vulnerabilities

The web service for secure password storage, LastPass, asks users to change their passwords ASAP.

The primary issue here is the real cost of free offers. Hola’s stance is almost honest: You want free services? You have something that is of use to us – your idle or not-so-idle resources. If you don’t want them to be used by us, there is a paid tier for you.

Much has been said about the VENOM vulnerability, which is part of the new-age phenomena of Virtualization.

In this talk security podcast, Chris Brook and Brian Donohue discuss the upcoming Security Analyst Summit, Flash zero days, the Ghost vulnerability and the Anthem breach

In this Talk Security podcast, Threatpost’s Chris Brook and Brian Donohue discuss the move to encrypt the Web, the Regin APT campaign and more.

Microsoft has patched yet another bug in OLE, this time one that’s 19-years-old. While it is extremely surprising this bug hadn’t been discovered earlier, the crucial question here is the use of the underreviewed legacy code that developers have to drag along for decades.

Yesterday, researchers disclosed a powerful iOS vulnerability that is responsible for the WireLurker Apple malware.

Vulnerabilities vary. Some are considered critical, some – less problematic; their severity is determined by a few well-known factors such as ease of exploitability and popularity of software. But, no matter their differences they all require serious attention at a constant level, so that when the next Shellshock-like incident occurs, it won’t take cybersecurity world by surprise.

The Bash vulnerability affecting Unix, Linux and OS X systems is the latest Internet-wide bug to emerge, and a number of experts are saying it’s more dangerous than OpenSSL Heartbleed.

Your data is the finest treasure on your computer. Protect it the way the secret service protects a president, create a robust defense system where an antivirus will be just the last line of defense.

Can we beat software vulnerabilities? It is not possible to do so completely, but there are ways to mend the issue.

The story of a researcher who wanted to see how vulnerable he actually was.

Windows XP’s longevity is fascinating – and terrifying from the security point of view. The latest survey shows it’s still around – over 16% of KSN users still use Windows XP, but it is also clear that its epoch is near the end.

Unpatched flaws in Android make your device vulnerable to “Invisible” infection. You better find out now in order to protect yourself.

Four years after the discovery of the Stuxnet worm, the primary vulnerability it had been exploiting is still around. This is mainly the problem of poorly maintained Windows XP PCs and servers, most likely inhabited by worms. In the interconnected world a neglected PC or a server is a possible problem for many people.

Car hacking is back and Charlie Miller and Chris Valasek no longer have to plug their computers into the cars to make them do their bidding.

Making a case for password reuse, Google hiring hackers to fix the Internet, Apple bolsters security across its services with strong Crypto, plus various fixes and more.

New analysis pinpoints some weaknesses in a new generation of cars with online capabilities. If exploited, this may result in car theft and other problems.

This week: the first mobile malware turns 10; we check in on Android security news and recent data breaches; and we fill you in on the week’s patches.

A serious elevation-of-privileges vulnerability had been discovered in Linux in late April. Bugs like this are especially problematic for businesses, and require a prompt reaction.

A serious cross site scripting vulnerability was discovered in the popular Twitter application TweetDeck today. Users should revoke access to that app on Twitter as soon as possible.