Web-based exploits on the decline, but users still slow to patch
The number of exploit kits on the Web dramatically decreased last year, but some have become more sophisticated and shifted their focus to software that is less frequently updated.
The number of exploit kits on the Web dramatically decreased last year, but some have become more sophisticated and shifted their focus to software that is less frequently updated.
Adobe Systems fixed nine vulnerabilities in Flash Player that allow attackers to record users' keystrokes or take complete control of their computers.
he January 2015 edition of Microsoft Patch Tuesday might be more notable for what the monthly release of security bulletins does not contain -- there are no fixes for the Microsoft Explorer browser this month.
Google released details of a second unpatched privilege escalation flaw in Windows 8.1 in less than a month, drawing criticism from Microsoft.
Server administrators are advised to upgrade OpenSSL again to fix eight new vulnerabilities, two of which can lead to denial-of-service (DoS) attacks.
In today's world of agile software development and fast release cycles, developers increasingly rely on third-party libraries and components to get the job done. Since many of those libraries come from long-running, open-source projects, developers often assume they're getting well-written, bug-free code. They're wrong.
An open-source component used to display PDF files on WikiLeaks.org and other websites contains vulnerabilities that could be exploited to launch cross-site scripting (XSS) and content spoofing attacks against visitors.
Remote code execution vulnerabilities in the standard implementation of the network time protocol (NTP) can be exploited by attackers to compromise servers, embedded devices and even critical infrastructure systems that run UNIX-like operating systems.
A critical vulnerability in client software used to interact with Git, a distributed revision control system for managing source code repositories, allows attackers to execute rogue commands on computers used by developers.
Internet Explorer and Exchange Server top the list of Microsoft programs needing to be patched by IT administrators this month, now that the company has rolled out its latest round of "Patch Tuesday" security fixes.
Webmasters who patched their sites against a serious SSL flaw discovered in October will have to check them again. Researchers have discovered that the vulnerability also affects implementations of the newer TLS (Transport Layer Security) protocol.
A vulnerability in the IBM Endpoint Manager for mobile devices could allow attackers to execute malicious code on the servers used by companies to manage devices.
Siemens released security updates for several of its SCADA (supervisory control and data acquisition) products for industrial environments, in order to fix critical vulnerabilities that may have been exploited in recent attacks.
When Microsoft released a critical update for multiple versions of Windows Server this month, it also pushed out a fix for several releases of the Windows client OS, including even the technical preview for Windows 10.
New security updates released for the WordPress content management system and one of its popular plug-ins fix cross-site scripting (XSS) vulnerabilities that could allow attackers to take control of websites.