Security News

OpenSSL Preparing Updates to Patch High Severity Vulnerability (SecurityWeek)
2015-07-06 23:22

Chrome address spoofing vulnerability proof-of-concept for HTTPS (Reddit)
2015-07-02 17:34

Pinterest Fixes Validation Vulnerability in API (Threatpost)
2015-07-01 16:41

Pinterest recently fixed an issue in the API of its web app that could have allowed remote attackers to compromise emails and carry out session hijacking and phishing attacks.

Patched Apple QuickTime Vulnerability Details Disclosed (Threatpost)
2015-07-01 14:09

Researchers at Cisco Talos released details on a use-after-free vulnerability in Apple QuickTime that could lead to remote code execution.

Vulnerability Forces OPM to Pull Background Check System Offline (Threatpost)
2015-06-30 19:11

The Office of Personnel Management announced yesterday that it is temporarily suspending the system it uses to conduct government background checks.

Why vulnerability disclosure shouldn’t be a marketing tool (Help Net Security)
2015-06-30 07:28

There have been many arguments within the security community on how researchers should disclose the existence of a security vulnerability. Some argue that full disclosure is the best approach as it ma...

TCP Vulnerability Haunts Wind River VxWorks Embedded OS (Threatpost)
2015-06-23 14:47

There is a TCP prediction vulnerability in Wind River’s widely deployed VxWorks embedded software that can enable an attacker to disrupt or spoof the TCP connections to and from target devices....

RubyGems Patches Serious Redirection Vulnerability (Threatpost)
2015-06-23 13:55

RubyGems maintainers patched a vulnerability, reported by Trustwave and OpenDNS, that allows RubyGem clients to be redirected to an attacker-controlled gem server.

SSRF/XSPA (Web Application Vulnerability) CTF Write up- Garage4Hackers (Reddit)
2015-06-23 07:14

Google extends vulnerability bounties to Android; offers up to $30,000 (ArsTechnica)
2015-06-16 22:11