Security News

Cisco Talos security researchers have discovered a code execution vulnerability in National Instruments’ LabVIEW system design and development platform. The LabVIEW engineering software is used in...

This month's Microsoft patch updates include one particular vulnerability that is raising concerns: CVE-2017-8620, which affects all versions of Windows from 7 onwards. Microsoft explained, "in an...

There is an unpatchable vulnerability that affects most modern cars. It's buried in the Controller Area Network (CAN): Researchers say this flaw is not a vulnerability in the classic meaning of...

An update released by VMware for its NSX-V network virtualization solution patches an important denial-of-service (DoS) vulnerability. The security hole, tracked as CVE-2017-4920, exists in the...

A CSRF flaw that made it possible for attackers to access court documents on the PACER system while making legitimate users pay for it has finally been plugged. What is PACER? PACER is an...

Microsoft patched 25 critical vulnerabilities, including a remote code execution bug in Windows Search.

Instituting a vulnerability disclosure program (aka bug bounty program) that won’t blow up in the organization’s face can be a daunting task. Some will prefer to enlist outside experts to advise...

The U.S. Department of Justice (DOJ) Criminal Division’s Cybersecurity Unit has created a framework designed to help organizations develop formal vulnerability disclosure programs. read more

The United States Industrial Control Systems Cyber Emergency Response Team (ICS-CERT) issued an alert on Friday to warn relevant industries about a vulnerability affecting the Controller Area...

New paper: "Taking Stock: Estimating Vulnerability Rediscovery," by Trey Herr, Bruce Schneier, and Christopher Morris: Abstract: How often do multiple, independent, parties discover the same...