Cisco has patched a string of serious vulnerabilities in its IOS networking software, including some that could be used for remote code execution, and also fixed flaws in some of its other products. In all, Cisco released 10 advisories, nine of which concerned IOS vulnerabilities.
Browsing Tag: vulnerabilities
Bug bounty programs have been around in various forms for more than 15 years now, and many of the larger software companies, including Mozilla and Google, have established rewards for people who report bugs. But, aside from the amount of money that’s paid out when bugs are fixed, there hasn’t been much raw data available about the the way the programs operate. Now, Mozilla has released some numbers on its program that show how effective it has been.
Microsoft has relased a security advisory about the TLS/SSL attack developed by Juliano Rizzo and Thai Duong and also has made a FixIt tool available to help server administrators switch on support for newer versions of the protocol that aren’t vulnerable to the attack.
The revelation last week that researchers Thai Duong and Juliano Rizzo had developed a new attack on SSL that gives them the ability to decrypt some protected sessions on the fly sparked a lot of discussions about the inherent problems of the protocol and whether it has outlived its usefulness. But it’s not just SSL that’s the problem; it’s the slow accumulation of security problems in the key protocols and systems on which the Internet–and much of our world–rely that has become the real issue.
Malware that targets Mac OS X isn’t anywhere near catching up to Windows-based malware in terms of volume and variety, but it seems that OS X malware may be adopting some of the more successful tactics that Windows viruses have been using to trick users. Researchers have come across a sample of an OS X-based Trojan that disguises itself as a PDF file, a technique that’s been in favor among Windows malware authors for several years now.
With the release of the BEAST SSL attack research due tomorrow, researchers are beginning to take note of potential fixes and mitigations for the attack. One of the possibilities is moving to newer versions of TLS that are not vulnerable to the attack, but the problem is that there is precious little adoption of those newer versions.
Adobe is pushing out an emergency security bulletin today in concert with a Google Chrome update to address six critical vulnerabilities in versions of its Flash Player, the company said in an email statement.
SAN FRANCISCO–It’s no secret that attackers have made Adobe’s products key targets for the last couple of years, routinely going after bugs in Reader, Flash and Acrobat in targeted attacks and widespread campaigns alike. But it’s not just the rank-and-file bad guys who are making Adobe a priority; it’s more often nation-states, the company’s top security official said.
SAN FRANCISCO–There are dozens of new bugs discovered every week in popular applications, and many of them are painted as critical flaws that need to be patched immediately lest you risk the wrath of the attackers. However, in many cases, it’s not necessarily those highly publicized flaws that will end up leading to a major data theft, it’s the problems lurking underneath the top layer that are the real killers.