Articles about vulnerability research

The Register breaking news

Obama loses (another) cybersecurity bigwig

Updated Yet another high-ranking government official in charge of securing the country's computer networks has resigned. This time, it's the head of the US Department of Homeland Security's Computer Emergency Readiness Team. Mischel Kwon submitted her letter of resignation last week, according to The Washington Post. The report cited …
Dan Goodin, 10 Aug 2009
Cat 5 cable

Apple fixes critical Mac holes triggered by image files

Apple on Wednesday patched 18 holes in its Mac OS X operating system, seven that could allow an attacker to remotely take over a machine when a user does nothing more than view a booby-trapped image. The ImageIO Framework, which helps Mac applications read and write popular image formats, was responsible for five of the image …
Dan Goodin, 6 Aug 2009
The Register breaking news

XML flaws threaten 'enormous' array of apps

Updated Security researchers have uncovered critical flaws in open-source software that implements the Extensible Markup Language in a staggering array of applications used by banks, e-commerce websites, and consumers. The bugs uncovered by researchers at Finland-based Codenomicon were contained in virtually every open-source XML …
Dan Goodin, 6 Aug 2009
The Register breaking news

Mozilla squashes critical bugs in Firefox

Mozilla on Monday issued an update for Firefox that fixes four critical security bugs in the popular open-source browser, including one exposed last week that could make it easy for attackers to spoof SSL certificates used to secure websites. The vulnerability meant Firefox could be tricked by rogue certificates, a potentially …
Dan Goodin, 4 Aug 2009
The Register breaking news

AES encryption not as tough as you think

Cryptographers have found a new chink in the widely used AES encryption standard that suggests the safety margin of its most powerful cipher is not as high as previously thought. In a soon-to-be-published paper, researchers Alex Biryukov, Orr Dunkelman, Nathan Keller, Dmitry Khovratovich, and Adi Shamir show that the 256-bit …
Dan Goodin, 3 Aug 2009
The Register breaking news

cPanel, Netgear and Linksys susceptible to nasty attack

Defcon If you use cPanel to administer your website or certain Linksys or Netgear devices to route traffic over your wireless network, you're susceptible to web-based attacks that could take complete control of your systems, two security researchers said Saturday. All three wares contain CSRF, or cross-site request forgery, holes …
Dan Goodin, 2 Aug 2009
The Register breaking news

Surveillance camera hack swaps live feed with spoof video

Defcon Corporate teleconferences and other sensitive video feeds traveling over internet are a lot more vulnerable to interception thanks to the release of free software tools that offer penetration testers and attackers a point-and-click interface. At the Defcon hacker conference in Las Vegas, the Viper Lab researchers demonstrated …
Dan Goodin, 1 Aug 2009
Iphone

Hijacking iPhones and other smart devices using SMS

Black Hat Update: Apple says it has patched the vulnerability described below. The full story is here Researchers have uncovered a bevy of vulnerabilities in smart phones made by multiple vendors, including one in Apple's iPhone that could allow an attacker to execute malicious code without requiring the victim to take any action at all …
Dan Goodin, 31 Jul 2009
The Register breaking news

Meter insecurity raises specter of free parking hacks

Black Hat Hackers have figured out a way to trick San Francisco's computerized parking meter system into giving away unlimited free parking by cloning the smart cards used to pay fees. Speaking at the Black Hat security conference in Las Vegas, hackers Jacob Appelbaum, Joe Grand and Chris Tarnovsky said they were able to compromise the …
Dan Goodin, 30 Jul 2009
The Register breaking news

Wildcard certificate spoofs web authentication

Black Hat In a blow to one of the net's most widely used authentication technologies, a researcher has devised a simple way to spoof SSL certificates used to secure websites, virtual private networks, and email servers. The attack, unveiled Wednesday at the Black Hat security conference in Las Vegas, exploits a weakness in the process …
Dan Goodin, 30 Jul 2009
The Register breaking news

Security elite pwned on Black Hat eve

On the eve of the Black Hat security conference, malicious hackers posted a 29,000-line file detailing embarrassing attacks that took complete control of servers and websites run by several high-profile security researchers, including Dan Kaminsky and Kevin Mitnick. The file posted on security mailing lists claimed to have …
Dan Goodin, 29 Jul 2009
The Register breaking news

Microsoft emergency fix kills bugs in IE, Visual Studio

Microsoft issued two emergency updates on Tuesday to fix critical security bugs that leave users of Internet Explorer and an untold number of third-party applications vulnerable to remote attacks that completely commandeer their computers. Most of the vulnerabilities are located in Microsoft's ATL, or Active Template Library, …
Dan Goodin, 28 Jul 2009
The Register breaking news

New attack resurrects previously patched security bugs

Researchers may have figured out how to bypass a common technique Microsoft and other software makers have used to fix hundreds of security vulnerabilities over the past decade, according to a brief video previewing a talk scheduled for later this week at the Black Hat security conference. The video, posted here by security …
Dan Goodin, 27 Jul 2009
The Register breaking news

New attacks exploit vuln in (fully-patched) Adobe Flash

Online criminals are targeting a previously unknown vulnerability in the latest versions of Adobe's ubiquitous Flash Player that allows them to take complete control of end users' computers, security researchers warn. Although the exploit can be triggered using malicious PDF files opened by Adobe's Reader application, a more …
Dan Goodin, 22 Jul 2009
The Register breaking news

Feds suffer from 'serious' IT security talent shortage

The United States government faces a serious shortage of skilled cybersecurity specialists, according to a new report, which estimates the country may need an 8-fold increase in the number nationally sponsored graduates with security degrees. The federal government currently runs a scholarship program that turns out about 120 …
Dan Goodin, 22 Jul 2009
The Register breaking news

Adobe spanked for insecure Reader app

Adobe Systems has been taken to task for offering outdated software on its downloads page that contains dozens of security vulnerabilities, several of which are already being exploited in the wild to install harmful malware on users' machines. Visitors who obtain Adobe Reader from the company's official downloads page will …
Dan Goodin, 22 Jul 2009
The Register breaking news

Open-source firmware vuln exposes wireless routers

A hacker has discovered a critical vulnerability in open-source firmware available for wireless routers made by Linksys and other manufacturers that allows attackers to remotely penetrate the device and take full control of it. The remote root vulnerability affects the most recent version of DD-WRT, a piece of firmware many …
Dan Goodin, 21 Jul 2009
The Register breaking news

Mac OS X gets rootkit coding manual

Over the past decade, the world has seen advances in rootkits running on Windows and Unix operating systems that few would have thought possible. Now, it's Mac OS X's turn, as a security researcher plans to share a variety of techniques for developing the ultra-stealthy programs for the Apple platform. At a talk titled …
Dan Goodin, 20 Jul 2009

Create a news alert about vulnerability research, or find more stories about vulnerability research.

Biting the hand that feeds IT © 1998–2018