Browsing Tag: vulnerabilities

Many industries tend to run in identifiable cycles. Financial services, the auto industry, entertainment–they all have cycles. Because the security industry isn’t nearly as old as any of these, it hasn’t had much of a chance to establish such cycles. But one seems to be appearing now in the form of renewed criticism and distaste for offensive security research.

Read more...

Categories: Vulnerabilities

An Adobe Flash vulnerability fixed last month is being used in targeted attacks right now, with attackers attempting to persuade victims to open a malicious Word document that contains the payload for the Flash bug. The vulnerability has been patched for nearly a month, but history has shown that flaws that have been patched for several months or even years are still quite valuable for targeted attacks.

Read more...

Just two days before the annual Pwn2Own contest is set to begin at CanSecWest, Google has patched a huge set of serious vulnerabilities in its Chrome browser. In addition to the 14 high-risk flaws fixed in Chrome, the company also handed out rewards of $10,000 each to three researchers who regularly submit bugs to Google and have taken home quite a bit of cash in the past as part of the company’s reward program.

Read more...

Categories: Vulnerabilities

There is another new version of Mozilla Firefox available, and version 10.0.1 includes a fix for a critical security vulnerability in the browser. The flaw is a serious use-after-free flaw in a component of the browser that also exists in Thunderbird, SeaMonkey and other Mozilla products.

Read more...

Categories: Vulnerabilities

CANCUN–The offensive security research community has evolved in the last decade or so from a relatively small and insular group inwardly focused, to a large and rather vocal group with a wide variety of motives, opinions and skill levels. But, to hear Brad Arkin of Adobe tell it, the huge amount of talent in that community could be put to better use trying to develop new defensive technologies and techniques rather than searching for the next bug in an infinite sea of bugs.

Read more...