vulnerabilities

About eight out of every 10 Web browsers run by consumers are vulnerable to attack by exploits of already-patched bugs, says a security expert.

DON'T shortchange remediation. Surprisingly, organizations will perform vulnerability scans, or hire someone to conduct a scan, get a report and then not follow through. They may cherry-pick one or two critical items and neglect the rest. The result is that the organization has spent time and money without doing much for its security.

Facebook has quietly fixed a vulnerability discovered recently by two student researchers that allowed malicious websites to access a Facebook user's private data without permission and post malicious links onto their profile.

Microsoft will likely issue an emergency kit to an unpatched IE flaw after it was added to the Eleonore crimeware kit.

The Titanic was thought to be unsinkable, a testament to the engineering prowess of its day and the fact that luxury liners rarely collided with massive icebergs.

The more apps companies deploy, the more complicated vulnerability management becomes. In the rush to find every security hole and seal it off from potential hackers, it's easy to let something important slip through. That's especially true if you're an IT administrator juggling several tasks of which security is one.

The disclosure of a new exploit technique that bypasses an important Windows security feature may lead to more successful attacks against Microsoft's newer operating systems, researchers said today.

In the security business we spend a lot of time worrying about the "zero-day" threat that appears out of nowhere and immediately starts attacking a hereto unknown vulnerability. We worry so much that we overlook the vulnerabilities we already know about. The ones that have been hanging around on our systems, known but unaddressed, unpatched and wide open.

The Black Hat security conference is full of drama again in Amsterdam with the last-minute cancellation of a presentation.

Researchers at IOActive say malicious code could propagate on next generation power meter devices.

The software vulnerabilities listed in Bit9's so-called 'Dirty Dozen' don't swoop in wearing a mask and brandishing a gun. They come in surreptitiously hidden in the coattails of popular applications.

Now something completely unrelated to VoIP: Reason behind all vulnerabilities in software! I read an article that explained how vulnerabilities are basically created by the fact that people tend to drift from good development principles into practices that are just simply Fun. The engineers among us know that software development can be enormously interesting, something you would happily even do in your leisure time. But can fun be converted into reliable software?