Researchers have identified a serious vulnerability in some versions of Oracle’s MySQL database product that allows an attacker to strip SSL/TLS connections of their security wrapping transparently. The vulnerability is the result of the way that an option in MySQL handles requests for secure connections. Researchers at Duo Security discovered the bug after noticing some[…]
Browsing Tag: vulnerabilities
The manufacturer of a popular projector found primarily in classrooms is neglecting to address several authentication bugs that exist in the device that could open it up to hacks.
Siemens has released an update for some of its ICS products that are affected but the glibc Ghost vulnerability that was disclosed in January. The vulnerability affected both the Siemens Sinumerik and Simatic HMI Basic applications, which are used in a variety of industrial situations. “The affected products, SINUMERIK, SIMATIC HMI Basic, and Ruggedcom, are used as an[…]
Researchers stumbled upon a vulnerability recently that can force any iPhone or iPad into a perpetual reboot loop.
SAN FRANCISCO–The more things change, the more they stay the same. Thirty years ago, Adi Shamir, one of the inventors of the RSA algorithm, was asked to do a keynote speech at a conference and spoke about his laws of computer security. They were a set of principles that he developed over the years relating[…]
SAN FRANCISCO–One of the downsides to being a software company with a huge customer base is that your products are going to be prime targets for attackers. But the flip side to that coin is that you’re going to gather a lot of data about vulnerabilities and attacks. Microsoft has been collecting that data for[…]
A nasty remote code execution vulnerability was recently patched in Magento, eBay’s eCommerce platform
Dropbox has become the latest high-profile Internet firm to start a bug bounty program, hooking up with HackerOne to provide rewards to security researchers who report vulnerabilities through the program. The new reward system from Dropbox covers a variety of the company’s offerings, including the Dropbox and Carousel iOS and Android applications; the Dropbox and Carousel[…]
Oracle’s regularly scheduled Critical Patch Update fixed 98 issues across a handful of products,
SearchBlox, a provider of enterprise search technology, has patched several serious vulnerabilities in its flagship product, including cross-site scripting, cross-site request forgery and other issues. The company, which sells a variety of enterprise search products, has released version 8.2 of the main SearchBlox product to address the vulnerabilities, which were report to the CERT/CC at[…]