A Flash vulnerability that Adobe patched four years ago actually remains exploitable according to a presentation given by a pair of researchers at the TROOPERS security conference.
Browsing Category: Web Security
Cisco is warning customers about several vulnerabilities in some of its IP phones that can allow an attacker to listen in on users’ conversations. The bug affects the Cisco SPA 300 and 500 Series IP phones. Cisco had confirmed the vulnerabilities, which were discovered by Chris Watts, a researcher at Tech Analysis in Australia, and is[…]
Proofpoint discovered that a recent spate of phishing messages contained macros-based attacks that did not execute until the malicious document was closed.
Two researchers took down the four major browsers, Internet Explorer, Firefox, Chrome, and Safari yesterday as Pwn2Own wrapped up in Vancouver.
Yoast addressed a cross-site scripting vulnerability in its Google Analytics WordPress plugin that allows a hacker to store code in the WordPress administrator dashboard that executes upon viewing.
Four different research teams cracked four different products on Wednesday–Adobe Flash, Reader, Mozilla Firefox, and Microsoft Internet Explorer—and collectively earned a payout of $317,000 on the first day of Pwn2Own 2015.
The anticipated high severity patch in OpenSSL is for a denial-of-service vulnerability in the recently released version 1.0.2 that can crash a client or server with a malformed certificate.
Apple released new versions of Safari that patch a number of WebKit vulnerabilities.
Pinterest announced this week that it would begin paying cash rewards through its bug bounty program, and said that its move to HTTPS paved the way.
Researcher Patrick Wardle of Synack is expected this week at CanSecWest to unveil malicious dylib attacks against Apple’s Mac OS X.