Manager for Mobile Devices component of the product and the researchers who discovered it said the bug could be used to compromise not […]

A prominent security researcher has put together a new database of hundreds of thousands of known-good files from ICS and SCADA software vendors in an effort to help users and other researchers identify legitimate files and home in on potentially malicious ones. The database, known as WhiteScope, comprises nearly 350,000 files, including executables and DLLs, […]

Details and exploit code for a vulnerability in Adobe Reader have surfaced and the bug can be used to break out of the Reader sandbox and execute arbitrary code. The bug was discovered earlier this year by a member of Google’s Project Zero and reported to Adobe, which made a change to Reader that made it […]

Google released a new Devices and Activity Dashboard, along with a new security wizard for Google for Work accounts.

The massive Home Depot data breach disclosed earlier this fall involved the theft of 56 million credit and debit card numbers, and now the company has revealed that the incident so far has cost it $43 million. The costs are the result of both the investigation into the data breach as well as the recovery […]

Sony Pictures Entertainment is still in the process of trying to recover from an apparent compromise of some of the company’s computer systems. The attack first came to light on Monday, and the extent of the incident is still emerging. The compromise appears to affect just the networks at SPE, a division of Sony. Reports […]