OpenSSL tells users to prepare for a high severity flaw
Server admins and developers beware: The OpenSSL Project plans to release security updates Thursday for its widely used cryptographic library that will fix a high severity vulnerability.
Server admins and developers beware: The OpenSSL Project plans to release security updates Thursday for its widely used cryptographic library that will fix a high severity vulnerability.
Someone call the malware antitrust commission: Recent versions of the Kovter ad fraud Trojan, which infects computers through Web-based exploits, close the door after themselves by updating Flash Player to the latest version.
Cisco Systems recently realized that its Unified Communications Domain Manager (Unified CDM) software contains a default privileged account with a static password that cannot be changed, exposing the platform to hacking by remote attackers.
Apple released patches for several exploits that could allow maliciously crafted applications to destroy apps that already exist on devices, access their data or hijack their traffic, but a large number of iOS devices are still vulnerable.
Like visiting a junk yard to find cheap parts for an aging vehicle, researchers from the Massachusetts Institute of Technology have come up with a way to fix buggy software by inserting working code from another program.
Just four days after Adobe Systems patched a vulnerability in Flash Player, the exploit was adopted by cybercriminals for use in large-scale attacks. This highlights the increasingly small time frame users have to deploy patches.
Adobe Systems released an emergency security update for Flash Player Tuesday to fix a critical vulnerability that has been exploited by a China-based cyberespionage group.
Many commercial software companies and enterprise in-house developers are churning out applications that are insecure by design due to the rapid and often uncontrolled use of open-source components.
The OpenSSL project has released several patches for moderate flaws, including an additional defense against the Logjam vulnerability revealed last month.
VMware has released security updates for several of its virtualization products in order to address critical vulnerabilities that could allow attackers to break out of virtual machines and execute rogue code on the host operating systems.
Internet Explorer, always heavily scrutinized by both security researchers and online attackers, has once again gotten the majority of patches in this month's Microsoft's Patch Tuesday round of monthly bug fixes.
Adobe Systems fixed 13 security issues in Flash Player that could lead to serious attacks, including remote code execution and information disclosure.
Network-attached storage (NAS) manufacturer Synology fixed several vulnerabilities in its devices' software, one of which could allow attackers to compromise the data stored on them.
Networking device manufacturers ZyXEL Communications and Netgear have confirmed that some of their routers are affected by a recently disclosed vulnerability in a USB device-sharing service called NetUSB.
A vulnerability in Android's default Web browser lets attackers spoof the URL shown in the address bar, allowing for more credible phishing attacks.