Apple released patches to fix a family of security flaws called Masque the other day in iOS release 8.4 . Researchers then came up with a new variant of the flaw that the patch doesn’t fix. Apple had fixed earlier variants of the Masque attack in iOS 8.1.3 , Anyone see a theme here. Unfortunately, […]
Continue reading → [DISPLAY_ACURAX_ICONS]According to Veracode, the government isn’t very good at fixing software flaws. In fact, of 7 vertical segments, they rank last. The financial and manufacturing sectors do best at fixing vulnerabilities. Healthcare organizations don’t do well and cloud vendors (SaaS) fail the OWASP top 10 almost 75% of the time. Given this, it is not […]
Continue reading → [DISPLAY_ACURAX_ICONS]Another day, another software supply chain exploit. This time, Zytel and D-Link have confirmed that their routers have the bug, but researchers think products from Netgear, TP-Link, Trendnet and other vendors are vulnerable. Already 90 plus products from more than 20 vendors have been potentially identified as vulnerable. Only TP-Link has announced a patch. The […]
Continue reading → [DISPLAY_ACURAX_ICONS]Following up on yesterday’s post on the time to detect hackers inside your systems, a new report today says that about half of the web sites of Retail and Healthcare businesses are always vulnerable, mostly because of slow remediation rates. WhiteHat Security’s report (see article) says that 47% of applications tested had cross site scripting […]
Continue reading → [DISPLAY_ACURAX_ICONS]Microsoft just patched a bug this month (see article) that potentially allows a hacker to take over your computer and for sure allows a hacker to crash it – repeatedly – all because they forgot to check for a carry overflow in an addition operation. It potentially affects 70 million web sites and is being […]
Continue reading → [DISPLAY_ACURAX_ICONS]For those of you who read the security news, you know that this last 12 months has brought an amazing number of SSL bugs to the surface (see a few of my blog posts here and here and here). Now iPhone and iPad users have their turn to deal with an SSL bug. The bug, […]
Continue reading → [DISPLAY_ACURAX_ICONS]