Security News

There is a privilege-escalation vulnerability in several versions of Ubuntu that results from the fact that the operating system fails to check permissions when users are creating files in some...

A trio of vulnerabilities were recently patched in eBay’s Magento e-commerce web application that could have let attackers carry out a handful of exploits.

Dennis Fisher and Mike Mimoso discuss the brutal House Oversight Committee hearing on the OPM breach, the Navy soliciting zero days, the LastPass breach, and the Cardinals-Astros hacking story.

Researchers from ERPScan said SAP’s HANA in-memory database contains a default static encryption key.

Major telecoms like AT&T and Verizon continue to lag behind in the Electronic Frontier Foundation’s annual “Who Has Your Back” report.

In the two years since the details of the NSA’s deep penetration of the Internet infrastructure began to emerge, there has been a major movement afoot among Web companies to encrypt more and more...

Drupal has patched several vulnerabilities in versions 6 and 7 of the content-management system, including a critical bug that enables an attacker to hijack administrators’ accounts and take...

Google's decision to limit its Android Security Rewards program to Nexus devices could have security consequences for non-Nexus device users.

A group of researchers claim that they found a handful of vulnerabilities in both Apple’s OS X and iOS, and cracked the Keychain service that the company uses for apps and sandboxes on OS X.

LinkedIn today announced that since October it has been running a private bug bounty, and to date has patched 65 bugs and paid out $65,000 in rewards.