Vulnerabilities & Flaws

iPhone hacker reveals SMS vulnerability

Dan Kaplan July 02, 2009

A security researcher on Thursday unveiled a new iPhone SMS vulnerability, according to reports out of the SyScan Conference in Singapore.
 

Juniper pulls researcher's Black Hat ATM talk

Dan Kaplan July 01, 2009

Black Hat is still a month away, but it is already making news after a planned presentation, which would have shown how to force ATMs to give cash, was pulled.
 

Weak programs = 2.7 billion

Angela Moscaritolo June 24, 2009

PC users in the U.S. are running a total of 2,720,800,000 vulnerable programs, according to security vendor Secunia. That statistic comes from information gathered through Secunia's vulnerability scanning tool. Users who scanned their computer using Secunia's tool for the first time had an average of 12 unpatched programs. Secunia extrapolated from the 227 million internet users in the U.S. to arrive at the total number of vulnerabilities. — AM
 

Adobe updates Shockwave

Angela Moscaritolo June 24, 2009

Adobe on Tuesday released a new Shockwave Player version to address a "critical" vulnerability that could allow an attacker to remotely take control of an affected system. The vulnerability affects Shockwave Player 11.5.0.596 and all earlier versions running on the Windows platform. Adobe recommended users install the updated version, 11.5.0.600. The US-CERT also encouraged users to upgrade. — AM
 

Google patches Chrome

Dan Kaplan June 23, 2009

Google has plugged a hole in is Chrome browser to fix an issue that could have enabled an attacker to cause a browser crash and execute arbitrary code, according to a company blog post. Version 2.0.172.33, released Monday, is patched for the buffer overflow vulnerability, rated "critical" by Google and discovered internally. Chrome automatically updates itself and requires no user action. It has about a six percent share in the browser market. — DK
 

Facebook bloggers reveal way to peek at private profiles

Dan Kaplan June 22, 2009

Another day, another social-networking threat -- this one involving the potential of information disclosure on Facebook.
 

Black Hat topics include hacking parking meters, social networks

Angela Moscaritolo June 19, 2009

Researchers are set to discuss a wide range of topics at the annual Black Hat conference.
 

Latest upgrade to iPhone includes 46 security fixes

Greg Masters June 18, 2009

Apple on Wednesday released the long-anticipated upgrade to its iPhone operating system.
 

Security expert wants feds to recruit volunteer pen testers

Dan Kaplan June 18, 2009

One respected security researcher wants to legalize the hacking of federal government and military websites -- and he wants everyone to hear him out.
 

"Nine-Ball" mass injection attack compromised 40,000 sites

Angela Moscaritolo June 17, 2009

A new threat dubbed "Nine-Ball" has compromised up to 40,000 legitimate websites that are now infecting users with an information-stealing trojan, according to security vendor Websense.
 

Google responds to call for more security

Chuck Miller June 17, 2009

In reaction to a letter from 37 respected names in the computer security field, Google is considering tighter security of its web applications.
 

URL shortening site hacked to redirect millions of links

Chuck Miller June 16, 2009

The Cligs URL shortening site was hacked during the weekend to cause 2.2 million links to redirect to the same site.
 

Researcher plans to unveil a month of Twitter bugs in July

Dan Kaplan June 16, 2009

A security researcher plans to raise awareness about how third-party developer sites can be exploited to abuse social networking sites, namely Twitter.
 

Apple releases Java fixes

Dan Kaplan June 16, 2009

Apple on Monday shipped fixes for multiple vulnerabilities in Java for Mac OS X 10.4 and 10.5. Included was a patch for a gaping hole for which security researcher Landon Fuller recently published a proof-of-concept. Fuller was trying to push Apple to release the updates after Sun, the maker of Java, already plugged the holes months ago. The most serious of the vulnerabilities patched Monday could enable an attacker to infect users who simply visit a website hosting a malicious Java applet. — DK
 

Three charged with hijacking corporate phone systems

Dan Kaplan June 15, 2009

Three Filipino residents have been charged with hacking into the telephone systems of U.S. companies, enabling callers to run up some $55 million in charges.
 

Mozilla releases security fixes for Firefox

Chuck Miller June 12, 2009

The Firefox web browser has been patched for security flaws, four of which were identified as "critical" by Mozilla.
 

Google updates Chrome security; withdraws crashing development browser

Chuck Miller June 11, 2009

Google Chrome was updated Wednesday to fix security issues in the WebKit web browser engine. Meanwhile, Google withdrew updates for a development Chrome version soon after release.
 

Microsoft serves up 10 patches, including IIS and IE fixes

Dan Kaplan June 09, 2009

Microsoft on Tuesday pushed out 10 patches to correct an array of issues, many of which could result in malicious code to be executed.
 

New Safari 4.0 fixes more than 50 vulnerabilities

Angela Moscaritolo June 09, 2009

Apple on Monday released web browser Safari 4.0, which contains fixes for more than 50 vulnerabilities.
 

Chrome for Mac, Linux is out, but Google warns of its dangers

June 05, 2009

Google has released versions of its Chrome browser for the Mac OS X and Linux but is warning users not to download either of them.
 

Adobe fixes come Tuesday

Dan Kaplan June 05, 2009

Adobe's first-ever quarterly patch update is planned for Tuesday. The company announced Thursday that it expects to issue patches then for its Reader and Acrobat versions 7, 8 and 9. The move to scheduled updates comes in response to criticism Adobe received earlier this year when it took several months to fix a major zero-day PDF vulnerability in its software. Tuesday's release — and each one after — will coincide with Microsoft's monthly security update. — DK
 

Google rates Gumblar distribution URL as top malware site

Angela Moscaritolo June 04, 2009

The URL hosting the Gumblar attack, which has compromised thousands of legitimate websites with code that silently redirects users to a single Chinese domain, heads its list of Top 10 malware sites, according to Google.
 

Apple patches QuickTime for 10 security holes

Dan Kaplan June 01, 2009

Apple on Monday released an updated version of its popular QuickTime software.
 

Hackers hit U.S. Army websites

Chuck Miller June 01, 2009

A group of computer hackers based in Turkey breached the sites of two U.S. Army facilities, leveraging SQL injection attacks.
 

"Beladen" website compromises cropping up

Angela Moscaritolo June 01, 2009

A mass injection attack similar but unrelated to Gumblar has infected more than 40,000 websites, according to new research from Websense.
 

BlackBerry patches PDF flaws

Angela Moscaritolo May 27, 2009

Research In Motion on Tuesday issued a security software update to address multiple vulnerabilities that exist in the PDF Distiller of the BlackBerry Attachment Service component in BlackBerry Enterprise Server. Because of these vulnerabilities, an attacker could create a malicious PDF file, which when opened on a BlackBerry smartphone, could corrupt memory or execute arbitrary code on the computer that hosts the BlackBerry Attachment Service, RIM said in its advisory. — AM
 

Office of U.S. Marshals infected by Neeris virus

Angela Moscaritolo May 22, 2009

The office of U.S. Marshals was infected with a computer virus on Thursday that was able to infiltrate their computer network because the federal law enforcement agency was running an out-of-date anti-malware solution.
 

Conficker attempting to infect 50,000 per day

Angela Moscaritolo May 21, 2009

Publicity around the Conficker worm has been relatively quiet for the past month, but security researchers say it hasn't gone dormant.
 

Adobe to issue scheduled patches, invest more in code review

Dan Kaplan May 20, 2009

Adobe, responding to widespread industry criticism that it was not effectively reacting to issues, unveiled on Wednesday a new approach to securing code and patching flaws.
 

Netbook comes with factory-sealed malware

Chuck Miller May 20, 2009

In a rare occurrence, a brand-new factory-sealed netbook has been found to contain malware, according to researchers at Kaspersky Lab.
 

Latest News

« Previous
Next »
Popular Topics
Analyst Reports & Industry Surveys Anti Spam Anti Spyware Anti Virus Apple Threats Application Security Breaches & Exposures Browser Flaws Browsers And Security CAN-SPAM Act Data Loss Prevention Endpoint Protection Facebook Government Industry Surveys Lawbreakers & Cybercrime Malware Mobile Endpoint Security Privacy Privacy Regulation Social Networks Spam Spam Techniques Trojans Vulnerabilities & Flaws