Researchers disclose four unpatched vulnerabilities in Internet Explorer
Security researchers published limited details about four unpatched vulnerabilities in Internet Explorer because Microsoft has not moved quickly enough to fix them.
Security researchers published limited details about four unpatched vulnerabilities in Internet Explorer because Microsoft has not moved quickly enough to fix them.
Researchers sifting through 400GB of data recently leaked from Hacking Team, an Italian company that sells computer surveillance software to government agencies from around the world, have already found an exploit for an unpatched vulnerability in Flash Player.
Despite a big push over the past few years to use encryption to combat security breaches, lack of expertise among developers and overly complex libraries have led to widespread implementation failures in business applications.
Several antivirus products from security firm ESET had a critical vulnerability that was easy to exploit and could lead to a full system compromise.
A critical vulnerability in code used by several virtualization platforms can put business information stored in data centers at risk of compromise.
More than 95 percent of SAP systems deployed in enterprises are exposed to vulnerabilities that could lead to a full compromise of business data, a security firm claims.
Aggressive adware applications that break the trust between HTTPS (HTTP Secure) websites and users have been at the center of controversy lately. But over the past week, HTTPS interception flaws of varying severity were also found in security programs, with products from antivirus vendor Bitdefender being the latest example.
In today's world of agile software development and fast release cycles, developers increasingly rely on third-party libraries and components to get the job done. Since many of those libraries come from long-running, open-source projects, developers often assume they're getting well-written, bug-free code. They're wrong.
One of the first things a malware analyst does when encountering a suspicious executable file is to extract the text strings found inside it, because they can provide immediate clues about its purpose. This operation has long been considered safe, but it can actually lead to a system compromise, a security researcher found.
Based on data gathered over the first six months of 2014, security researchers from IBM X-Force predict that the number of publicly reported vulnerabilities will drop to under 8,000 this year, a first since 2011.
Apple exposed iOS users to security threats by taking three weeks longer to patch the same vulnerabilities in the mobile OS that it previously fixed in Safari on OS X, a former Apple security engineer said.
Website operators should assess their whole Web infrastructure when patching the critical Heartbleed flaw in OpenSSL, otherwise they risk leaving important components open to remote attacks, despite fixing the problem on their publicly facing servers.
The U.S. National Security Agency has reportedly been working for the past several years on expanding its ability to infect computers with surveillance malware and creating a command-and-control infrastructure capable of managing millions of compromised systems at a time.
2013 was the year we learned we must encrypt our data if we don't want the likes of the U.S. National Security Agency or the U.K. Government Communications Headquarters reading it as it crosses the Internet.
A critical buffer overflow vulnerability patched this week in the widely used open-source cURL library (libcurl) has the potential to expose a large number of applications and systems to remote code execution attacks.