Fingerprint sensor in iPhone 5S is no silver bullet, researchers say
The fingerprint sensor in Apple's new iPhone 5S has the potential to enhance the security of the device, but the devil will be in the details.
View ArticlePublic release of IE exploit could spark widespread attacks
An exploit for a vulnerability that affects all versions of Internet Explorer and has yet to be patched by Microsoft has been integrated into the open-source Metasploit penetration testing tool, a move...
View ArticleOpen-source software projects need to improve vulnerability handling...
Many open-source software developers need to improve the way in which they handle vulnerability reports, according to researchers from security firm Rapid7, who recently found and reported...
View ArticleSpike in traffic with TCP source port zero has some researchers worried
A significant increase this weekend in TCP traffic with source port zero detected could be part of reconnaissance efforts in preparation for more serious attacks, according to security researchers from...
View ArticleDespite patches, Supermicro's IPMI firmware is far from secure, researchers say
The Intelligent Platform Management Interface (IPMI) implementation found in motherboards from server manufacturer Supermicro suffers from serious vulnerabilities that could allow attackers to remotely...
View ArticleProprietary firmware poses a security threat, Ubuntu founder says
Mark Shuttleworth, the founder of the popular Ubuntu Linux distribution, believes proprietary firmware and unverifiable firmware code poses a serious security threat to users and encourages hardware...
View ArticleMany servers expose insecure out-of-band management interfaces to the Internet
Many servers expose insecure management interfaces to the Internet through microcontrollers embedded into the motherboard that run independently of the main OS and provide monitoring and administration...
View ArticleHacker coalition sets out to improve critical device security, challenges car...
A collective of security researchers issued a letter Friday from the DefCon hacker conference in Las Vegas urging the automotive industry to adopt five principles for building safer computer systems in...
View ArticleVulnerabilities found in more command-line tools, wget and tnftp get patches
The critical Shellshock vulnerabilities found last month in the Bash Unix shell have motivated security researchers to search for similar flaws in old, but widely used, command-line utilities.
View ArticleOpenSSL patches eight new vulnerabilities
Server administrators are advised to upgrade OpenSSL again to fix eight new vulnerabilities, two of which can lead to denial-of-service (DoS) attacks.
View ArticleThousands of U.S. gas stations exposed to Internet attacks
Over 5,000 devices used by gas stations in the U.S. to monitor their fuel tank levels can be manipulated from the Internet by malicious attackers.
View ArticleOpenSSL fixes serious denial-of-service bug, 11 other flaws
The mystery high-severity flaw that people were expected to be fixed in OpenSSL is no Heartbleed, but it is serious and users should update.
View ArticleCritical VM escape vulnerability impacts business systems, data centers
A critical vulnerability in code used by several virtualization platforms can put business information stored in data centers at risk of compromise.
View ArticleAndroid stock browser vulnerable to URL spoofing
A vulnerability in Android's default Web browser lets attackers spoof the URL shown in the address bar, allowing for more credible phishing attacks.
View ArticleOpenSSL fixes serious flaw that could enable man-in-the-middle attacks
A flaw in the widely used OpenSSL library could allow man-in-the-middle attackers to impersonate HTTPS servers and snoop on encrypted traffic. Most browsers are not affected, but other applications and...
View Article