UPDATE–A security researcher has identified a pair of security issues in Facebook, one of which can be used to to upload an arbitrary file to the site, and the other of which can allow an attacker to gain control of a victim’s machine under some limited circumstances with user interaction. The more serious of the vulnerabilities, which[…]
Browsing Tag: vulnerabilities
Apple has patched the FREAK SSL vulnerability, along with a nasty bug that could’ve allowed a remote attacker to restart a user’s iPhone via SMS, with the release of iOS 8.2. The new version of Apple’s mobile operating system contains a number of vulnerability fixes, with the FREAK patch being the most prominent among them.[…]
NCC Group Cryptography Services announced it will shortly begin an audit of OpenSSL.
Software, from web apps, to operating systems to firmware, has been abused and exploited every which way from Sunday for decades by both researchers and attackers. Now, it is hardware’s turn in the spotlight, as researchers have published details of a new method for exploiting a problem with some DRAM memory devices that can allow[…]
Dennis Fisher and Mike Mimoso talk about the FREAK SSL vulnerability and the glorious debut of CSI: Cyber!
Google released the latest build of its browser Tuesday, Chrome 41.0.2272.76, patching 51 different bugs and paying out over $50,000 in bounties.
For the nth time in the last couple of years, security experts are warning about a new Internet-scale vulnerability, this time in some popular SSL clients. The flaw allows an attacker to force clients to downgrade to weakened ciphers and break their supposedly encrypted communications through a man-in-the-middle attack. Researchers recently discovered that some SSL[…]
A GAO report takes the Federal Aviation Administration to the woodshed over its sub-par information security controls and policies.
Some D-Link routers contain a vulnerability that leaves them open to remote attacks that can give an attacker root access, allow DNS hijacking and other attacks. The vulnerability affects affects a number of D-Link’s home routers and the key details of the flaw have been made public by one of the researchers who discovered it.[…]
Remote code execution vulnerabilities in Seagate Business NAS firmware were disclosed after a 100-plus day deadline passed without a fix from the vendor.