HackerOne released a free model that assesses an organization’s readiness to accept outside vulnerability reports.
Tag Archives: Web Security
Adobe Patches 23 Critical Vulnerabilities in Flash Player
Adobe has released a Flash Player update that addresses 23 critical vulnerabilities in the software, many which can lead to code execution.
Google Details Plans to Disable SSLv3 and RC4
As expected, Google formally announced its intent to move away from the stream cipher RC4 and the protocol SSLv3 this week, citing a long history of weaknesses in both.
D-Link Accidentally Leaks Private Code-Signing Keys
Private keys used to sign D-Link software were included in open-source firmware published by the company.
Details Surface on Patched Bugzilla Privilege Escalation Flaw
Bugzilla users should upgrade to current versions after a privilege escalation vulnerability was reported and patched.
Schneider Patches Plaintext Credentials Bug in Building Automation System
Schneider Electric has published new firmware for its StruxureWare Building Expert building automation system that patches a remotely exploitable vulnerability.
Scan of IPv4 Space for ‘Implanted’ Cisco Routers Finds Fewer Than 100
A day after researchers detailed a technique that attackers are using to upload malicious firmware images to Cisco routers, academic researchers say they have scanned the entire IPv4 address space and discovered a total of 79 likely compromised routers. The researchers at the University of Michigan used their Zmap tool, which can scan the Internet in about […]
First Let’s Encrypt Free Certificate Goes Live
Let’s Encrypt hit a major milestone today when its first free and automated cert went live.
WordPress Patches Serious Shortcodes Core Engine Vulnerability
WordPress upgraded to 4.3.1, patching a pair of vulnerabilities in the core engine, including a cross-site scripting issue enabled by a vulnerability in shortcodes.
CoreBot Adds New Capabilities, Transitions to Banking Trojan
As many researchers expected it would, CoreBot, the credential-stealing malware that first surfaced last month, has added a bevy of new capabilities and reinvented itself as a robust banking Trojan.