Mozilla has released Firefox 32, the latest version of its browser, which now supports public-key pinning and also includes fixes for several critical security vulnerabilities. The move to support public-key pinning is an important one for Firefox, as it helps protect users against man-in-the-middle attacks that rely on forged certificates. The feature binds a set[…]
Browsing Tag: vulnerabilities
The 2014 IBM X-Force Threat Intelligence Quarterly takes a look back at Heartbleed and how organizations were affected by it.
Google has fixed 50 security vulnerabilities in its Chrome browser, including a critical string of bugs that can allow an attacker to execute arbitrary code outside of the browser’s sandbox. This is one of the larger batches of fixes that Google has produced for Chrome recently. The company releases frequent updates for the browser and often[…]
Tor Executive Director Andrew Lewman told the BBC that intelligence agency insiders share bug information with Tor developers under their bosses’ noses.
An iSEC Partners report examining hardening features of the Tor Browser recommends moving off Firefox to Chrome, but budget and feature constraints make that unlikely.
Siemens released an update for its SIMATIC S7-1500 CPU last week, patching a denial of service vulnerability in the programmable logic controller.
Google patched its Chrome browser this week, fixing 12 vulnerabilities including both a serious information disclosure bug and a use-after-free vulnerability that could let users obtain potentially sensitive information and execute arbitrary code.
Dennis Fisher and Mike Mimoso look back on the news from the last week in Las Vegas at Black Hat and DEF CON, including the Blackphone rooting, the Computrace research and the more upbeat mood at the conferences this year.
There’s a remotely exploitable authentication bypass vulnerability in the BlackBerry Z10 phone that affects the service that lets users share files with machines on a wireless network. The bug could allow an attacker to steal users’ personal data or hit them with targeted malware.
Vulnerabilities in the secure Blackphone reported during DEF CON require unusual circumstances to exploit.