Developers with the service Pocket recently fixed some vulnerabilities that could have allowed users to exfiltrate data, including sensitive information regarding web services, internal IP addresses, and more.
Browsing Category: Web Security
Italian researcher Luca Todesco explains how exploiting two vulnerabilities in OS X gain enable root access for a hacker. He won’t, however, say why he went public with details and exploit code before Apple patched.
Microsoft released an out-of-band patch for an Internet Explorer vulnerability under attack.
The Core Infrastructure Initiative, which has funded OpenSSL among other open source security projects, announced a badge program that evaluates secure development best practices.
Adobe pushed out a hotfix for LiveCycle Data Services patching an XXE vulnerability in BlazeDS.
Level 3 Communications has discovered a new type of reflection DDoS attack that takes advantage of RPC Portmapper to overwhelm networking services.
Vulnerabilities in Schneider Electric SCADA gear remain unpatched close to two weeks after they were disclosed during DEF CON.
Researchers warn several BitTorrent protocols can be leveraged to carry out distributed reflective denial of service (DRoS) attacks.
Published reports say that AT&T was the National Security Agency’s primary telecommunications partner and facilitated much of its surveillance efforts around telephone and Internet traffic collection.
Apple released hordes of patches for OS X, iOS, Safari and iOS Server, including fixes for the DYLD vulnerability disclosed in July.