Recently discovered vulnerabilities are being used by the Russian APT28 group to spy on government targets and steal politically sensitive data.
Showing results 1 to 20 of 827
The latest Firefox browser update has created a web encryption security hole for hackers to exploit.
The compromised website is redirecting all traffic to a Nuclear Exploit Kit targeting vulnerabilities in Adobe Flash, Oracle Java and Microsoft Silverlight software.
The figures are from the Microsoft Vulnerabilities Report by UK-based security firm Avecto, in which the company pulled data from every Patch Tuesday issued by Microsoft in 2014.
In this month's Patch Tuesday, Microsoft is serving up a dozen security-related updates for Windows, including two fixes for vulnerabilities that have been publicly disclosed. In addition to five Critical security updates, today's list includes fixes for the cross-platform FREAK flaw.
Redmond has said that the FREAK security flaw is found in versions of its Windows operating system from Windows Server 2003, Windows Vista, and higher.
An HP report highlights how the bulk of exploits in 2014 revolved around vulnerabilities that were discovered before 2013.
This month's Patch Tuesday release includes three updates rated Critical, including a massive security update that fixes more than 40 flaws in Internet Explorer. A recently disclosed XSS vulnerability remains unpatched, however, and one Windows Server 2003 bug won't be fixed.
Google's security team has disclosed three separate zero-day vulnerabilities on Apple's OS X platform. It seems annoying Microsoft wasn't enough.
Adobe patches nine vulnerabilities -- four of which are considered "critical" -- in order to protect against hackers who could exploit the bug to take control of an affected system.
A privilege escalation bug being exploited in the wild could turn a normal user into a domain administrator.
UPDATED. I ran the numbers and vulnerabilities in browsers are up this year, as is their severity. We know more about this for Internet Explorer because Microsoft provides the most data.
The latest vector for exploits of the Shellshock bug in the Bash shell is SMTP, where the mail headers themselves trigger the exploit.
iSight says the "Sandworm" team has targeted NATO, the European Union, Ukraine and industry through a previously unrecognized Windows zero-day exploit.
Despite their ages, the crimes are serious: breaking into both the US Army and Microsoft's servers to steal everything from unreleased games to military software.
Many severe vulnerabilities are fixed in the new version and remain in iOS 7.1.
On Tuesday, about the time that Microsoft issues its Patch Tuesday Windows updates, Adobe will release new versions of Reader and Acrobat.
Apple has patched an exploit with its Find My iPhone online service that may have been used by hackers to gain access to personal photos stored on iCloud accounts belonging to some 100 celebrities.
Another system on the network could take root privileges on a vulnerable Samba client or server.
A flaw in many of the company's cable modems and residential gateways could allow a remote attacker to take control of the device.
The best of ZDNet, delivered
- 1 Perfectly legal ways you can still get Windows 7 cheap (or even free)
- 2 34 ways to improve your iPhone's battery life
- 3 How much does an iPhone 6 really cost? (Hint: It's way more than $199)
- 4 So you have an app idea and want to make a bajillion bucks
- 5 ZDNet Cloud TV: Impact of cloud on HR (highlights)