Security Experts:

long dotted

NEWS & INDUSTRY UPDATES

Adobe patches XXE vulnerability in ColdFusion. The flaw exists in the BlazeDS component and it can lead to information disclosure.
Endress+Hauser has patched a vulnerability affecting many of the company’s ICS products. The flaw exists in a library used by several ICS vendors.
PayPal has patched a critical flaw that allowed hackers to steal users’ personal and financial data.
Application exploiting Certifi-gate flaw to make screen recordings on Android devices removed from Google Play.
The Sundown exploit kit is the first to leverage a recently patched Internet Explorer vulnerability. Exploit spotted in watering hole attacks primarily aimed at users in Japan.
Dyre banking Trojan now uses task scheduling for persistence, and semi-random configuration file names to evade detection.
Apple has patched nine vulnerabilities in QuickTime for Windows. The flaws can be exploited for DoS attacks and arbitrary code execution.
Zero-day vulnerabilities in Dolphin and Mercury browsers for Android expose users to hacker attacks, researcher warns.
BMW has known about the vulnerability that exposes its customers to OwnStar attacks since April, but the flaw is still unfixed.
Spamhaus has accused the ccTLD registries in Germany and Austria of failing to properly deal with abuse.

FEATURES, INSIGHTS // Vulnerabilities

rss icon

Nate Kube's picture
Critical services we rely on are increasingly dependent upon cyberphysical interactivity. The scope of these critical services continues to broaden and deepen across industries, especially as the functionality and speed of devices is more widely understood.
David Holmes's picture
As new SSL vulnerabilities surface, we can use our enterprise-specific categorization to decide if it’s going to be a Godzilla day or a Hello Kitty day.
Mark Hatton's picture
Unfortunately, when it comes to security, what you’ve accomplished means very little. It’s all about where the vulnerabilities still exist.
David Holmes's picture
Is it possible to apply this maxim to global SSL patch rates? Let’s take a look at the most recent SSL vulnerability: POODLE.
David Holmes's picture
The media was so taken with the idea that Kate Upton nude photos had caused a DDoS attack that they just took the story and ran with it. But what really caused disrupted service across New Zealand’s major ISPs?
Mark Hatton's picture
Without the ability to prioritize in certain situations, you may end up waiting weeks to apply the most important patch. Think of your corporate network like your home. There are probably lots of items on your honey do list, but they can’t all be completed today.
Torsten George's picture
It appears that 2014 will be remembered in the IT industry for several severe and wide-reaching server-side vulnerabilities. So what lessons can we learn from these vulnerabilities?
Torsten George's picture
To limit the risk of having drive-by malware attacks planted on their websites, organizations should monitor the payload of their different Internet properties, which for larger organizations can easily become a huge undertaking.
Fahmida Y. Rashid's picture
Opinions vary wildly among experts as to the potential impact of the Shellshock vulnerability. What is known—and agreed upon—at this point, is that Shellshock is a very serious vulnerability because it allows remote code execution and gives the attacker full access to the system.
Jason Polancich's picture
Businesses have more data on hand than they think. They key is crafting a plan to track it and combine it with data from outside their own walls against which the internal data can be analyzed.