Zimperium, the mobile security company that discovered the Stagefright bug in the summer of 2015, announced yesterday its intention to buy fully-working exploits for former Android and iOS zero-days.
Security researcher Sebastian Krahmer has recently discovered that a previously known security flaw in the systemd project can be used for more than crashing a Linux distro but also to grant local attackers root access to the device.
AlphaBay admins announced today they've plugged a security hole that allowed an attacker to gain access to around 218,000 private user messages.
A security flaw discovered in a common PHP script allows knowledgeable attackers to execute code on a website that uses a vulnerable version of the script, which in turn can allow an attacker to take control over the underlying server.
Security firm IOActive published research yesterday detailing security flaws in the in-flight entertainment systems developed by Panasonic Avionics, used by multiple airlines such as United, Emirates, Virgin, KLM, Etihad, Scandinavian, Air France, and many other more.
Two security researchers published details this week about several security flaws that allow attackers to execute code on affected machines and take over devices. These security flaws affect Linux distros such as Fedora and Ubuntu, and two of these exploits are zero-days, meaning
The Joomla Project released version 3.6.5 of the Joomla CMS that addresses three security bugs, of which one can allow attackers to take over vulnerable sites. If this wasn't bad enough, this vulnerability, tracked as CVE-2016-9838, affects all Joomla versions released in the past five years.
A report released today on the software products with the most security flaws in the past three months reveals that almost a quarter of all entries on the monthly Top 20 list were various types of security products.
PayPal engineers have removed a "magic word" that would have allowed an attacker to obtain OAuth secret tokens for -- any -- PayPal application and access customer details.
An error in the implementation of the Cryptsetup utility used for encrypting hard drives allows an attacker to bypass the authentication procedures on some Linux systems just by pressing the Enter key for around 70 seconds. This results in the attacked system opening a shell with root privileges.
Martin Vigo, a security engineer for Salesforce.com, found a way to steal money from unsuspecting Venmo users using Siri. This flaw would have allowed an attacker to steal up to $2,999.99 dollars from a victim per weak.
Today apple released updates for iTunes, iOS, Safari, OS X El Capitan, tvOS, and watchOS. It is advised that all users of these products install the updates immediately as there were numerous critical vulnerabilities fixed.
May's Microsoft Patch Tuesday is here and there are 16 security updates for Microsoft products. Included in these updates are patches for 8 vulnerabilities labeled as critical because they allow an attacker to perform remote code execution on the vulnerable product.
Adobe has released security updates for Adobe Reader, Acrobat, and Coldfusion. With a whopping 92 vulnerabilities in Reader and Acrobat, with many of them being critical, it is essential that everyone install the latest available update. Furthermore, Adobe released an advisor about a vulnerability currently being used in Adobe Flash
Yesterday US-Cert released a security alert about two new critical vulnerabilities in in QuickTime for Windows. As Apple has announced that they are no longer supporting QuickTime and will not be fixing these vulnerabilities, it is suggested that you uninstall this program from your computer.
Adobe has released an emergency update to resolve critical vulnerabilities in their Adobe Flash Player product. The new version is 184.108.40.206 and resolves critical vulnerabilities that could allow an attacker to remotely take control of your computer.
Adobe released an updated security advisory yesterday regarding a critical vulnerability (CVE-2016-1019) that exists in Adobe Flash Player 220.127.116.11 and earlier versions. Though an emergency update may be released tomorrow, all Flash users are advised to immediately upgrade to the latest version.
A security update has been released for QuickTime that resolves numerous remote code execution and application termination vulnerabilities. QuickTime 7.7.9 has been released to fix these updates and all users are advised to install it immediately.