Researchers recently discovered a smattering of vulnerabilities in web applications and mobile applications belonging to companies like Yahoo, PayPal, Magento, and Shopify that could have led to account theft, session hijacking, phishing, among other consequences.
Browsing Tag: vulnerabilities
There is a series of stack buffer overflows in nearly 20 ICS products manufactured by Japanese vendor Yokogawa that can lead to remote code execution. The bugs affect a long list of the company’s products, which are used in a variety of industries around the world. The Yokogawa products are mainly control systems, plant-management systems, event-analysis[…]
A pair of modules included in the Drupal content management system have been updated to fix access bypass vulnerabilities that could allow an attacker to take actions on the behalf of some users. One of the modules fixed is the Twitter module, which allows users to take a variety of actions, including pulling in public[…]
About a decade ago, many large software makers learned some very difficult lessons about software security and building security into their products from the start. Some are still learning. The FTC and a variety of security experts are hoping that today’s crop of start-ups will not have to go through that same painful process. The FTC[…]
After more than a year of legal wrangling, the federal government has agreed to hand over its policy on vulnerability use and disclosure. The government had said that the policy was classified and too sensitive to release, but relented late last week and sent the document to the EFF, albeit a heavily redacted version. Know as[…]
Officials at Mozilla discovered that an attacker was able to compromise a Bugzilla user’s account by using a password taken from a data breach on a separate site.
Cisco has patched a remote file-overwrite vulnerability in a couple of its products that could allow an attacker to replace arbitrary files and cause target systems to become unstable.
Multiple weaknesses exist in AppLock, a popular lock application for Android devices that boasts over 100 million users.
The CERT/CC is warning users that some Belkin home routers contain a number of vulnerabilities that could allow an attacker to spoof DNS responses, intercept credentials sent in cleartext, access the web management interface, and take other actions on vulnerable routers. The vulnerabilities affect the Belkin N600 DB Wireless Dual Band N+ router, model F9K1102 v2 with[…]
There is a serious, remotely exploitable vulnerability in the Device Type Manager library used in a long list of industrial process automation and measurement products sold by German firm Endress+Hauser that can cause affected products to hang indefinitely.