vulnerabilities

What is the difference between real and theoretical threats?

Today’s weekly news digest covers the stories about various mistakes in coding, and how they can be used for different purposes, including earning money.

Cyber-literate users possesses a variety of good habits, which protect them online and offline. What are these traits?

Our today’s weekly news digest covers three stories about the mistakes coders make when programming robots, the way other people exploit those design flaws, and then the reckoning.

Routers are again becoming a source of cyberthreats as a new batch of security vulnerabilities in UPnP were publicized earlier this month.

Kaspersky Security Center 10, the Kaspersky Lab’s unified management console, makes it easier to manage and secure all your endpoints – including physical, virtual and mobile devices.

Information security digest: the greatest iOS theft, farewell to RC4 cipher, multiple vulnerabilities in routers

Infosec digest: exploit kit Neutrino in Wordpress, yet another GitHub DDoS, Wyndham responsible for breach, while Target is not.

One can find a number of reasons why this very bug cannot be patched right now, or this quarter, or, like, ever. Yet, the problem has to be solved.

Three most important recent news with extensive commentary and trolling: nasty Android Stagefright vulnerability, new car hacks and Do Not Track 2.0 privacy initiative

Researchers compete at finding security holes in infotainment systems of connected cars and breaking in. The new case proves that Tesla does care a lot about security at wheel.

Recently we wrote about the Jeep Cherokee hack incident. At Black Hat security researchers Charlie Miller and Chris Valasek finally explained, how exactly the now-famous Jeep hack happened.

Apple patched a serious issue in its App Store and iTunes Store, which could have undermined many of the businesses working in this ecosystem.

If it is not possible to get rid of a risky software for some reason, it is better to exist in a “presumption of guilt” mode, with an efficient security solution keeping it in check and preventing exploits from successful attacks, targeted ones included.

Taking over a Jeep Cherokee driving at speed 70 mph at a remote highway is quite real.

The web service for secure password storage, LastPass, asks users to change their passwords ASAP.

The primary issue here is the real cost of free offers. Hola’s stance is almost honest: You want free services? You have something that is of use to us – your idle or not-so-idle resources. If you don’t want them to be used by us, there is a paid tier for you.

Much has been said about the VENOM vulnerability, which is part of the new-age phenomena of Virtualization.

In this talk security podcast, Chris Brook and Brian Donohue discuss the upcoming Security Analyst Summit, Flash zero days, the Ghost vulnerability and the Anthem breach

In this Talk Security podcast, Threatpost’s Chris Brook and Brian Donohue discuss the move to encrypt the Web, the Regin APT campaign and more.

Microsoft has patched yet another bug in OLE, this time one that’s 19-years-old. While it is extremely surprising this bug hadn’t been discovered earlier, the crucial question here is the use of the underreviewed legacy code that developers have to drag along for decades.