30
Stories about: vulnerability |
|
|
More: next 50 >>
Canonical published in a security notice details about an OpenStack Nova vulnerability for its Ubuntu 13.04, Ubuntu 12.10, and Ubuntu 12.04 LTS operating systems.According to Canonical, Nova could be made to crash the system, if instances used a specially crafted image.It was discovered that Nova did not verify the s... |
18 May 2013
16:32 GMT |
 |
|
A vulnerability that has been discovered in the Linux kernel affecting the Ubuntu 13.04 (Raring Ringtail) operating system, has been announced by Canonical. According to Canonical, the system could have been made to run programs as an administrator. A flaw has been discovered in the Linux kernel's perf_events ... |
16 May 2013
14:01 GMT |
|
|
Deutsche Telekom has launched an interesting tool called Developer Garden Code Analyzer. The tool allows developers to quickly and accurately identify vulnerabilities in apps and websites, regardless of the programming language used to create them.
“Data security plays an ever increasing role and is now one of... |
14 May 2013
09:20 GMT |
|
|
Experts continue to investigate the recent US Department of Labor (DOL) watering hole attack that involved at least nine websites. Security researcher Eric Romang has found that the cybercriminals behind the campaign have also targeted employees of the US Agency for International Development (USAID).
One of the nine... |
14 May 2013
07:06 GMT |
|
|
On May 10, in a security notice Canonical published details about a telepathy-idle vulnerability for its Ubuntu 13.04, Ubuntu 12.10, and Ubuntu 12.04 LTS operating systems.According to Canonical, telepathy-idle could have been made to expose sensitive information over the network.It was discovered that telepathy-idl... |
11 May 2013
09:53 GMT |
|
|
On May 8, in a security notice Canonical published details about a GPSd vulnerability for its Ubuntu 12.04 (Precise Pangolin) operating system.
According to Canonical, GPSd could have been made to crash or possibly run programs if it received specially crafted input.
GPSd was discovered to have incorrectly handled ... |
10 May 2013
15:11 GMT |
|
|
The Better Business Bureau (BBB) and the Federal Bureau of Investigation (FBI) are warning users about the recently uncovered Internet Explorer 8 vulnerability. Microsoft has released a “Fix It” to patch the critical security hole.
“A vulnerability has been discovered in Microsoft's web browse... |
10 May 2013
10:02 GMT |
|
|
A security advisory released by Adobe on Wednesday reveals that a critical vulnerability has been identified in ColdFusion. The flaw can be exploited by an unauthorized user to remotely retrieve files stored on a server. ColdFusion 10, 9.0.2, 9.0.1 and 9.0 and earlier versions for Windows, Macintosh and Linux are im... |
9 May 2013
07:54 GMT |
|
|
On May 7, in a security notice Canonical published details about a libxml2 vulnerability for its Ubuntu 13.04 (Raring Ringtail) operating system.
According to Canonical, libxml2 could be made to crash or run programs, if it opened a specially crafted file.
It was discovered that the libxml2 library incorrectly hand... |
8 May 2013
14:11 GMT |
|
|
Experts from Microsoft’s Malware Protection Center have found that the developers of the Cool exploit kit have integrated a new exploit into their creation.
The exploit kit is known for its abilities to push malware via Java, Adobe Reader, Flash Player, and Windows kernel-mode vulnerabilities. However, r... |
8 May 2013
11:31 GMT |
|
|
Nginx 1.4.1 and 1.5.0 have been released to address a security hole that could have been exploited by an attacker to execute arbitrary code. Nginx 1.3.9 – 1.4.0 are impacted. “A stack-based buffer overflow might occur in a worker process while handling a specially crafted request, potentially resulting ... |
8 May 2013
04:07 GMT |
|
|
Security researcher Prakhar Prasad of Security Pulse has identified a couple of vulnerabilities in Google services. Both have been addressed by Google, so the expert published proof-of-concept videos for each of them. The first security hole was a cross-site reference forgery (CSRF) that affected Google Translate. ... |
6 May 2013
15:01 GMT |
|
|
Cylance security researchers Terry McCorkle and Billy Rios, who specialize in identifying vulnerabilities in industrial control systems (ICS), have discovered that the building management system from Google Australia’s Wharf 7 headquarters could have been compromised by hackers.
The building control system is ... |
6 May 2013
10:45 GMT |
|
|
Invision Power Services has released critical security updates for IP.Board 3.2.x, 3.3.x, and 3.4.x after being notified of a vulnerability that could allow an unauthorized party to gain access to administrator accounts. The details of the issue have not been disclosed to give the community time to apply the ... |
6 May 2013
09:51 GMT |
|
|
Researchers from Security Explorations have identified a total of nine ways to completely bypass the IBM Java sandbox. Of these nine exploits, five are new ones and four are old issues that haven’t been properly addressed. According to Adam Gowdiak, the founder and CEO of the Polish security firm, the five new... |
6 May 2013
08:54 GMT |
|
|
A few days ago, researchers from security firm McAfee reported uncovering a PDF usage tracking issue in Adobe Reader. The flaw can be leveraged by an attacker to track when and where PDF documents are opened.
Adobe says it’s aware of the issue, which it catalogues as being of “low severity.”
&ldq... |
3 May 2013
05:51 GMT |
|
|
Experts have often demonstrated that OAuth vulnerabilities can be exploited to cause some serious damage. The latest example comes from Nir Goldshlager, security researcher and founder of Break Security. The expert has identified two methods in which Instagram accounts can be hijacked by leveraging OAuth flaws. By e... |
3 May 2013
04:15 GMT |
|
|
The Cake Software Foundation has recently released versions 1.2.12, 1.3.16, 2.2.8 and 2.3.4 of CakePHP. Customers who use the web application framework’s PaginatorComponent without whitelisted sort fields are advised to update as soon as possible because cybercriminals can exploit a vulnerability to launch SQL ... |
3 May 2013
03:39 GMT |
|
|
WhiteHat Security has published its 2013 Website Security Statistics Report. The study is based on vulnerability data collected from tens of thousands of websites belonging to over 650 organizations.
It turns out that, last year, the average number of security holes plaguing a website decreased to 56. In the previou... |
2 May 2013
10:09 GMT |
|
|
Researchers from n.runs have identified an arbitrary code execution vulnerability in IBM’s Notes (formerly Lotus Notes), the popular desktop client for social business. The 8.0.x, 8.5.x, 9.0 versions of the application are impacted.
According to experts, because the Notes mail client accepts Java applet and Ja... |
2 May 2013
09:00 GMT |
|
|
A few days ago, the developers of the Umbraco content management system (CMS) platform advised users to take immediate action to prevent the exploitation of a serious vulnerability in the integration web services.
On Wednesday, Umbraco sent out another alert, notifying users of two additional major vulnerabilities.
... |
1 May 2013
05:57 GMT |
|
|
At the beginning of 2013, security researchers from Vulnerability Lab identified a critical authentication bypass flaw in BillSafe, the German provider of payment upon invoice owned by eBay. The vulnerability was reported to PayPal, which addressed it earlier this month. The vulnerability could have been leveraged by... |
1 May 2013
02:36 GMT |
|
|
A new whitepaper published by software development company TransNexus reveals that a vulnerability in a widely utilized Analog Telephone Adapted (ATA) allows hackers to steal Session Initiation Protocol (SIP) credentials. Hundreds of thousands of SIP subscribers are believed to be affected.
Experts say that the stol... |
30 April 2013
10:48 GMT |
|
|
Experts from Core Security have identified several vulnerabilities in D-Link IP cameras that can be exploited by cybercriminals for various purposes.
The list of vulnerabilities includes OS command injection, authentication flaws, information leakage, and the use of hard-coded credentials.
These security holes can ... |
30 April 2013
07:28 GMT |
|
|
Coles, the Australian supermarket chain, is the latest company to launch a bug bounty program in an effort to encourage security researchers to responsibly disclose the vulnerabilities they find in Coles websites or in the company’s applications. According to The Sydney Morning Herald, the retailer promises to... |
29 April 2013
17:01 GMT |
|
|
A security researcher that uses the online moniker TibitXimer claims that Skype accounts can be easily hacked by social engineering the company’s support team. He came to this conclusion after his own account had been hijacked six times in a single day. TibitXimer says that accounts can be taken over by anyon... |
29 April 2013
07:27 GMT |
|
|
Researchers from security firm McAfee have identified an interesting issue that affects all versions of Adobe Reader. While the flaw can’t be leveraged to execute code, it can be successfully utilized to track when and where specially-crafted PDF documents are opened. “When a specific PDF JavaScript API ... |
29 April 2013
05:20 GMT |
|
|
The developers of Umbraco, the open-source content management system (CMS) platform, are notifying customers about a vulnerability in the integration web services of Umbraco. All Umbraco versions are said to be affected by the security hole.
“During one of our regular security audits of the core, a severe secu... |
29 April 2013
03:47 GMT |
|
|
Security researchers from Rapid7 have identified a vulnerability in the Safari web browser that could be exploited by cybercriminals for a number of malicious tasks. However, Apple doesn’t plan on fixing the issue because the attack requires user interaction.
The flaw in question, a Universal cross-site ... |
26 April 2013
10:53 GMT |
|
|
Computer security experts of the US Navy have performed some penetration tests on the networks of USS Freedom, the Navy’s first littoral combat ship, to see just how vulnerable the warship’s systems are to cyberattacks.
According to an unnamed Navy official cited by Reuters, some vulnerabilities have bee... |
24 April 2013
05:55 GMT |
|
|
Experts from security firm Bkav have identified a vulnerability in Viber – the popular application that allows users to make calls, send text messages and photos for free. The security hole could be exploited to bypass the lock screen on Android smartphones and gain full access to the device. According to the ... |
23 April 2013
09:26 GMT |
|
|
Less than a week has passed since Oracle released its April 2013 Critical Patch Update for Java and researchers have already identified a vulnerability affecting the latest version of the software. Polish firm Security Explorations has discovered a Reflection API issue – dubbed “Issue 61” – t... |
22 April 2013
03:45 GMT |
|
|
IT security solutions provider Secunia has released Country Reports for Germany, the UK, the US, Denmark, Finland, Norway and Sweden. The studies contain some interesting data on how much vulnerable software is installed on PCs in each country.
For instance, in the US, 15.3% of users had an unpatched operating syste... |
18 April 2013
16:11 GMT |
|
|
Security researchers from Independent Security Evaluators (ISE) have analyzed 13 small office / home office (SOHO) routers and wireless access points to see just how vulnerable they are to cyberattacks.
They’ve found that all of the 13 devices can be compromised by a local attacker. Even more worrying is the f... |
18 April 2013
09:18 GMT |
|
|
Microsoft confirmed earlier this month that it would stick to the April 8, 2014 retirement date for Windows XP, but it appears that only a few users got the message. What’s worse, approximately 15 percent of midsize and large enterprises will still run Windows XP beyond this date, research firm Gartner warns, ... |
18 April 2013
03:54 GMT |
|
|
Security researcher Nir Goldshlager, the CEO and founder of penetration testing company Break Security, has identified several persistent cross-site scripting (XSS) vulnerabilities in Facebook. The vulnerabilities have been confirmed and fixed by the social media company. The security issues plagued services such as... |
18 April 2013
03:49 GMT |
|
|
On April 17, Canonical published details, in a security notice, about an X.Org X server vulnerability for its Ubuntu 12.10, Ubuntu 12.04 LTS, Ubuntu 11.10, and Ubuntu 10.04 LTS operating systems.
According to Canonical, the X server could be made to reveal keystrokes of other users.
It was discovered that the X.Org... |
17 April 2013
19:41 GMT |
|
|
Independent security researcher Abdelmorite Eljoaydi, aka Jigsaw, has reported several web vulnerabilities to Oracle over the past weeks. The company has addressed some of them with the recently released April 2013 Critical Patch Update, but some of them still remain unfixed. The expert has told Softpedia that he ha... |
17 April 2013
10:11 GMT |
|
|
On May 15, in a security notice Canonical published details about a curl vulnerability for its Ubuntu 12.10, Ubuntu 12.04 LTS, Ubuntu 11.10, Ubuntu 10.04 LTS, and Ubuntu 8.04 LTS operating systems.
According to Canonical, applications using libcurl could be made to expose sensitive information over the network.
It ... |
16 April 2013
15:31 GMT |
|
|
Oracle is set to release its April 2013 Critical Patch Update for Java SE. According to the company, the new CPU will address a total of 42 security holes.
Of the 42 issues, 39 can be remotely exploitable without the need for a username and a password.
The CPU affects Java 7 Update 17 and earlier, Java 6 Update 43 ... |
16 April 2013
05:25 GMT |
|
|
The stable channel of Google’s Chrome OS has been updated to 26.0.1410.57 for all devices. The latest variant addresses a total of four security issues, three of which have been catalogued as high-severity flaws.
Two of the high-severity vulnerabilities – a use-after free in the O3D plugin, and an origin... |
16 April 2013
03:56 GMT |
|
|
Many of the presentations held here at this edition of the Hack in the Box conference in Amsterdam show that we live in a world where almost anything can be hacked. Spanish security researcher Hugo Teso, of n.runs AG in Germany, has shown that aircraft are no exception.
The expert highlighted that when the software ... |
11 April 2013
07:43 GMT |
|
|
On April 10, Canonical published in a security notice details about an NVIDIA graphics drivers vulnerability for its Ubuntu 12.10 and Ubuntu 12.04 LTS operating systems.
According to Canonical, NVIDIA graphics drivers could be made to run programs as an administrator.
It was discovered that the NVIDIA graphics driv... |
10 April 2013
10:25 GMT |
|
|
Security expert Mirza Burhan Baig, of BlackBitz.net, has identified a DOM-based cross-site scripting (XSS) vulnerability on the official Skype website.
According to the expert, he reported the security hole to Microsoft in late December 2012. The company informed the researcher that the flaw had been fixed som... |
6 April 2013
14:11 GMT |
|
|
GitHub has announced that it’s moving GitHub Pages to a new domain, github.io, in an effort to prevent phishing and cross-site reference forgery (CSRF) attacks.
“This is a security measure aimed at removing potential vectors for cross domain attacks targeting the main github.com session as well as vector... |
6 April 2013
04:18 GMT |
|
|
Microsoft has announced the release of nine different bulletins on Patch Tuesday, two of which are designed to fix two critical vulnerabilities found in its software.
The fixes supposed to be deployed by Windows 8 users concern Internet Explorer, as Microsoft’s in-house browser is affected by a security flaw t... |
5 April 2013
19:41 GMT |
|
|
Security solutions provider Sophos has addressed several vulnerabilities identified by SEC Consult Vulnerability Lab experts in Sophos Web Appliance. The updated version, 3.7.8.2, was made available to all customers on April 1. According to the advisory published by SEC Consult, the company has identified three vuln... |
5 April 2013
14:21 GMT |
|
|
cPanel has released security updates for all supported versions of cPanel & WHM to address a vulnerability that impacts the Roundcube webmail application.
The security hole could have been exploited by a local unauthenticated user to gain access to sensitive information from other accounts on the system.
The... |
5 April 2013
09:03 GMT |
|
|
Security vulnerabilities that have been discovered in the Linux kernel packages, this time affecting the Ubuntu 10.04 LTS (Lucid Lynx) operating system, have been announced by Canonical.
According to Canonical, several security issues have been fixed in the kernel.
For example, it has been discovered that in the Li... |
4 April 2013
15:21 GMT |
|
|
The PostgreSQL Global Development Group has released PostgreSQL 9.2.4, 9.1.9, 9.0.13 and 8.4.17 to address a total of 5 security vulnerabilities. In addition, the latest updates contain fixes for several minor issues discovered over the past couple of months. The most important security hole, CVE-2013-1899, can be e... |
4 April 2013
10:41 GMT |
|
More: next 50 >> |
|
Find us on Google+
