30
Stories about: Security Update |
|
|
More: next 50 >>
Nginx 1.4.1 and 1.5.0 have been released to address a security hole that could have been exploited by an attacker to execute arbitrary code. Nginx 1.3.9 – 1.4.0 are impacted. “A stack-based buffer overflow might occur in a worker process while handling a specially crafted request, potentially resulting ... |
8 May 2013
04:07 GMT |
 |
|
Security researcher Prakhar Prasad of Security Pulse has identified a couple of vulnerabilities in Google services. Both have been addressed by Google, so the expert published proof-of-concept videos for each of them. The first security hole was a cross-site reference forgery (CSRF) that affected Google Translate. ... |
6 May 2013
15:01 GMT |
|
|
Invision Power Services has released critical security updates for IP.Board 3.2.x, 3.3.x, and 3.4.x after being notified of a vulnerability that could allow an unauthorized party to gain access to administrator accounts. The details of the issue have not been disclosed to give the community time to apply the ... |
6 May 2013
09:51 GMT |
|
|
A few days ago, researchers from security firm McAfee reported uncovering a PDF usage tracking issue in Adobe Reader. The flaw can be leveraged by an attacker to track when and where PDF documents are opened.
Adobe says it’s aware of the issue, which it catalogues as being of “low severity.”
&ldq... |
3 May 2013
05:51 GMT |
|
|
Experts have often demonstrated that OAuth vulnerabilities can be exploited to cause some serious damage. The latest example comes from Nir Goldshlager, security researcher and founder of Break Security. The expert has identified two methods in which Instagram accounts can be hijacked by leveraging OAuth flaws. By e... |
3 May 2013
04:15 GMT |
|
|
The Cake Software Foundation has recently released versions 1.2.12, 1.3.16, 2.2.8 and 2.3.4 of CakePHP. Customers who use the web application framework’s PaginatorComponent without whitelisted sort fields are advised to update as soon as possible because cybercriminals can exploit a vulnerability to launch SQL ... |
3 May 2013
03:39 GMT |
|
|
A few days ago, the developers of the Umbraco content management system (CMS) platform advised users to take immediate action to prevent the exploitation of a serious vulnerability in the integration web services.
On Wednesday, Umbraco sent out another alert, notifying users of two additional major vulnerabilities.
... |
1 May 2013
05:57 GMT |
|
|
At the beginning of 2013, security researchers from Vulnerability Lab identified a critical authentication bypass flaw in BillSafe, the German provider of payment upon invoice owned by eBay. The vulnerability was reported to PayPal, which addressed it earlier this month. The vulnerability could have been leveraged by... |
1 May 2013
02:36 GMT |
|
|
Experts from Core Security have identified several vulnerabilities in D-Link IP cameras that can be exploited by cybercriminals for various purposes.
The list of vulnerabilities includes OS command injection, authentication flaws, information leakage, and the use of hard-coded credentials.
These security holes can ... |
30 April 2013
07:28 GMT |
|
|
Security solutions provider F-Secure warns that 87% of the corporate computers they’ve gathered data from lack critical software updates. This represents a serious threat to business security, especially now, when large organizations are often targeted by cyberattacks.
“From the numbers, it appears many ... |
18 April 2013
18:11 GMT |
|
|
Security researchers from Independent Security Evaluators (ISE) have analyzed 13 small office / home office (SOHO) routers and wireless access points to see just how vulnerable they are to cyberattacks.
They’ve found that all of the 13 devices can be compromised by a local attacker. Even more worrying is the f... |
18 April 2013
09:18 GMT |
|
|
Security researcher Nir Goldshlager, the CEO and founder of penetration testing company Break Security, has identified several persistent cross-site scripting (XSS) vulnerabilities in Facebook. The vulnerabilities have been confirmed and fixed by the social media company. The security issues plagued services such as... |
18 April 2013
03:49 GMT |
|
|
Thousands of computers running Malwarebytes were rendered inoperable on Monday after the company released a faulty definitions update. The update in question was pulled within 8 minutes after being released, but 8 minutes was more than enough to cause some damage.
“I want to offer my sincere apology to our mil... |
18 April 2013
02:38 GMT |
|
|
Independent security researcher Abdelmorite Eljoaydi, aka Jigsaw, has reported several web vulnerabilities to Oracle over the past weeks. The company has addressed some of them with the recently released April 2013 Critical Patch Update, but some of them still remain unfixed. The expert has told Softpedia that he ha... |
17 April 2013
10:11 GMT |
|
|
A total of 128 vulnerabilities have been addressed by Oracle with the release of the company’s April 2013 Critical Patch Update (CPU).
The list of affected products includes Oracle Database, Fusion Middleware, E-Business Suite, Supply Chain, PeopleSoft, Siebel, Health Sciences, Retail, Oracle FLEXCUBE, Primav... |
17 April 2013
03:32 GMT |
|
|
Oracle is set to release its April 2013 Critical Patch Update for Java SE. According to the company, the new CPU will address a total of 42 security holes.
Of the 42 issues, 39 can be remotely exploitable without the need for a username and a password.
The CPU affects Java 7 Update 17 and earlier, Java 6 Update 43 ... |
16 April 2013
05:25 GMT |
|
|
The stable channel of Google’s Chrome OS has been updated to 26.0.1410.57 for all devices. The latest variant addresses a total of four security issues, three of which have been catalogued as high-severity flaws.
Two of the high-severity vulnerabilities – a use-after free in the O3D plugin, and an origin... |
16 April 2013
03:56 GMT |
|
|
Security expert Mirza Burhan Baig, of BlackBitz.net, has identified a DOM-based cross-site scripting (XSS) vulnerability on the official Skype website.
According to the expert, he reported the security hole to Microsoft in late December 2012. The company informed the researcher that the flaw had been fixed som... |
6 April 2013
14:11 GMT |
|
|
Security solutions provider Sophos has addressed several vulnerabilities identified by SEC Consult Vulnerability Lab experts in Sophos Web Appliance. The updated version, 3.7.8.2, was made available to all customers on April 1. According to the advisory published by SEC Consult, the company has identified three vuln... |
5 April 2013
14:21 GMT |
|
|
cPanel has released security updates for all supported versions of cPanel & WHM to address a vulnerability that impacts the Roundcube webmail application.
The security hole could have been exploited by a local unauthenticated user to gain access to sensitive information from other accounts on the system.
The... |
5 April 2013
09:03 GMT |
|
|
The PostgreSQL Global Development Group has released PostgreSQL 9.2.4, 9.1.9, 9.0.13 and 8.4.17 to address a total of 5 security vulnerabilities. In addition, the latest updates contain fixes for several minor issues discovered over the past couple of months. The most important security hole, CVE-2013-1899, can be e... |
4 April 2013
10:41 GMT |
|
|
Mozilla has released the stable build for Firefox 20 and besides some interesting new features, the latest version of the popular web browser also comes with some important security fixes.
Of the total of 11 vulnerabilities addressed in Firefox 20, three have been catalogued as being critical. These are miscellaneou... |
4 April 2013
04:11 GMT |
|
|
Canonical published details about poppler vulnerabilities in a security notice for its Ubuntu 12.10, Ubuntu 12.04 LTS, Ubuntu 11.10, Ubuntu 10.04 LTS, and Ubuntu 8.04 LTS operating systems.
According to Canonical, applications using poppler could be made to crash or possibly run programs as your login if they opened... |
2 April 2013
16:31 GMT |
|
|
Security researchers from Internet Security Auditors, a firm based in Spain, have identified several web vulnerabilities in LinkedIn. Since LinkedIn has patched the issues, the experts have decided to make their findings public.
The first vulnerability, a Cross-site request forgery (CSRF), was identified in January ... |
27 March 2013
17:41 GMT |
|
|
Pakistani security researcher Rafay Baloch has identified several security holes on various websites operated by Nokia. The company has addressed the vulnerabilities and has rewarded the expert’s work with a Nokia Lumia 820 smartphone.
The security holes identified by the researcher include an iFrame injection... |
27 March 2013
08:19 GMT |
|
|
Chrome 26 is officially out and, as always, the latest stable channel update comes with a number of improvements in the security section. However, on this occasion, only 2 high-severity vulnerabilities have been addressed. One of the high-severity flaws has been uncovered by Atte Kettunen of OUSPG. The expert has be... |
27 March 2013
04:19 GMT |
|
|
On Friday, we learned that Apple rolled out two-step authentication to allow users to better protect their accounts. Shortly after, reports started coming in about a serious vulnerability that could be exploited to reset passwords.
According to The Verge, the accounts of users could have been hijacked by anyone poss... |
23 March 2013
07:20 GMT |
|
|
The US Department of Homeland Security (DHS) Industrial Control System Cyber Emergency Response Team (ICS-CERT) has published an advisory to warn organizations of several vulnerabilities that affect all versions of Siemens WinCC TIA (Totally Integrated Automation) Portal V11.
The security holes – uncover... |
22 March 2013
11:03 GMT |
|
|
Security expert Rafay Baloch has identified a DOM-based cross-site scripting vulnerability on the official Canadian website of Microsoft Dynamics. Since Microsoft has addressed the issue, the researcher has published its details on his blog. “The vulnerability occurs due to lack of filtering being done inside ... |
21 March 2013
03:11 GMT |
|
|
Jethro Beekman and Christopher Thompson, students from the Electrical Engineering and Computer Sciences department of the University of California at Berkley, have identified a vulnerability in T-Mobile’s “Wi-Fi Calling” feature that could be exploited to launch man-in-the-middle (MITM) attacks.
Wi... |
20 March 2013
08:59 GMT |
|
|
Ruby on Rails 3.2.13, 3.1.12 and 2.3.18 have been released and, according to the developer, they contain some important security fixes. The security holes patched in these releases are a symbol denial-of-service (DOS) vulnerability in Active Record, a cross-site scripting (XSS) vulnerability in “sanitize_css&r... |
20 March 2013
04:41 GMT |
|
|
Portuguese security researcher David Sopas has identified a DOM-based cross-site scripting vulnerability on Alexa.com, the world-renowned commercial web traffic data provider. The issue was reported to the company back in December 2012.
According to the expert, the security hole could have been exploited by cy... |
19 March 2013
17:51 GMT |
|
|
The US General Services Administration (GSA) reports that a serious security hole has been identified in the System of Award Management (SAM) database. The vulnerability could have been exploited to gain access to the registration information of certain users.
The security hole, which exposed personal and financial ... |
18 March 2013
10:15 GMT |
|
|
Apple has released Security Update 2013-001. The latest update addresses a total of 21 vulnerabilities and an issue related to the intermediate CA certificates mistakenly released by TURKTRUST.
The vulnerabilities patched by the company impact Mac OS X 10.6.8, OS X Lion 10.7 to 10.7.5, OS X Mountain Lion 10.8 t... |
15 March 2013
06:23 GMT |
|
|
Alongside OS X 10.8.3, Apple this week rolled out Security Update 2013-001, the first official security release for 2013 from the Cupertino-based computer giant.
Apple has posted a typical security advisory in which it describes various vulnerabilities that have been patched for Mac OS X 10.6.8, Mac OS X Server 10.6... |
15 March 2013
05:07 GMT |
|
|
Secunia has released its 2013 Vulnerability Review report, which provides a clear picture on the evolution of software security from endpoint, enterprise, industry and global perspectives.
The figures show that when it comes to software vulnerabilities, a total of 9,776 were discovered in 2012, which represents a re... |
14 March 2013
19:01 GMT |
|
|
Security researcher Nir Goldshlager has identified yet another Facebook OAuth vulnerability that can be exploited to hack any account.
In the attack method he presented back in February, the expert used the app_id of the Facebook Messenger to gain full access to accounts.
The social media company has addressed the... |
13 March 2013
11:49 GMT |
|
|
Security researcher Prakhar Prasad has identified a file upload vulnerability on a subdomain of PayPal’s BillMeLater.com that could have been exploited by an attacker to upload certain files on the servers used by the service.
The issue was caused by an outdated variant of the DotNetNuke CMS, which allowed the... |
13 March 2013
05:45 GMT |
|
|
The Carnegie Mellon University's Computer Emergency Response Team (CERT) has issued an advisory to warn users and companies about a telnet debug shell vulnerability in HP LaserJet Pro printers that could be exploited by cybercriminals to gain unauthorized access to data. The security hole, identified by Christo... |
12 March 2013
09:11 GMT |
|
|
At the beginning of 2013, Rapid 7 researcher Juan Vazquez identified a serious vulnerability in Honeywell Enterprise Buildings Integrator (EBI) R310 – R410.2, and industrial control platform used for security, access control, lighting, air conditioning, heating, ventilation and more. After identifying the flaw... |
12 March 2013
07:59 GMT |
|
|
The Joomla Project has released Joomla 3.0.3. It’s considered a security release, but a couple of new features have also been added.
A total of three low-priority information disclosure vulnerabilities have been addressed. The flaws were caused by a search term encoding method, coding errors, and an undefined ... |
7 March 2013
07:21 GMT |
|
|
In a post published on Full Disclosure, security expert Marc Heuse has revealed the existence of a vulnerability in Kaspersky Internet Security 2013 that could be exploited to remotely freeze a computer.
“If IPv6 connectivity to a victim is possible (which is always the case on local networks), a fragment... |
7 March 2013
07:05 GMT |
|
|
A few days ago, security researcher Roberto Paleari revealed the existence of a vulnerability in the web interface of D-Link DIR-645 routers that could be leveraged to remotely access sensitive information about the device’s configuration, and even administrator passwords.
Paleari explained that D-Link address... |
6 March 2013
08:46 GMT |
|
|
Oracle has released an out-of-band patch to address a couple of Java vulnerabilities, including CVE-2013-1493, which is currently being exploited in the wild to push the McRat malware onto computers. Users are advised to update as soon as possible. The security hole was reported by FireEye experts on February 1, th... |
5 March 2013
03:37 GMT |
|
|
Google has updated the stable channel of Chrome to 25.0.1364.152. The latest release addresses ten vulnerabilities, including 6 high-severity issues.
Two of the high-severity security holes – a use-after-free with SVG animations, and a memory corruption in Web Audio – have been identified by Atte Kettune... |
5 March 2013
03:29 GMT |
|
|
Independent security researcher Mirza Burhan Baig of blackbitz.net has identified a DOM-based cross-site scripting (XSS) vulnerability on the “Find Locations” subdomain of Apple’s official website (locate.apple.com). Apple has addressed the issue and officially credited the expert for his fin... |
4 March 2013
15:41 GMT |
|
|
The Apache Software Foundation and the Apache HTTP Server Project have announced the availability of Apache HTTP Server 2.4.4. The update addresses several bugs, but also some cross-site scripting (XSS) vulnerabilities. The first set of issues refers to various XSS vulnerabilities (CVE-2012-3499) caused by “un... |
27 February 2013
07:12 GMT |
|
|
Adobe recently released the third Flash Player security patch of the month, so Microsoft had to roll out its own Internet Explorer 10 update to address the found vulnerabilities.
The new update is only aimed at Internet Explorer 10 on Windows 8, Windows Server 2012 and Windows RT and is designed to patch a flaw that... |
27 February 2013
01:19 GMT |
|
|
Researchers from Duo Security have identified a way to circumvent Google’s two-factor authentication system and reset a user’s master password by abusing the victim’s application-specific password (ASP).
Google requires users to create ASPs for applications that don’t support two-step verific... |
26 February 2013
10:59 GMT |
|
|
The Debian project announced the immediate availability for download of the seventh maintenance release of the Debian 6 Linux operating system.
Debian 6.0.7 is just a maintenance update with very few changes, asides from the updates implemented to plug various security problems.
Highlights of Debian 6.0.7:
•... |
25 February 2013
02:36 GMT |
|
More: next 50 >> |
|
Find us on Google+
