News & Features
The cross-site scripting filter of Microsoft's browser reportedly contains vulnerabilities that allow the very cross-site scripting attacks it is meant to prevent
more…
Due to a DNSSEC-related error, attackers can inject faked entries into a name server's cache. As a result the server resolves specific domains to incorrect IP addresses
more…
User-generated PDF documents can potentially disclose information the author might not wish to reveal. The leak is caused by a flaw in Internet Explorer
more…
VMware has advised of a total of 93 vulnerabilities in several of its products, including ESX Server, Server, VirtualCenter and vCenter.
more…
The previous version of Opera was affected by a flaw that can be exploited to compromise systems and that has been known for six months. The KDE libraries are also said to be vulnerable
more…
A new version of the worm infecting insecure jailbroken iPhones resets the password
more…
A few lines of HTML code, posted anonymously under the heading "IE7" on a security list, turn out to be a previously unknown security problem in the Microsoft browser
more…
Security experts have found security problems in several popular Firefox extensions. They warn that using add-ons can impact the security of the entire system
more…
Cisco has released a free iPhone application that allows users to receive customised alerts on real-time security threats, new signatures and other information
more…
The PHP developers have released the first maintenance update to the 5.3 branch of their programming language, which now includes anti DoS measures and sanity checks on EXIF
more…
The 9.1.0.0 version of the Serv-U FTP Server for Windows closes two critical vulnerabilities which allow an attacker's code to infiltrate the system or restart it
more…
The American National Security Agency also helped configure the system security of Windows 7 during the operating system's development
more…
Spyware for Android, understanding botnet protocols, Top 10 vulnerabilities in web applications, Bruce Schneier action figure
more…
Fedora 12 has changed its security policy to allow unprivileged users to install software without requiring the root password
more…
Google's search engine reportedly plays an important role in the attack, pointing users to compromised web pages when certain search terms are entered. More than 200,000 web pages appear to have been affected
more…
Extensions to the browser will no longer be able to silently install themselves in Firefox 3.6's component directory. The Mozilla developers say the directory lock down will increase the browser's stability
more…
A plug-in for disassembler IDA Pro uses Google searches to make machine code functions comprehensible to the uninitiated. It can save time for security specialists analysing malware code
more…
Nearly one year after the release of Metasploit 3.2, the Metasploit Project developers have announced the availability of version 3.3 of the Metasploit Framework
more…
Only four per cent of the security products tested by independent tester ICSA Labs are certified the first time out. Many products even fail to fulfil their core functionality
more…
Security service provider Secunia has discovered a critical vulnerability in the Wikipedia Toolbar extension for Firefox that can be exploited by an attacker to compromise a victim's system
more…
The vulnerability in the design of the SSL/TLS protocol revealed earlier this month can apparently be used for practical attacks after all, such as stealing Twitter login data
more…
Microsoft is investigating a DoS vulnerability that can be exploited to cripple systems running Windows 7 or Windows Server 2008 R2. According to the vendor, however, no active attacks have been registered so far
more…
A hole in the upload routine for blog post attachments allows PHP files to be disguised, for example, as images. Attackers can exploit the hole to execute arbitrary code. However, not all server configurations are affected
more…
A vulnerability in the free image editing tool GIMP (GNU Image Manipulation Program) can reportedly be exploited to compromise a users system
more…
Microsoft has been granted a patent on a privilege escalation system which appears to cover the functionality of PolicyKit, used for fine grain authorisation on Ubuntu, Fedora, openSUSE and other Linux systems
more…
Opera 10.10 closes "extremely severe" hole
