A flaw in the widely used OpenSSL library could allow man-in-the-middle attackers to impersonate HTTPS servers and snoop on encrypted traffic. Most browsers are not affected, but other applications and embedded devices could be.
The first thing an IT security executive should do after the corporate network has been breached is fall back on the incident response plan that was put in place well before attackers got through the carefully constructed defenses.
A vulnerability in Android's default Web browser lets attackers spoof the URL shown in the address bar, allowing for more credible phishing attacks.
A critical vulnerability in code used by several virtualization platforms can put business information stored in data centers at risk of compromise.
The mystery high-severity flaw that people were expected to be fixed in OpenSSL is no Heartbleed, but it is serious and users should update.
Security experts yesterday were still frustrated about Microsoft's decision last month to halt advance warnings of each month's patch slate, with one calling it a "blockade" and another arguing that it makes it difficult for IT administrators to do their job.
Google on Friday defended its decision to stop patching WebView, a core component of Android, on versions older than 4.4, aka "KitKat," saying that the huge code base is unsafe to fix.
Over 5,000 devices used by gas stations in the U.S. to monitor their fuel tank levels can be manipulated from the Internet by malicious attackers.
Google has stopped patching a core component of Android in versions older than v. 4.4, aka "KitKat," a security researcher said today, as he urged the company to reconsider the policy that could leave more than 60% of all Android users vulnerable to future attacks.
Server administrators are advised to upgrade OpenSSL again to fix eight new vulnerabilities, two of which can lead to denial-of-service (DoS) attacks.
For the first time in a decade, Microsoft today did not give all customers advance warning of next week's upcoming Patch Tuesday slate. Instead, the company suddenly announced it is dropping the public service and limiting the alerts and information to customers who pay for premium support.
The critical Shellshock vulnerabilities found last month in the Bash Unix shell have motivated security researchers to search for similar flaws in old, but widely used, command-line utilities.
Windows and Internet Explorer need critical patches this month, according to Microsoft's advanced <a href="https://technet.microsoft.com/library/security/ms14-oct">notification</a> about Patch Tuesday bulletins for Oct. 14.
In a very light set of monthly security bulletins, Microsoft will issue just one that it's ranking critical and it involves Internet Explorer.
A collective of security researchers issued a letter Friday from the DefCon hacker conference in Las Vegas urging the automotive industry to adopt five principles for building safer computer systems in vehicles.