A cross-site scripting flaw was disclosed this morning affecting the popular Twitter application Tweetdeck. It has now been fixed, but not before it wormed its way through thousands of browsers.
Tag Archives: Vulnerability
Patch Tuesday wrap-up, June 2014 – both Adobe and Microsoft close “remotable” holes
Microsoft fixed 59 vulnerabilities in Internet Explorer alone this month. Is that worryingly bad, or pleasingly good? Paul Ducklin investigates what actually came down the chute in the June 2014 Patch Tuesday…
14-year-olds find manual online, hack an ATM during their school lunch hour
The bank didn’t believe the kids – who are both commendable white hats! – until they presented documents showing things like how much cash was in the machine.
Patch Tuesday for June 2014 – 7 bulletins, 3 RCEs, 2 critical, and 1 funky sort of hole
You’ll be patching and rebooting everything this month. Paul Ducklin gives you a brief overview to help you prepare. He also explains some vulnerability terminology you might not have heard before…
Mobile malware, Gameover, CryptoLocker, and SSL/TLS holes – 60 Sec Security [VIDEO]
How long has mobile malware been around? Is it really game over for Gameover and CryptoLocker? Which cryptographic security libraries need patching? It’ll only take a minute to find out…
Latest OpenSSL flaws can lead to information leakage, code execution and DoS
Only two months after the Heartbleed vulnerability in OpenSSL captured global headlines we have another critical update for OpenSSL fixing 6 new flaws.
Move over Heartbleed – here comes another SSL/TLS bug
Which widely used open source SSL/TLS cryptographic library just recently fixed a critical bug caused by a buffer overflow? (Hint. The software isn’t OpenSSL and the vulnerability isn’t Heartbleed.)
From Cabir to Koler – 10 years of Mobile Malware
It’s 10 years since June 2004, when the first mobile malware appeared. We don’t want to *celebrate* this anniversary, you understand, but we thought we’d look back to see what we can learn…
Apple Safari 7.0.4 closes 22 holes, including 21 listed under “arbitrary code execution”
Apple just pushed out another Safari update, bumping OS X’s native browser to version 7.0.4. Paul Ducklin found himself thinking, “Is it just me, or has Cupertino bumped up the frequency of Safari patches lately?”
SSCC 148 – Cloud privacy policies not related to data security [PODCAST]
The Chet Chat comes to you this week from Hanoi, Vietnam with special guest Sean Richmond from Sophos Australia. Chet and Sean continue the tradition of working through the details to paint you a clearer picture. This week they tackle the FBI’s crackdown on the Blackshades malware, new research showing more flaws in Chip & PIN technology, the latest Apple updates including an iTunes oops and an analysis of the EFF’s “Who has got your back” report.