The update mechanism of the popular Drupal content management system is insecure in several ways, allowing attackers to trick administrators into installing malicious updates.
Stories by Lucian Constantin
Researchers from the INRIA institute in France have devised several attacks which prove that the continued support for MD5 in cryptographic protocols is much more dangerous than previously believed.
Researchers found a flaw that allows them to decrypt files affected by a new version of Linux.Encoder, a file-encrypting ransomware program that infects Linux Web servers.
Exploit acquisition firm Zerodium is offering up to $100,000 for exploits that bypass Flash Player's latest heap isolation protection.
Google has fixed a new batch of vulnerabilities in Android that could allow hackers to take over devices remotely or through malicious applications.
A cyberespionage group focused on companies and organizations from the energy sector has recently updated its arsenal with a destructive data-wiping component and a backdoored SSH server.
Many payment terminals in Germany - and in other countries too -- were designed without following best security principles, making them vulnerable to attacks that could result in mass fraud against both customers and merchants.
Juniper was using a known flawed random number generator as the foundation for cryptographic operations in NetScreen's ScreenOS and the safeguards it put in place were ineffective.
Google is considering banning certificates signed with the SHA-1 hashing function in Google Chrome starting Jul. 1.
The administrative access issue only affects ScreenOS 6.3.0r17 through 6.3.0r20, while the VPN decryption issue affects ScreenOS 6.2.0r15 through 6.2.0r18 and 6.3.0r12 through 6.3.0r20.
Tens of thousands of secure websites might start to display certificate errors to their visitors in January, when Microsoft plans to stop trusting 20 certificate authorities (CAs) from around the world.
The Microsoft SmartScreen filtering technology built into Internet Explorer and Edge has now been updated to block Web-based attacks that silently exploit software vulnerabilities to infect computers.
Pressing the backspace key 28 times can bypass the Grub2 bootloader's password protection and allow a hacker to install malware on a locked-down Linux system.
There are at least 35,000 publicly accessible and insecure MongoDB databases on the Internet, exposing 684.8 TB of data to potential theft.
Over the past two weeks security researchers have seen a surge in attacks using a file-encrypting ransomware program called TeslaCrypt that's known for targeting gamers in the past.
- System Engineer - Adelaide WA
- Network Security Engineer - Cisco ISE VIC
- Checkpoint Firewall and VPN NSW
- Junior Business Process Analyst Perm North Sydney NSW
- Snr SOC Security Coordinator - Perm - North Ryde area NSW
- Level 3 Engineer NSW
- Telco Program Manager VIC
- Technical Consultant/Systems Analyst QLD
- TSM Specialist NSW
- Capacity and Performance Analyst - Mainframe - Z Systems VIC
- WIN a HTC Vive Kit valued at $1399, take this 3 minute survey for your chance to WIN!
- Participate in this market research and go into the draw to win a Lego Death Star, (valued at $999).
- Answer 5 quick questions and you could win a Lego Mindstorm EV3, (valued at $499).
- 6 cities | 20 exhibitors | International & local keynotes | Hear from Mark Loveless 'Simple Nomad' & Jeff Lanza Former FBI - Save your seat at CSO Perspectives Roadshow