With the growing number of cyber attacks and data breaches, a significant number of companies and organizations have started Bug Bounty Programs to encourage hackers and security researchers to find and responsibly report bugs in their services and get a reward.
Now, even pornography sites are starting to embrace bug bounty practices in order to safeguard its user’s security.
<!– adsense –>
Matías Porolli shows how exploit another classic buffer overflow vulnerability, in which the ebp register is moved to execute an arbitrary code.
The post Exploiting 1-byte buffer overflows appeared first on We Live Security.
A security researcher disclosed vulnerabilities in the poorly secured web domains of a Florida county elections, but he ended up in handcuffs on criminal hacking charges and jailed for six hours Wednesday.
Security researcher David Michael Levin was arrested and charged by the United States law enforcement after breaking into and disclosing some serious vulnerabilities in a couple of
In Brief
The Smartphone users are fed up with slow security updates, so two United States federal agencies have launched an official inquiry to know how manufacturers and carriers deal with mobile phone security updates and what they are doing to roll out patches as quickly as possible.
The Smartphone patch update mechanism is broken, and someone has to fix it.
Most smartphone models are
Be careful! Not all anti-virus systems are what they seem and many are more hazardous than helpful for your cyber security, so was said in a recent investigation. The investigation concluded that, today, most anti-virus’ tend to lower the threshold of Internet browser security. Can they protect us against external threats? How effective are they?
Traditionally, browsers incorporate tools to check certificates issued by websites to ensure that it has been issued by an appropriate entity. Panda Security’s products do not use interception techniques like intrusive man-in-the-middle through TLS proxies, to analyze our customers’ communications. Our solutions are completely transparent and do not install any type of certificate for this function. Thanks to this we can avoid these type of vulnerabilities, while minimizing the impact on the communication performance for our users’ devices. For this reason, Panda solutions are not included in the study.
Panda’s products are mentioned as those not affected by this vulnerability in Concordia University’s report.
The affected anti-virus systems in the study trick browsers, causing them to relax and trust any certificate, even though they shouldn´t. On the contrary, Panda Security solutions appears in this report because of its transparency and reliability for its users.
The post Panda Security, the tested anti-virus appeared first on Panda Security Mediacenter.
“Talent has no Age Limit”
That’s what I said for a 10-year-old Finnish boy on our official Facebook page while sharing his recent achievement with our readers i.e. Winning $10,000 bug bounty from Instagram.
Last Tuesday when we at The Hacker News first acknowledged this talented boy and the flaw he discovered in image-sharing social network Instagram, I did not have an idea that the Facebook
OpenSSL has released a series of patches against six vulnerabilities, including a pair of high-severity flaws that could allow attackers to execute malicious code on a web server as well as decrypt HTTPS traffic.
OpenSSL is an open-source cryptographic library that is the most widely being used by a significant portion of the Internet services; to cryptographically protect their sensitive Web
A serious zero-day vulnerability has been discovered in ImageMagick, a widely popular software tool used by a large number of websites to process user’s photos, which could allow hackers to execute malicious code remotely on servers.
ImageMagick is an open-source image processing library that lets users resize, scale, crop, watermarking and tweak images.
The ImageMagick tool is supported by
Clickjacking Vulnerability in Telegram Web Client
The official Telegram web-client that allows its users to access messenger account over desktop’s web browser is vulnerable to clickjacking web application vulnerability.
Egyptian security researcher Mohamed A. Baset told The Hacker News about a flaw in Telegram that could allow an attacker to change sensitive information of a Telegram user,
In Brief
The Federal Bureau of Investigation (FBI) made its first disclosure about a software security flaw to Apple under the Vulnerability Equities Process (VEP), a White House initiative created in April 2014 for reviewing flaws and deciding which ones should be made public.
Unfortunately, the vulnerability reported by the federal agency only affected older versions of Apple’s iOS and OS
