Categories Topics
Description
Vulnerability Management

Overview
Vulnerability Management is the process to detect, analyze and remediate vulnerabilities on systems, devices, networks and applications in an ongoing manner. Vulnerability Management also includes the process to assess the likelihood of a vulnerability being exploited by external and internal threats and the impact to the organization. 

Guidelines
A Vulnerability Management program should first start with developing the organization's Vulnerability and Patch Management policy that defines the desired security state of the environment (e.g. critical patches must be applied, insecure protocols disabled on systems, applications securely developed). Standards should then be developed that include a "baseline" of more detailed configuration or application settings that define the desired state of platforms to meet security policies. Baselines should leverage industry security guidelines (e.g. NIST, PCI, DISA-STIG) as much as possible.

Once the Policy and Standard baseline is established, formalized vulnerability scanning and penetration testing must be periodically performed to adequately assess and mitigate vulnerabilities on the network.

A Vulnerability Scanning process should include at minimum:
  • Scanning tool/solution used for detecting vulnerabilities
  • Frequency of scan (e.g. OS and application vulnerabilities should be scanned periodically or before new systems or applications are introduced to production; recommendation at least every 30 days for smaller organizations or every 7 days for best results and larger organizations)
  • Patch and/or Configuration Management tool/solution used to automate patch and configuration of systems (that deviate from standards)
  • Establish the number of days required for remediation after vulnerabilities are detected using a risk-based approach (e.g. higher risk assets and vulnerabilities should get remediated sooner than lower risk assets and vulnerabilities).
Some organizations may choose to separate the scanning process into two separate processes to help in prioritization of remediation efforts. For example, a vulnerability scan can be run more often to ensure high risk vulnerabilities are remediated soon after detection (e.g. critical patches that get released by software vendors typically every month). A separate configuration management scan can also be run to detect deviations to an established baseline (e.g. Windows or UNIX OS standard). More critical deviations can be mitigated proactively before gaps can be exposed that lead to policy violations or data loss. Configuration scans generally have a higher system performance impact (due to number of baseline settings to check) so caution should be used to schedule appropriately to maximize availability.

Remediation efforts should also be done in phases to ensure availability of the environment. For example, organizations should first test patches in a development environment prior to production to ensure patch will not cause disruption to a critical customer-facing or production system. It is also important to ensure development systems closely match production in terms of system and application configuration to ensure similar results after patch deployment. Schedules should be pre-planned (e.g. every month) with business system owners so that patch testing can be performed routinely and prioritized. Patches should also be applied in phases to production systems. For instance, apply patches to primary systems on a separate day from backup systems such that applications can be failed over to known good systems if a patch causes an outage.

Finally, organizations should analyze threats on an ongoing basis to help determine the risk posed to the organization and systems.  New vulnerabilities should be analyzed and remediated based on severity. Patches should be thoroughly tested and certified in a timely manner after public release for swift remediation.


Topic Category
Vulnerability Management
 
News Articles
Ex-CEO on TalkTalk mega breach: It woz 'old shed' legacy tech wot done itwww.theregister.co.uk6/5/2018
Researchers Warn of Microsoft Zero-Day RCE Bugthreatpost.com6/1/2018
Half a million pacemakers need a security patchnakedsecurity.sophos.com5/4/2018
Hackers built a 'master key' for millions of hotel roomswww.zdnet.com4/25/2018
Single single-sign-on SNAFU threatens three Cisco productswww.theregister.co.uk4/23/2018
Researchers find critical flaws in SecurEnvoy SecurMail, patch now!www.helpnetsecurity.com3/13/2018
AMD Investigating Reports of 13 Critical Vulnerabilities Found in Ryzen, EPYC Chipsthreatpost.com3/13/2018
Intel didn't tell CERTS, govs, about Meltdown and Spectre because they couldn't help fix itwww.theregister.co.uk2/23/2018
Intel Issues Updated Spectre Firmware Fixes For Newer Processorsthreatpost.com2/21/2018
Dell EMC plugs critical bugs in VMAX enterprise storage offeringswww.helpnetsecurity.com2/16/2018
Zero-day vulnerability in Telegramsecurelist.com2/13/2018
NameCheap to Notify Customers of Misconfiguration Issue that Allowed Subdomain Creation on Any Hosted Accountwww.tripwire.com2/7/2018
Mission-critical system alert: 40-year-old OpenVMS hit by exploitable bugwww.zdnet.com2/7/2018
AMD vs Spectre: Our new Zen 2 chips will be protected, says CEOwww.zdnet.com1/31/2018
Intel alerted Chinese cloud giants 'before US govt' about CPU bugswww.theregister.co.uk1/29/2018
Microsoft releases emergency Windows update to hamstring earlier 'Spectre' defensewww.computerworld.com1/29/2018
Microsoft, Intel Share Data on Performance Impact of CPU Flaw Patcheswww.securityweek.com1/10/2018
Windows Meltdown and Spectre patches: Now Microsoft blocks security updates for some AMD based PCswww.zdnet.com1/9/2018
IBM melts down fixing Meltdown as processes and patches stutterwww.theregister.co.uk1/8/2018
Kernel-memory-leaking Intel processor design flaw forces Linux, Windows redesignwww.theregister.co.uk1/2/2018
Android vulnerability allows attackers to modify apps without affecting their signatureswww.helpnetsecurity.com12/11/2017
Dormant Keylogger Functionality Found in HP Laptopswww.securityweek.com12/11/2017
Next-gen telco protocol Diameter has last-gen security – researcherswww.theregister.co.uk12/8/2017
Android Flaw Allows Attackers to Poison Signed Apps with Malicious Codethreatpost.com12/8/2017
Banking Apps Found Vulnerable to MITM Attacksthreatpost.com12/7/2017
Just one day after its release, iOS 11.1 hacked by security researcherswww.zdnet.com11/2/2017
Critical flaws in maritime comms system could endanger entire shipswww.helpnetsecurity.com10/26/2017
Key Reinstallation Attackswww.krackattacks.com10/16/2017
Microsoft silently fixes security holes in Windows 10 – dumps Win 7, 8 out in the coldwww.theregister.co.uk10/6/2017
Sole Equifax security worker at fault for failed patch, says former CEOwww.theregister.co.uk10/4/2017
Netgear Fixes 50 Vulnerabilities in Routers, Switches, NAS Devicesthreatpost.com10/2/2017
Behind the Masq: Yet more DNS, and DHCP, vulnerabilitiessecurity.googleblog.com10/2/2017
Researcher discloses 10 D-Link zero-day router flawswww.zdnet.com9/11/2017
Hackable flaw in connected cars is ‘unpatchable’, warn researchersnakedsecurity.sophos.com8/25/2017
Zerodium Offers $500K for Secure Messaging App Zero Daysthreatpost.com8/24/2017
Fuze Patches TPN Handset Vulnerabilitiesthreatpost.com8/22/2017
Couple Arrested for Exploiting Lowe’s Website Flaw to Steal Merchandisewww.tripwire.com8/21/2017
Ransomware Strikes Kiosks at South Korean LG Service Centerswww.tripwire.com8/17/2017
Drone-maker DJI's Go app contains naughty Javascript hot-patching frameworkwww.theregister.co.uk8/15/2017
'Cyber vulnerabilities' prompt US Army to ban 'all use' of DJI droneswww.theregister.co.uk8/4/2017
Two Popular IP Cameras Riddled With Vulnerabilitiesthreatpost.com8/3/2017
The $10 Hardware Hack the Wrecks IOT Securitywww.wired.com7/29/2017
Adobe will kill Flash by 2020: No more updates, support, tears, pain...www.theregister.co.uk7/27/2017
Tor Project Opens Bounty Program To All Researchersthreatpost.com7/20/2017
Thieves find a new way to hack and steal Teslaswww.scmagazine.com7/19/2017
Windows, Linux distros, macOS pay for Kerberos 21-year-old 'cryptographic sin'www.zdnet.com7/14/2017
Hacker Took Over Dark Web Hosting Provider by Exploiting “Major Security Vulnerability”www.tripwire.com7/12/2017
Hackers are using this new attack method to target power companieswww.zdnet.com7/10/2017
How the CopyCat malware infected Android devices around the worldblog.checkpoint.com7/6/2017
Virgin Media tells 800,000 customers to change passwords after routers found vulnerable to hackerswww.zdnet.com6/23/2017
Microsoft extends the Microsoft Edge Bounty Programwww.helpnetsecurity.com6/22/2017
The Microsoft security hole at the heart of Russian election hackingwww.computerworld.com6/20/2017
The Stack Clashblog.qualys.com6/19/2017
Microsoft Master File Table bug exploited to BSOD Windows 7, 8.1www.theregister.co.uk5/29/2017
Sixth-grader weaponizes smart teddy bear, hacks security audience's Bluetoothwww.networkworld.com5/17/2017
WordPress announces bug bounty programwww.helpnetsecurity.com5/17/2017
Cryptocurrency miner Adylkuzz attack could be bigger than WannaCrywww.scmagazine.com5/16/2017
Shadow Brokers boasts of more Windows exploits and cyberespionage datawww.computerworld.com5/16/2017
Millions and millions of computers still run Windows XP. And they’re all in big troublewww.wired.com5/14/2017
HP pushes out fix for keylogging audio driver in its laptopswww.helpnetsecurity.com5/12/2017
ASUS Patches RT Router Vulnerabilitiesthreatpost.com5/11/2017
Criminals are Now Exploiting SS7 Flaws to Hack Smartphone Two-Factor Authentication Systemswww.schneier.com5/10/2017
Cloudflare Launches Service to Protect IoT Deviceswww.securityweek.com5/1/2017
DoD Launches "Hack the Air Force" Bug Bounty Programwww.securityweek.com4/27/2017
HipChat Implements Partial Password Reset Due to Security Incidentwww.tripwire.com4/25/2017
Users tell Microsoft to scrap 'pain in butt' Security Update Guide, bring back old bulletinswww.zdnet.com4/25/2017
Script kiddies pwn 1000s of Windows boxes using leaked NSA hack toolswww.theregister.co.uk4/21/2017
Linksys Smart Wi-Fi routers full of flaws, but temporary fix is availablewww.helpnetsecurity.com4/20/2017
Hajime worm battles Mirai for control of the Internet of Thingswww.symantec.com4/18/2017
Microsoft confirms it's patched most of the NSA's Windows exploitswww.computerworld.com4/17/2017
Exploit Kit Activity Quiets, But Is Far From Silentthreatpost.com4/14/2017
Microsoft fixes 45 flaws, including three actively exploited vulnerabilitieswww.networkworld.com4/12/2017
SAP closes critical vulnerability affecting TREXwww.helpnetsecurity.com4/12/2017
Adobe Releases Security Updateswww.us-cert.gov4/11/2017
Critical Office Zero-Day Exploited in Attackswww.securityweek.com4/10/2017
'Amnesia' IoT botnet feasts on year-old unpatched vulnerabilitywww.theregister.co.uk4/7/2017
Cisco Releases Security Updates (mobility and wireless products)www.us-cert.gov4/6/2017
Apache Struts 2 exploit allows ransomware on serverswww.computerworld.com4/6/2017
Flatbed scanners are latest cyberattack vectorwww.networkworld.com4/6/2017
Total-Takeover iPhone Spyware Lurks on Android, Toowww.wired.com4/6/2017
Splunk Patches Information Theft and XSS Flawswww.securityweek.com4/3/2017
Windows zero-day affects 600,000 older servers, but likely won't be patchedwww.zdnet.com3/30/2017
VMware Patches Flaws Disclosed at Pwn2Ownwww.securityweek.com3/29/2017
Ransom scam exploits Apple iOS Safari flaw to target porn viewerswww.zdnet.com3/28/2017
Apple Releases Multiple Security Updateswww.us-cert.gov3/27/2017
Apple Updates iTunes to Patch SQLite, Expat Flawswww.securityweek.com3/27/2017
Malware That Targets Both Microsoft, Apple Operating Systems Foundthreatpost.com3/23/2017
Java and Flash top list of most outdated programs on users’ PCswww.helpnetsecurity.com3/23/2017
LastPass fixes serious password leak flawswww.computerworld.com3/22/2017
Cisco Releases Security Updateswww.us-cert.gov3/22/2017
Cisco issues critical warning after CIA WikiLeaks dump bares IOS security weaknesswww.computerworld.com3/21/2017
Vulnerability Disclosed in Ubquiti Networks Admin Interfacewww.computerworld.com3/17/2017
Intel Launches Its First-Ever Bug Bounty Programwww.tripwire.com3/17/2017
Cisco security advisory dump finds 20 warnings, 2 criticalwww.networkworld.com3/16/2017
D-Link DIR-130 and DIR-330 routers vulnerablewww.scmagazine.com3/16/2017
Another Old Flaw Patched in Linux Kernelwww.securityweek.com3/16/2017
Malicious uploads allowed hijacking of WhatsApp and Telegram accountswww.computerworld.com3/15/2017
JSON Libraries Patched Against Invalid Curve Crypto Attackthreatpost.com3/15/2017
Adobe Releases Security Updates (APSB17-07 and APSB17-08)www.us-cert.gov3/14/2017
Massive Microsoft Patch Tuesday Security Update for Marchblog.qualys.com3/14/2017
185,000+ vulnerable Wi-Fi cameras just waiting to be hijackedwww.helpnetsecurity.com3/9/2017
Hackers exploit Apache Struts vulnerability to compromise corporate web serverswww.computerworld.com3/9/2017
Google Releases Security Update for Chromewww.us-cert.gov3/9/2017
Attacks Heating Up Against Apache Struts 2 Vulnerabilitythreatpost.com3/9/2017
WordPress 4.7.3 Patches Half-Dozen Vulnerabilitiesthreatpost.com3/7/2017
Unpatched Western Digital Bugs Leave NAS Boxes Open to Attackthreatpost.com3/7/2017
Android gets patches for critical OpenSSL, media server and kernel driver flawswww.computerworld.com3/7/2017
Leaked: Docs cataloguing CIA’s frightening hacking capabilitieswww.helpnetsecurity.com3/7/2017
Google, Microsoft increase bug bountieswww.helpnetsecurity.com3/6/2017
Expanding protection for Chrome users on macOSsecurity.googleblog.com3/1/2017
WordPress Plugin With 1 Million Installs Has Critical Flawwww.securityweek.com3/1/2017
Infosec white-coats: Robots are riddled with software security bugswww.theregister.co.uk3/1/2017
Stuffed toys database left personal data exposed, says security expertwww.zdnet.com2/28/2017
RATANKBA: Delving into Large-scale Watering Holes against Enterprisesblog.trendmicro.com2/27/2017
Google releases details, PoC exploit code for IE, Edge flawwww.helpnetsecurity.com2/27/2017
CloudFlare Patched Parser Bug that Leaked Private Informationwww.tripwire.com2/24/2017
D-Link Patches Serious Flaws in DGS-1510 Switcheswww.securityweek.com2/24/2017
Google discloses unpatched IE flaw after Patch Tuesday delaywww.computerworld.com2/24/2017
Removing admin rights mitigates most critical Microsoft vulnerabilitieswww.helpnetsecurity.com2/23/2017
Intel didn't tell CERTS, govs, about Meltdown and Spectre because they couldn't help fix itwww.theregister.co.uk2/23/2017
Netflix treats security ills with Stethoscope: Open-source self-probing toolwww.theregister.co.uk2/22/2017
Microsoft pushes out patches for critical Flash Player vulnerabilitieswww.helpnetsecurity.com2/22/2017
OpenSSL Update Fixes High-Severity DoS Vulnerabilitythreatpost.com2/21/2017
Java, Python bugs allow attackers to circumvent firewallswww.zdnet.com2/21/2017
OpenSSL Releases Security Updatewww.us-cert.gov2/16/2017
Adobe Releases Security Updateswww.us-cert.gov2/15/2017
Cisco Releases Security Updatewww.us-cert.gov2/15/2017
Cybersecurity alliance promoting intel-sharing seeks to expandwww.computerworld.com2/14/2017
Thousands of Hadoop clusters still not being secured against attackswww.scmagazine.com2/10/2017
Recent WordPress vulnerability used to deface 1.5 million pageswww.networkworld.com2/10/2017
Enhanced Analysis of GRIZZLY STEPPEwww.us-cert.gov2/10/2017
Intel Security Launches ‘Threat Landscape Dashboard’securingtomorrow.mcafee.com2/10/2017
How IoT hackers turned a university's network against itselfwww.zdnet.com2/10/2017
F5's Big-IP leaks little chunks of memory, even SSL session IDswww.theregister.co.uk2/9/2017
ISC Releases Security Updates for BINDwww.us-cert.gov2/8/2017
Popular iOS Apps Vulnerable to TLS Interception Attacksthreatpost.com2/7/2017
Hacker stackoverflowin pwning printers, forcing rogue botnet warning print jobswww.networkworld.com2/5/2017
Microsoft likely to fix Windows SMB denial-of-service flaw on Patch Tuesdaywww.computerworld.com2/3/2017
WordPress kept users and hackers in the dark while secretly fixingwww.helpnetsecurity.com2/2/2017
Security flaws in Pentagon systems "easily" exploited by hackerswww.zdnet.com2/1/2017
Easy-to-exploit authentication bypass flaw puts Netgear routers at riskwww.computerworld.com1/31/2017
Cisco starts patching critical flaw in WebEx browser extensionwww.computerworld.com1/27/2017
"Charger" ransomware removed from Google Playwww.scmagazine.com1/27/2017
WordPress Releases Security Update (4.7.2)wordpress.org1/26/2017
Firefox 51 starts flagging HTTP login pages as insecurewww.helpnetsecurity.com1/25/2017
Linux nasty kicks weak, hacked gadgets when they're already downwww.theregister.co.uk1/25/2017
Cisco Releases Security Updateswww.us-cert.gov1/25/2017
Google Releases Security Updates for Chrome (56.0.2924.76)www.us-cert.gov1/25/2017
Cisco WebEx extension opens Chrome users to drive-by malware attackswww.helpnetsecurity.com1/24/2017
Apple quashes bugs in iOS, macOS and Safariwww.computerworld.com1/23/2017
Hack the Army Bounty Pays Out $100,000; 118 Flaws Fixedthreatpost.com1/20/2017
Want to crash anyone's iPhone? Send this textwww.computerworld.com1/19/2017
Android Scoring System Roots Out Malicious, Harmful Appsthreatpost.com1/19/2017
Insecure Hadoop installs next in 'net scum crosshairswww.theregister.co.uk1/19/2017
Oracle's monster security update: 270 fixes and over 100 remotely exploitable flawswww.zdnet.com1/18/2017
McDonald's Website Flaws Allow Phishing Attackswww.securityweek.com1/17/2017
Hacker says he can get phone numbers on Facebook which are not supposed to be publicwww.computerworld.com1/16/2017
Critical flaw lets hackers take control of Samsung SmartCam cameraswww.computerworld.com1/16/2017
New RIG Campaign Distributes Cerber Ransomwarewww.securityweek.com1/15/2017
WhatsApp vulnerability could expose messages to prying eyes, report claimswww.greenbot.com1/13/2017
Microsoft slates end to security bulletins in Februarywww.computerworld.com1/13/2017
ISC Releases Security Updates for BINDwww.us-cert.gov1/11/2017
Microsoft Releases January 2017 Security Bulletinwww.us-cert.gov1/10/2017
Adobe Releases Security Updates (APSB17-01 and APSB17-02)www.us-cert.gov1/10/2017
The FTC IoT security case against D-Link is a test of powerwww.computerworld.com1/6/2017
Malware uses denial-of-service attack in attempt to crash Macswww.zdnet.com1/6/2017
IoT is the Weakest Link for Attacking the Cloudblog.fortinet.com1/5/2017
FTC sets $25,000 prize for automatic IoT patchingwww.computerworld.com1/4/2017
Google Patches 29 Critical Android Vulnerabilities Including Holes in Mediaserver, Qualcommthreatpost.com1/4/2017
PHPMailer, SwiftMailer Updates Resolve Critical Remote Code Execution Vulnerabilitiesthreatpost.com12/29/2016
Critical flaw in PHPMailer library puts millions of websites at riskwww.computerworld.com12/28/2016
Airline booking software vulnerable to cyberattack, reportwww.scmagazine.com12/28/2016
Mozilla Releases Security Update (Thunderbird 45.6)www.us-cert.gov12/28/2016
Android Trojan Performs DNS Hijacking Attacks against Wireless Routerswww.tripwire.com12/28/2016
VMware removes hard-coded root access key from vSphere Data Protectionwww.networkworld.com12/21/2016
Evolved DNSChanger malware slings evil ads at PCs, hijacks routerswww.theregister.co.uk12/20/2016
Project Wycheproofsecurity.googleblog.com12/19/2016
Serious Ubuntu Linux desktop bugs found and fixedwww.zdnet.com12/18/2016
Apple's macOS file encryption can be bypassed without latest fixeswww.computerworld.com12/16/2016
Latest Intelligence for November 2016www.symantec.com12/14/2016
‘SSL Death Alert’ (CVE-2016-8610) Can Cause Denial of Service to OpenSSL Serverssecuringtomorrow.mcafee.com12/13/2016
More Android-powered devices found with Trojans in their firmwarewww.helpnetsecurity.com12/13/2016
Netgear starts patching routers affected by a critical flawwww.computerworld.com12/13/2016
Microsoft Releases December 2016 Security Bulletin (MS16-144 through MS16-155)www.us-cert.gov12/13/2016
Adobe Patches 31 Vulnerabilities, Flash Zero-Day Under Attackthreatpost.com12/13/2016
Apple Fixes 12 Vulnerabilities in iOS 10.2threatpost.com12/12/2016
McAfee Releases Security Bulletin for Virus Scan Enterprise (SB10181)www.us-cert.gov12/12/2016
Critical flaw opens Netgear routers to hijackingwww.helpnetsecurity.com12/12/2016
Three serious Linux kernel security holes patchedwww.zdnet.com12/9/2016
Google patches Dirty Cow vulnerability in latest Android security updatewww.zdnet.com12/6/2016
Sony kills off secret backdoor in 80 internet-connected CCTV modelswww.theregister.co.uk12/6/2016
Firefox 0-day exploited in the wild to unmask Tor userswww.helpnetsecurity.com11/30/2016
Mozilla Releases Security Update (50.0.1)www.us-cert.gov11/28/2016
Great. Now Even Your Headphones Can Spy on Youwww.wired.com11/22/2016
WordPress Plugins Leave Black Friday Shoppers Vulnerablethreatpost.com11/22/2016
Vulnerabilities Identified in Network Time Protocol Daemon (ntpd)www.us-cert.gov11/21/2016
Android banking malware whitelists itself to stay connected with attackerswww.symantec.com11/17/2016
CryptoLuck Ransomware Infects Victims Using Signed GoogleUpdate.exewww.tripwire.com11/16/2016
Symantec Releases Security Updates (SYM16-020)www.us-cert.gov11/15/2016
Mozilla Releases Security Updateswww.us-cert.gov11/15/2016
Researchers reveal WiFi-based mobile password discovery attackwww.helpnetsecurity.com11/14/2016
Microsoft patches 68 vulnerabilities, two actively exploited oneswww.computerworld.com11/9/2016
Bug in Chrome for mobile exploited for drive-by Android malware downloadswww.helpnetsecurity.com11/8/2016
Clever Gmail Hack Let Attackers Take Over Accountsthreatpost.com11/8/2016
Update your Belkin WeMo devices before they become botnet zombieswww.computerworld.com11/7/2016
Exposing voting machine vulnerabilitieswww.helpnetsecurity.com11/7/2016
Microsoft extends support for EMET, but its days are numberedwww.helpnetsecurity.com11/4/2016
An IoT Nightmare! Attackers Can Spoof Smart Webcam that Leaks Passwordswww.tripwire.com11/3/2016
Cisco Patches Critical Bugs in 900 Series Routers, Prime Home Serverthreatpost.com11/3/2016
Sundown Exploit Kit ‘Larger Threat Than People Realize’threatpost.com11/2/2016
ISC Releases Security Updates for BINDwww.us-cert.gov11/1/2016
Joomla websites attacked en masse using recently patched exploitswww.computerworld.com10/31/2016
Disclosing vulnerabilities to protect userssecurity.googleblog.com10/31/2016
New code injection attack works on all Windows versionswww.helpnetsecurity.com10/28/2016
Flash Player zero-day being exploited in targeted attackswww.symantec.com10/27/2016
Windows security: Google flags up new critical Adobe Flash Player flawwww.zdnet.com10/27/2016
Adobe Releases Security Update (for Flash Player)www.us-cert.gov10/26/2016
Major Vulnerability Found In Schneider Electric Unity Prothreatpost.com10/26/2016
DDoS attack on Dyn came from 100,000 infected deviceswww.computerworld.com10/26/2016
Friday's IoT-based DDoS attack has security experts worriedwww.computerworld.com10/25/2016
Are Mirai DDoS attacks a wake-up call for IoT industry?www.scmagazine.com10/24/2016
Apple Releases Security Updates (iOS, watchOS, tvOS, Safari, and macOS Sierra)www.us-cert.gov10/24/2016
Mirai-Fueled IoT Botnet Behind DDoS Attacks on DNS Providersthreatpost.com10/22/2016
Serious Dirty Cow Linux Vulnerability Under Attackthreatpost.com10/21/2016
Mobile Applications Leak Device, Location Datathreatpost.com10/20/2016
ISC Releases Security Advisory (vulnerability in versions of BIND software)www.us-cert.gov10/20/2016
Windows Zero-Day Exploited by "FruityArmor" APT Groupwww.securityweek.com10/20/2016
Oracle fixes 100s of vulnerabilities that put enterprise data at riskwww.computerworld.com10/19/2016
Flaw in Intel CPUs could help attackers defeat ASLR exploit defensewww.networkworld.com10/19/2016
Sierra Wireless Warns Cellular Data Gear Targeted by Mirai Malwarethreatpost.com10/17/2016
Microsoft Patches 4 Vulnerabilities Exploited in the Wildwww.securityweek.com10/12/2016
A SSHowDowN in security: IoT devices enslaved through 12 year old flawwww.zdnet.com10/12/2016
Systemd and Ubuntu users urged to update to patch Linux flawswww.scmagazine.com10/11/2016
Adobe Fixes 81 Vulnerabilities in Acrobat, Reader, Flashthreatpost.com10/11/2016
Microsoft fleshes out seismic change to Windows patchingwww.computerworld.com10/10/2016
MITRE Offers $50,000 for Rogue IoT Device Detectionwww.securityweek.com10/10/2016
Attackers Modifying Core WordPress Files to Redirect Visitors to Spamwww.tripwire.com10/6/2016
Insulin pump vulnerabilities could lead to overdosewww.zdnet.com10/5/2016
Cisco Releases Security Updateswww.us-cert.gov10/5/2016
SANS issues call to arms to battle IoT botnetswww.theregister.co.uk10/4/2016
Samsung Knox flaws open unpatched devices to compromisewww.helpnetsecurity.com10/4/2016
IoT botnet highlights the dangers of default passwordswww.computerworld.com10/3/2016
Multiple zero-day flaws found in EMC storage systemswww.zdnet.com10/3/2016
Hack Crashes Linux Distros with 48 Characters of Codethreatpost.com10/3/2016
$1.5 Million Reward Announced for Remote Jailbreak of iOS 10www.tripwire.com9/30/2016
Sensitive US health and drug data left exposed by dozens of FDA security flawswww.zdnet.com9/30/2016
Cisco Releases Security Updateswww.us-cert.gov9/28/2016
Tesla introduces code signing to harden their cars’ securitywww.helpnetsecurity.com9/28/2016
Tesla Responds to Chinese Hack With a Major Security Upgradewww.wired.com9/27/2016
152k cameras in 990Gbps record-breaking dual DDoSwww.theregister.co.uk9/27/2016
Scammers spoof TaiG, offer fake iOS jailbreakwww.symantec.com9/26/2016
Thousands of Cisco devices still at risk of unpatched NSA zero-day flawswww.zdnet.com9/26/2016
OpenSSL patches 14 vulns, including high-severity flaw that can be exploited for DoS attackswww.scmagazine.com9/25/2016
OpenSSL swats a dozen bugs, one notable nastywww.theregister.co.uk9/23/2016
Hardware Hack Bypasses iPhone PIN Security Counterblogs.mcafee.com9/22/2016
More than 840,000 Cisco devices are vulnerable to NSA-related exploitwww.computerworld.com9/21/2016
Chinese researchers hijack Tesla cars from afarwww.helpnetsecurity.com9/20/2016
Student cybervandal earns $300,000 for hacking US Airlinesnakedsecurity.sophos.com9/20/2016
Flaw Allowed Hackers to Hijack Facebook Pageswww.securityweek.com9/20/2016
Cisco discloses PIX firewall, IOS software security holeswww.networkworld.com9/19/2016
ICS-CERT warns of remotely exploitable power meter flawswww.helpnetsecurity.com9/16/2016
Adobe fixes critical flaws in Flash Player and Digital Editionswww.computerworld.com9/14/2016
Microsoft releases one of its biggest security updates this yearwww.computerworld.com9/14/2016
SOHOpeless Seagate NAS boxen become malware distributorswww.theregister.co.uk9/12/2016
Critical MySQL Vulnerability Disclosedthreatpost.com9/12/2016
WordPress Releases Security Update (4.6.1)www.us-cert.gov9/7/2016
Google Shuts Down Potentially Massive Android Bugthreatpost.com9/7/2016
Google's 3-level Android patch may cause confusionwww.computerworld.com9/6/2016
Yelp Launches Public Bug Bountythreatpost.com9/6/2016
Nullbyte ransomware going after Pokemon Go playerswww.scmagazine.com9/2/2016
Go Update OS X and Safari Right Nowwww.wired.com9/2/2016
Microsoft bug bounty program adds .NET Core and ASP.NET Corewww.computerworld.com9/2/2016
Apple Issues Critical Updates for Spyware Flaws in Mac OS X, Safariwww.tripwire.com9/2/2016
Patched ColdFusion Flaw Exposes Applications to Attackthreatpost.com9/1/2016
Google Chrome starts blocking Flash tracking for better battery life and performancewww.zdnet.com9/1/2016
BASHLITE Family Of Malware Infects 1 Million IoT Devicesthreatpost.com8/30/2016
Kaspersky patches DoS and kernel flaws affecting driverswww.scmagazine.com8/29/2016
Cisco starts publishing fixes for EXTRABACON exploitwww.helpnetsecurity.com8/29/2016
Mozilla launches free website security scanning servicewww.computerworld.com8/26/2016
Apple Issues Emergency Fix for iOS Zero-Days: What You Need to Knowwww.securityweek.com8/26/2016
Trident: Trio of iOS zero-days being exploited in the wildwww.symantec.com8/26/2016
Apple Releases Security Update (iOS 9.3.5)www.us-cert.gov8/25/2016
Ransomware rise, email scams spread, Flash & IOT vulnerabilities upwww.scmagazine.com8/23/2016
Four in five Android devices inherit Linux snooping flawwww.theregister.co.uk8/22/2016
Vulnerable smart home IoT sockets let hackers access your email accountwww.zdnet.com8/18/2016
Unsecured DNSSEC Easily Weaponized, Researchers Warnthreatpost.com8/18/2016
Cisco Confirms Two Exploits Found in Shadow Brokers’ Data Dumpwww.tripwire.com8/18/2016
Browser Address Bar Spoofing Vulnerability Disclosedthreatpost.com8/17/2016
SQL Injection Vulnerability in Ninja Formsblog.sucuri.net8/16/2016
Vawtrak Banking Trojan Adds DGA, SSL Pinningthreatpost.com8/16/2016
Attackers can hijack unencrypted web traffic of 80% of Android userswww.helpnetsecurity.com8/16/2016
Android malvertising campaign discovered delivering Svpeng Trojan through AdSensewww.scmagazine.com8/15/2016
Undocumented SNMP String Exposes Rockwell PLCs to Remote Attacksthreatpost.com8/12/2016
Samsung releases Galaxy S6 Edge update, includes patch for a critical security vulnerabilitywww.scmagazine.com8/12/2016
Bluetooth Hack Leaves Many Smart Locks, IoT Devices Vulnerablethreatpost.com8/11/2016
Linux TCP flaw lets 'anyone' hijack Internet trafficwww.zdnet.com8/11/2016
A New Wireless Hack Can Unlock 100 Million Volkswagenswww.wired.com8/10/2016
Microsoft Secure Boot key debacle causes security panicwww.zdnet.com8/10/2016
Microsoft Releases August 2016 Security Bulletinwww.us-cert.gov8/9/2016
Vulnerabilities Found in Several Fortinet Productswww.securityweek.com8/9/2016
iOS 9.3.4 released, fixing critical security hole. Update nowwww.hotforsecurity.com8/5/2016
VMware Releases Security Update (VMSA-2016-0010)www.us-cert.gov8/5/2016
Apple Releases Security Update (iOS 9.3.4)www.us-cert.gov8/5/2016
Apple Announces Bug Bounty Program with Maximum Reward of $200Kwww.tripwire.com8/5/2016
HEIST attack on SSL/TLS can grab personal info, Black Hatwww.scmagazine.com8/4/2016
Hackers Can Intercept HTTPS URLs via Proxy Attackswww.securityweek.com7/29/2016
Protecting Android with more Linux kernel defensessecurity.googleblog.com7/27/2016
Explo-Xen! Bunker buster bug breaks out guests from hypervisorwww.theregister.co.uk7/27/2016
Another media-stealing app found on Google Playwww.symantec.com7/27/2016
Zero-day hole can pwn millions of LastPass users, all that's needed is a malicious sitewww.theregister.co.uk7/27/2016
KeySniffer Vulnerability Opens Wireless Keyboards to Snoopingthreatpost.com7/26/2016
Critical Flaws Found in Enterprise File Sharing Tool Filrwww.securityweek.com7/25/2016
Google Releases Security Update for Chrome (version 52.0.2743.82)www.us-cert.gov7/21/2016
Stagefright-like Bug Affects iPhones and Macs, Warns Security Researcherwww.tripwire.com7/21/2016
Firefox to Block Flash in August, Disable in 2017threatpost.com7/21/2016
Apple patches remote code execution flawswww.scmagazine.com7/20/2016
Oracle Releases Security Bulletin (July 2016)www.us-cert.gov7/19/2016
Compromised Joomla sites are foisting ransomware on visitorswww.helpnetsecurity.com7/18/2016
Flaw in vBulletin add-on leads to Ubuntu Forums database breachwww.networkworld.com7/18/2016
Juniper Crypto Bug Lets Attackers Eavesdrop on Router, Switch Trafficthreatpost.com7/15/2016
Cisco Releases Security Updates (for router and conferencing server software)www.us-cert.gov7/14/2016
Chrysler Launches Detroit’s First ‘Bug Bounty’ for Hackerswww.wired.com7/13/2016
Intel Patches Local EoP Vulnerability Impacting Windows 7threatpost.com7/13/2016
Microsoft Releases Security Updates (MS16-JUL)www.us-cert.gov7/12/2016
Adobe Releases Security Updates (APSB16-24, APSB16-25, and APSB16-26)www.us-cert.gov7/12/2016
Two Zero-Day Vulnerabilities Found in BMW Web Applicationswww.tripwire.com7/8/2016
Firmware exploit can defeat new Windows security features on Lenovo ThinkPadswww.computerworld.com7/3/2016
Satana ransomware encrypts user files and master boot recordwww.computerworld.com7/1/2016
Android Malware Targets Europe via Smishing Campaignswww.securityweek.com6/28/2016
New exploits target hospital devices, places patients at riskwww.zdnet.com6/27/2016
Security Holes Found in Widely-Used File Compression Library, Leaving Other Products Dangerously Exposedwww.tripwire.com6/23/2016
Severe Swagger vulnerability compromises NodeJS, PHP, Javawww.zdnet.com6/23/2016
WordPress Releases Security Update (4.5.3)www.us-cert.gov6/22/2016
BadTunnel flaw affects every Windows OSwww.scmagazine.com6/20/2016
Google Releases Security Update for Chromewww.us-cert.gov6/17/2016
Adobe Releases Security Updates (APSB16-18 and APSB16-23)www.us-cert.gov6/16/2016
VMware Releases Security Updates (VMSA-2016-0009)www.us-cert.gov6/15/2016
Cisco Releases Security Updateswww.us-cert.gov6/15/2016
D-Link Patches Weak Crypto in mydlink Devicesthreatpost.com6/14/2016
VMware Releases Security Updates (NSX, vCNS and vRealize Log Insight)www.us-cert.gov6/10/2016
Chrome Flaw Allowed Hackers to Run Malicious Code via PDFswww.securityweek.com6/9/2016
CryptXXX Ransomware Jumps From Angler to Neutrino Exploit Kitthreatpost.com6/9/2016
Symantec Releases Security Updates (SYM16-009)www.us-cert.gov6/7/2016
Mozilla Releases Security Updates (Firefox, Firefox ESR, and NSS 2016-62)www.us-cert.gov6/7/2016
Researchers hack the Mitsubishi Outlander SUV, shut off alarm remotelywww.helpnetsecurity.com6/6/2016
Latest Android Security Bulletin Heavy on Critical Qualcomm Flawsthreatpost.com6/6/2016
WordPress Patches Zero Day in WP Mobile Detector Pluginthreatpost.com6/3/2016
Vulnerabilities Identified in Network Time Protocol Daemon (ntpd)www.us-cert.gov6/3/2016
Lenovo begs users to uninstall Accelerator app in the name of securitywww.zdnet.com6/2/2016
Jetpack plug-in for WordPress vulnerable to XSSwww.scmagazine.com6/1/2016
How the Top 5 PC Makers Open Your Laptop to Hackerswww.wired.com5/31/2016
Homeland Security warns thousands of industrial energy systems can be remotely hackedwww.zdnet.com5/30/2016
Security Advisory: Stored XSS in Jetpackblog.sucuri.net5/27/2016
A recently patched Flash Player exploit is being used in widespread attackswww.computerworld.com5/23/2016
Worm infects unpatched Ubiquiti wireless deviceswww.networkworld.com5/20/2016
Cisco Patches Serious Flaws in Web Security Appliancewww.securityweek.com5/19/2016
Apple Patches DROWN, Lockscreen Bypass Vulnerability, With Latest Round of Updatesthreatpost.com5/17/2016
Symantec Releases Security Updatewww.us-cert.gov5/16/2016
Vietnam's Tien Phong Bank says it was second bank hit by SWIFT cyberattackwww.cnbc.com5/15/2016
Flash Player update fixes zero-day vulnerability and 24 other critical flawswww.networkworld.com5/13/2016
Compression tool 7-Zip pwned, pain flows to top security, software toolswww.theregister.co.uk5/12/2016
Hackers exploit unpatched Flash Player vulnerability, Adobe warnswww.computerworld.com5/11/2016
Hackers hijack websites by uploading photoswww.zdnet.com5/10/2016
Six-year-old patched Stuxnet hole still the web's biggest killerwww.theregister.co.uk5/9/2016
Aruba fixes networking device flawswww.computerworld.com5/9/2016
WordPress 4.5.2 Security Releasewordpress.org5/6/2016
Cisco Releases Security Updateswww.us-cert.gov5/4/2016
SmartThings Flaws Expose Smart Homes to Hacker Attackswww.securityweek.com5/3/2016
OpenSSL Releases Security Updateswww.us-cert.gov5/3/2016
Apple Releases Security Updatewww.us-cert.gov5/3/2016
Google Releases Security Update for Chromewww.us-cert.gov4/28/2016
Facebook bug hunter finds a back door left by hackers on corporate serverwww.computerworld.com4/22/2016
Oracle releases 136 security patches for wide range of productswww.networkworld.com4/20/2016
Federal cyber team tells Windows users to quit QuickTimewww.computerworld.com4/18/2016
‘Badlock’ Bug Tops Microsoft Patch Batchkrebsonsecurity.com4/13/2016
Adobe to issue emergency patch for Flash vulnerabilitywww.networkworld.com4/11/2016
Click-Fraud Ramdo Malware Family Continues to Plague Usersresearchcenter.paloaltonetworks.com4/11/2016
Adobe fixes 24 vulnerabilities in Flash Player, including an actively exploited onewww.computerworld.com4/8/2016
Cisco Releases Critical Security Updateswww.securityweek.com4/8/2016
Over 135 million modems vulnerable to denial-of-service flawwww.zdnet.com4/8/2016
Apple fixes iPhone passcode bypass flaw server-side, without having to push out an updatewww.tripwire.com4/7/2016
Black hat SEO campaign targets WordPress and Joomla installationswww.helpnetsecurity.com4/5/2016
New Ransomware KimcilWare Targets Magento Websitesthreatpost.com4/1/2016
Vulnerabilities Discovered in U.S. State Department’s Visa Databasewww.tripwire.com4/1/2016
Your Linux-based home router could succumb to a new Telnet worm, Remaitenwww.computerworld.com3/31/2016
TREASUREHUNT: A Custom POS Malware Toolwww.fireeye.com3/28/2016
Oracle Releases Security Update for Java SEwww.us-cert.gov3/24/2016
Google Releases Security Update for Chromewww.us-cert.gov3/24/2016
Apple updates its products, fixes iMessages zero-daywww.helpnetsecurity.com3/22/2016
LastPass extensions can be made to cough up passwords, deliver malwarewww.helpnetsecurity.com3/22/2016
Google warns of Android flaw used to gain root access to deviceswww.networkworld.com3/22/2016
Microsoft adds OneDrive to bug bounty programwww.theregister.co.uk3/20/2016
MITRE piloting improved CVE vulnerability reporting, tracking systemwww.scmagazine.com3/18/2016
AMP Threat Grid Renews the Support of Law Enforcementblogs.cisco.com3/17/2016
VMware patches severe XSS flaws in vRealize softwarewww.zdnet.com3/17/2016
Two-year-old Java flaw re-emerges due to broken patchwww.computerworld.com3/11/2016
Citrix Releases Security Updatewww.us-cert.gov3/10/2016
Flash Player Update Patches 18 Remote Code Execution Flawsthreatpost.com3/10/2016
Google Releases Security Update for Chromewww.us-cert.gov3/8/2016
Cisco Fixes Another Default, Static Password Flawthreatpost.com3/3/2016
Baidu Browser transmitting IMEI, location, URLs visited, CPU model number: Citizen Labwww.zdnet.com2/24/2016
Attackers can turn Microsoft's exploit defense tool EMET against itselfwww.computerworld.com2/24/2016
Drupal Releases Security Updateswww.us-cert.gov2/24/2016
Stack-based buffer overflow bug found in glibcwww.scmagazineuk.com2/18/2016
Research: Attackers Drained $103,000 Out of Bitcoin Wallets Protected by Passwordswww.tripwire.com2/16/2016
Patch Tuesday February 2016blog.qualys.com2/9/2016
Oracle issues emergency patch for Java on Windowswww.theregister.co.uk2/8/2016
WordPress 4.4.2 Security and Maintenance Releasewordpress.org2/2/2016
Massive Admedia/Adverting iFrame Infectionblog.sucuri.net2/1/2016
Cisco patches authentication, denial-of-service, NTP flaws in many productswww.computerworld.com1/29/2016
Vulnerability Note VU#257823: OpenSSL re-uses unsafe prime numbers in Diffie-Hellman protocolwww.kb.cert.org1/28/2016
The Upcoming Death of the Java Plugin has been Announced. No Flowers Pleasewww.tripwire.com1/28/2016
Samsung security update fixes critical bugs hidden in Galaxy devices, Android OSwww.scmagazine.com1/27/2016
Apple Fixes Multiple Vulnerabilities in tvOS Security Update 9.1.1www.tripwire.com1/26/2016
Hard-Coded Password Found in Lenovo File-Sharing Appthreatpost.com1/25/2016
Update your iPhone to stop free Wi-Fi networks stealing your logins!nakedsecurity.sophos.com1/21/2016
Hack Brief: Years-Old Linux Bug Exposes Millions of Deviceswww.wired.com1/20/2016
Google Releases Security Update for Chromewww.us-cert.gov1/20/2016
Cisco Releases Security Updateswww.us-cert.gov1/20/2016
Oracle releases a record 248 patcheswww.computerworld.com1/19/2016
Microsoft: Windows 7 in 2017 is so outdated that patches can't keep it securewww.zdnet.com1/17/2016
Researcher finds fault in Apple's Gatekeeper patchwww.networkworld.com1/15/2016
Microsoft Releases January 2016 Security Bulletinwww.us-cert.gov1/12/2016
Trend Micro patched flaws would let hackers execute malicious codewww.scmagazine.com1/12/2016
GM Vulnerability Disclosure Program Lacks Rewardsthreatpost.com1/11/2016
Google fixes dangerous rooting vulnerabilities in Androidwww.computerworld.com1/5/2016
Xfinity’s Security System Flaws Open Homes to Thieveswww.wired.com1/5/2016
BlackEnergy drains files from Ukraine media, energy organisationswww.theregister.co.uk1/4/2016
Travel booking systems ‘wide open’ to abuse – reportwww.theregister.co.uk1/4/2016
Adobe Releases Security Updates for Flash Playerwww.us-cert.gov12/28/2015
Joomla! New Version Fixes Security Flawswww.scmagazine.com12/23/2015
Juniper firewalls compromised by bad code: What you need to knowwww.networkworld.com12/18/2015
SlemBunk: An Evolving Android Trojan Family Targeting Users of Worldwide Banking Appswww.fireeye.com12/17/2015
FireEye flamed: single email allows total network accesswww.theregister.co.uk12/16/2015
Attacks Ramp Up Against Joomla Zero Daythreatpost.com12/15/2015
Cisco patches permission hijacking issue in WebEx Meetings app for Androidwww.computerworld.com12/2/2015
Medical Devices That Are Vulnerable to Life-Threatening Hackswww.wired.com11/24/2015
LinkedIn patches serious persistent XSS vulnerabilitywww.zdnet.com11/20/2015
VMware Releases Security Updateswww.us-cert.gov11/19/2015
TDrop2 Attacks Suggest Dark Seoul Attackers Returnresearchcenter.paloaltonetworks.com11/18/2015
Apache Commons Collections Java Library Vulnerabilitywww.us-cert.gov11/13/2015
Top-ranked Advertising Network Leads to Exploit Kitwww.fireeye.com11/13/2015
Critical flaw patched in Symantec consolewww.scmagazine.com11/11/2015
Microsoft Releases November 2015 Security Bulletinwww.us-cert.gov11/10/2015
Critical Java Bug Extends to Oracle, IBM Middlewarethreatpost.com11/10/2015
All Windows users should patch these two new 'critical' flawswww.zdnet.com11/10/2015
Adobe Releases Security Updates for Flash Playerwww.us-cert.gov11/10/2015
Mozilla Releases Security Updates for Firefox and Firefox ESRwww.us-cert.gov11/4/2015
Hacker claims $1 million iOS 9 exploit bountywww.zdnet.com11/3/2015
Serious Flaws Found in ATMs of German Bankwww.securityweek.com11/2/2015
Baidu Android app component puts 100 million devices at riskwww.computerworld.com11/2/2015
Hackers infect MySQL servers with malware for DDoS attackswww.computerworld.com10/29/2015
DDoS botnet comprised of nearly a thousand CCTV cameraswww.scmagazine.com10/26/2015
Joomla patches serious SQLi flawwww.computerworld.com10/22/2015
Apple Releases Multiple Security Updateswww.us-cert.gov10/21/2015
Cisco Releases Security Updateswww.us-cert.gov10/21/2015
Vulnerabilities Identified in Network Time Protocol Daemon (ntpd)www.us-cert.gov10/21/2015
Thousands of e-commerce Magento websites struck with Guruncsite malwarewww.zdnet.com10/19/2015
Adobe Releases Security Updates for Flash Playerwww.us-cert.gov10/16/2015
Researchers Find 85 Percent of Android Devices Insecurethreatpost.com10/14/2015
Zero-Day in Magento plug-in could allow attacker to steal datawww.scmagazine.com10/14/2015
Microsoft Releases October 2015 Security Bulletinwww.us-cert.gov10/13/2015
Thousands of Zhone SOHO routers can be easily hijackedwww.net-security.org10/12/2015
Potent OWA backdoor scores 11,000 corporate creds from single bizwww.theregister.co.uk10/6/2015
Apple iPhone malware alert: YiSpecter hid in App Store for 10 months [u]www.computerworld.com10/5/2015
Security advisory: Stored XSS in Jetpackblog.sucuri.net10/1/2015
Dridex is Back and Targeting the UKresearchcenter.paloaltonetworks.com10/1/2015
VMware Releases Security Advisorywww.us-cert.gov10/1/2015
Apple Releases Security Updates for OS X El Capitan, Safari, and iOSwww.us-cert.gov9/30/2015
Security updates address vulnerabilities in Cisco IOS softwarewww.scmagazine.com9/25/2015
Google Releases Security Update for Chromewww.us-cert.gov9/25/2015
Change this setting to stop Siri spilling your selfies!nakedsecurity.sophos.com9/24/2015
Malware implants on Cisco routers revealed to be more widespreadwww.computerworld.com9/21/2015
WordPress Malware – Active VisitorTracker Campaignblog.sucuri.net9/18/2015
Bug in iOS and OSX Allows Writing of Arbitrary Files Via AirDropthreatpost.com9/16/2015
Android 5 lock-screens can be bypassed by typing in a reeeeally long password. In 2015www.theregister.co.uk9/16/2015
Attackers install highly persistent malware implants on Cisco routerswww.computerworld.com9/15/2015
Google Android Stagefright flaw exploit code releasedwww.zdnet.com9/10/2015
Cisco applies plaster to email, Web security applianceswww.theregister.co.uk9/10/2015
Mozilla admits bug-tracker breach led to attacks against Firefox userswww.computerworld.com9/5/2015
Remote File Overwrite Vulnerability Patched by Cisco in IMC Supervisor, UCS Directorwww.tripwire.com9/4/2015
Popular Belkin Wi-Fi routers plagued by unpatched security flawswww.computerworld.com9/1/2015
Rocket Kitten APT threat persists after its outingwww.scmagazine.com9/1/2015
Google Releases Security Update for Chromewww.us-cert.gov9/1/2015
CERT warns DSL router users of vulnerabilitywww.scmagazine.com8/28/2015
BitTorrent kills bug that turns networks into a website-slaying weaponwww.theregister.co.uk8/28/2015
Samsung smart fridge leaves Gmail logins open to attackwww.theregister.co.uk8/24/2015
Another Popular Android Application, Another Leakwww.fireeye.com8/19/2015
Dixons Carphone still has 7.5k Windows XP EPOS systemswww.channelregister.co.uk8/18/2015
Microsoft Issues Out-of-band Patch For Internet Explorerblog.trendmicro.com8/18/2015
Google has another try at patching Stagefright flawwww.computerworld.com8/14/2015
Zero-Day Deserialization Vulnerability Affects 55% of Android Deviceswww.tripwire.com8/11/2015
Microsoft Security Bulletin Summary for August 2015technet.microsoft.com8/11/2015
Mozilla Patches Bug Used in Active Attacksthreatpost.com8/10/2015
Darkhotel APT group phases out hotel Wi-Fi infections, brings in Hacking Team zero-daywww.scmagazine.com8/10/2015
Required Group Policy Preference Actions for Microsoft Security Bulletin MS14-025www.us-cert.gov8/7/2015
Android MediaServer Bug Traps Phones in Endless Rebootsblog.trendmicro.com8/4/2015
BIND9 – Denial of Service Exploit in the Wildblog.sucuri.net8/2/2015
Cisco Releases Security Updateswww.us-cert.gov7/31/2015
Hackers Could Heist Semis by Exploiting This Satellite Flawwww.wired.com7/30/2015
Remote denial of service vulnerability exposes BIND serverswww.zdnet.com7/30/2015
Apple Patches ‘High’ Input Validation Vulnerability in iTunes, App Storewww.tripwire.com7/29/2015
Researcher finds several vulnerabilities in PHP File Managerwww.scmagazine.com7/28/2015
Researchers Hack Air-Gapped Computer With Simple Cell Phonewww.wired.com7/27/2015
Valve patches huge password reset hole that allowed anyone to hijack Steam accountswww.computerworld.com7/27/2015
Android Stagefright Flaws Put 950 Million Devices at Riskthreatpost.com7/27/2015
Update: Chrysler recalls 1.4M vehicles after Jeep hackwww.computerworld.com7/24/2015
Internet Explorer Mobile contains four unpatched vulnerabilitieswww.scmagazine.com7/24/2015
Google Patches 43 Bugs in Chromethreatpost.com7/22/2015
Multiple 0-days in Internet Explorercommunity.qualys.com7/22/2015
Microsoft to deliver Advanced Threat Analytics cybersecurity product in Augustwww.zdnet.com7/22/2015
Patch Your Chrysler Now Against a Wireless Hacking Attackwww.wired.com7/21/2015
Patch! Microsoft emits emergency fix for THIRD Hacking Team holewww.theregister.co.uk7/20/2015
Another "Hacking Team" zero-day surfaces - this time in IE, not Flash!nakedsecurity.sophos.com7/15/2015
Hacking Team stealthy spyware rootkit stays entrenched through hard disk removalwww.zdnet.com7/15/2015
Adobe Flash and Microsoft Windows Vulnerabilitieswww.us-cert.gov7/15/2015
Microsoft releases 14 bulletins on Patch Tuesday, ends Windows Server 2003 supportwww.scmagazine.com7/14/2015
Mozilla Disables Flash in Firefoxthreatpost.com7/14/2015
Oracle Releases July 2015 Security Advisorywww.us-cert.gov7/14/2015
Bug in Android ADB Backup System Can Allow Injection of Malicious Appsthreatpost.com7/9/2015
Bug in Android ADB Backup System Can Allow Injection of Malicious Appsthreatpost.com7/9/2015
Security Updates for Node.js and io.jswww.us-cert.gov7/6/2015
Cisco leaves its Unified CDM software open to hackerswww.computerworld.com7/3/2015
Cisco Releases Security Updatewww.us-cert.gov7/1/2015
Apple Releases Security Updates for QuickTime, Safari, Mac EFI, OS X Yosemite, and iOSwww.us-cert.gov6/30/2015
US Navy pays millions to cling to Windows XPnakedsecurity.sophos.com6/24/2015
Palo Alto Networks Traps Covers Top High Risk Vulnerabilities Highlighted By US CERTresearchcenter.paloaltonetworks.com6/23/2015
Dyre emerges as main financial Trojan threatwww.symantec.com6/23/2015
New 0-day for Adobe Flashcommunity.qualys.com6/23/2015
HP Releases Details, Exploit Code for Unpatched IE Flaws:threatpost.com6/22/2015
Samsung announces fix for major Galaxy keyboard security flawwww.tripwire.com6/19/2015
'Billions' of records at risk from mobile app data flawwww.cnbc.com6/17/2015
Unpatched OS X, iOS flaws allow password, token theft from keychain, appswww.net-security.org6/17/2015
Announcing Security Rewards for Androidgoogleonlinesecurity.blogspot.com6/16/2015
Vulnerability in Samsung Galaxy phones put over 600 million Samsung phone users at riskwww.computerworld.com6/16/2015
Cisco Patches IPv6 Vulnerability in Carrier-Grade Router Systemthreatpost.com6/12/2015
Bug in iOS Mail app is a dream come true for phisherswww.net-security.org6/11/2015
‘Evoltin’ POS Malware Attacks via Macroblogs.mcafee.com6/10/2015
Undetectable NSA-linked hybrid malware hits Intel Security radarwww.theregister.co.uk6/9/2015
Microsoft Security Bulletin Summary for June 2015technet.microsoft.com6/9/2015
Hackers control medical pumps to administer fatal doseswww.zdnet.com6/9/2015
Symantec confirms existence of unpatched rootkit Mac security flawwww.zdnet.com6/5/2015
Myfax malspam wave with links to malware and Neutrino exploit kitisc.sans.edu6/3/2015
Financial sector takes up to 176 days to patch security flawswww.zdnet.com6/2/2015
Blue Coat: SSL Visibility Appliance web based vulnerabilitiesisc.sans.edu5/31/2015
Majority of websites have serious vulnerabilitieswww.computerworld.com5/29/2015
Angler Exploit Kit Exploiting New Adobe Vulnerability, Dropping Cryptowall 3.0threatpost.com5/28/2015
Apple working on fix for bug that crashes iPhones with a text messagewww.zdnet.com5/28/2015
Password reset sites expose crackable PeopleSoft credswww.theregister.co.uk5/28/2015
Large-scale attack uses browsers to hijack routerswww.computerworld.com5/25/2015
Meet ‘Tox': Ransomware for the Rest of Usblogs.mcafee.com5/23/2015
Ransomware Removal Kit Published Online, Helps Streamline Infection Responsewww.tripwire.com5/21/2015
Google Releases Security Update for Chromewww.us-cert.gov5/20/2015
First software update for Apple Watch includes security fixeswww.computerworld.com5/20/2015
New Critical Encryption Bug Affects Thousands of Siteswww.wired.com5/20/2015
Long list of devices believed to be affected by NetUSB vulnerabilitywww.scmagazine.com5/19/2015
Oracle Patches VENOM Vulnerabilitythreatpost.com5/18/2015
FBI Says Researcher Admitted Hacking Airplane in Mid-Flightwww.securityweek.com5/18/2015
Bigger than Heartbleed, 'Venom' security vulnerability threatens most datacenterswww.zdnet.com5/13/2015
Microsoft fixes 46 flaws in Windows, IE, Office, other productswww.computerworld.com5/13/2015
Palo Alto Networks Researcher Discovers 3 Critical Internet Explorer Vulnerabilitiesresearchcenter.paloaltonetworks.com5/12/2015
Cisco UCS Central Software Vulnerabilitywww.us-cert.gov5/8/2015
New Linux rootkit leverages GPUs to hidewww.computerworld.com5/8/2015
WordPress 4.2.2 Security and Maintenance Releasewordpress.org5/7/2015
Millions of WordPress Websites at Risk from in-the-wild Exploitwww.tripwire.com5/7/2015
Apple Releases Security Updates for Safariwww.us-cert.gov5/7/2015
More serious security flaws found in Lenovo computerswww.zdnet.com5/6/2015
JetPack and TwentyFifteen Vulnerable to DOM-based XSSblog.sucuri.net5/6/2015
New Research: The Ad Injection Economygoogleonlinesecurity.blogspot.com5/6/2015
Unpatched Router Vulnerability Could Lead to Code Executionthreatpost.com4/30/2015
Alert (TA15-119A): Top 30 Targeted High Risk Vulnerabilitieswww.us-cert.gov4/29/2015
WordPress 4.2.1 Security Releasewordpress.org4/27/2015
WordPress Flaw Allows Arbitrary Code Execution via Comments: Researcherwww.securityweek.com4/27/2015
A Javascript-based DDoS Attack as seen by Safe Browsinggoogleonlinesecurity.blogspot.com4/24/2015
Wi-Fi client vulnerability could expose Android, Linux, BSD, other systems to attackswww.computerworld.com4/23/2015
Feds Warn Airlines to Look Out for Passengers Hacking Jetswww.wired.com4/21/2015
Mozilla Foundation Security Advisory 2015-45 (Memory corruption during failed plugin initialization)www.mozilla.org4/20/2015
Adobe security updates address wide range of bugs, some criticalwww.scmagazine.com4/15/2015
Denial of Service Attacks Possible with OpenSSL Vulnerability CVE-2015-1787blog.trendmicro.com4/15/2015
With latest patches, Oracle signals no more free updates for Java 7www.computerworld.com4/15/2015
Troubleshooting feature on Cisco routers is open to data-slurp abusewww.theregister.co.uk4/15/2015
Servers seized in global Simda botnet hitwww.zdnet.com4/13/2015
New SMB Flaw Affects All Versions of Windowsthreatpost.com4/13/2015
APT 30 and the Mechanics of a Long-Running Cyber Espionage Operationwww.fireeye.com4/12/2015
KJWorm VBS Malware Tied To Attacks on French TV Station TV5Mondeblog.trendmicro.com4/11/2015
Apple Patches Vulnerabilities in OS X, iOS, Safariwww.securityweek.com4/9/2015
International effort takes down 'Beebone' botnetwww.scmagazine.com4/9/2015
iOS 8.3 fixes dozens of security vulnerabilitieswww.zdnet.com4/9/2015
Vulnerabilities Identified in Network Time Protocol Daemon (ntpd)www.us-cert.gov4/8/2015
A MILLION Chrome users' data was sent to ONE dodgy IP addresswww.theregister.co.uk4/8/2015
Phantom: Deadly Proxy Manipulating on iOSwww.fireeye.com4/8/2015
Over 1 million WordPress sites may be affected by a flaw in WP Super Cache pluginwww.computerworld.com4/8/2015
Firefox issues brand new update to fix HTTPS security hole in new updatenakedsecurity.sophos.com4/7/2015
IC3 Releases Alert on Web Site Defacementswww.us-cert.gov4/7/2015
Android Installer Hijacking Bug Used as Lure for Malwareblog.trendmicro.com4/6/2015
Personal Information Possibly Stolen in Linux Australia Breachwww.securityweek.com4/6/2015
CRYPVAULT: New Crypto-ransomware Encrypts and “Quarantines” Filesblog.trendmicro.com4/6/2015
SWF Files Injecting Malicious iFrames on WordPress, Joomla Sitesthreatpost.com4/3/2015
Dyre Wolf malware huffs and puffs at your corporate bank account doorwww.zdnet.com4/3/2015
The Dyre Wolf Campaign: Stealing Millions and Hungry for Moresecurityintelligence.com4/2/2015
A New Word Document Exploit Kitwww.fireeye.com4/1/2015
Mozilla Releases Security Updates for Firefox, Firefox ESR, and Thunderbirdwww.us-cert.gov3/31/2015
Out with unwanted ad injectorsgoogleonlinesecurity.blogspot.com3/31/2015
MongoDB Patches Remote Denial-of-Service Vulnerability:threatpost.com3/31/2015
PCI Council updates penetration testing guidance for merchantswww.scmagazine.com3/30/2015
Twitch botnet malware lets scammers fraudulently earn money through gaming streamswww.symantec.com3/27/2015
Hotel Internet Gateways Patched Against Remote Exploitthreatpost.com3/26/2015
Cisco Event Response: March 2015 Semiannual Cisco IOS and IOS XE Software Security Advisory Bundled Publicationwww.cisco.com3/25/2015
Instagram API Bug Could Allow Malicious File Downloadsthreatpost.com3/24/2015
Android Installer Hijacking Vulnerability Could Expose Android Users to Malwareresearchcenter.paloaltonetworks.com3/24/2015
Cisco Small Business IP Phones Open to Remote Eavesdroppingthreatpost.com3/23/2015
Firefox, Chrome, Safari, IE exploited to own PCs, Mac at Pwn2Own 2015www.theregister.co.uk3/21/2015
Freshly Patched Flash Exploit Added to Nuclear Exploit Kitblog.trendmicro.com3/20/2015
Hacking BIOS Chips Isn’t Just the NSA’s Domain Anymorewww.wired.com3/20/2015
Mozilla Releases Security Updates for Firefox, Firefox ESR, and SeaMonkeywww.us-cert.gov3/20/2015
Threat Spotlight: PoSeidon, A Deep Dive Into Point of Sale Malwareblogs.cisco.com3/20/2015
Cross-Site Scripting Vulnerability Discovered In WordPress Photo Gallery Pluginblog.fortinet.com3/20/2015
Apple Releases Security Update for OS X Yosemitewww.us-cert.gov3/20/2015
OpenSSL patches "high" severity flaws in latest releasewww.zdnet.com3/19/2015
DeepCode tool detects software flaws before releasewww.zdnet.com3/18/2015
Operation Woolen-Goldfish: When Kittens Go Phishingblog.trendmicro.com3/18/2015
Apple Releases Security Updates for Safariwww.us-cert.gov3/18/2015
OpenSSL to Fix “High” Severity Security Flaw on Thursdaywww.tripwire.com3/17/2015
FREAK Out on Mobilewww.fireeye.com3/17/2015
Teslacrypt Joins Ransomware Fieldblogs.mcafee.com3/17/2015
TeslaCrypt ransomware attacks gamers - "all your files are belong to us!"nakedsecurity.sophos.com3/16/2015
D-Link Patches Two Remotely Exploitable Bugs in Firmwarethreatpost.com3/16/2015
Obama administration seeks additional authority to combat botnetswww.scmagazine.com3/16/2015
Adobe issues patches for 11 critical vulnerabilities in Flash Playerwww.zdnet.com3/13/2015
Reboot loop! Microsoft update to fix an old update ends up breaking a new update...nakedsecurity.sophos.com3/13/2015
EquationDrug: Sophisticated, stealthy data theft for over a decadewww.zdnet.com3/12/2015
Facebook Users Open to Attack Via Several Security Bugsthreatpost.com3/11/2015
WPML Security Update, Bug and Fixwpml.org3/11/2015
Email spoofing security hole discovered in Google Admin consolewww.zdnet.com3/9/2015
Security Advisory: MainWP-Child WordPress Pluginblog.sucuri.net3/9/2015
All Versions of Windows Vulnerable to FREAK Attack, Confirms Microsoftwww.tripwire.com3/6/2015
Gazon - the Android virus that SMSes everyonenakedsecurity.sophos.com3/6/2015
Zero-Day Vulnerability Found in MongoDB Administration Tool phpMoAdminblog.trendmicro.com3/6/2015
Attackers concealing malicious macros in XML fileswww.trustwave.com3/6/2015
PATCH FREAK NOW: Cloud providers faulted for slow responsewww.theregister.co.uk3/5/2015
Apple and Google prepare patches for FREAK SSL flawwww.zdnet.com3/4/2015
D-Link patches critical router flaws, says more fixes to comenakedsecurity.sophos.com3/4/2015
Threat Spotlight: Angler Lurking in the Domain Shadowsblogs.cisco.com3/3/2015
D-Link Routers Haunted by Remote Command Injection Bug:threatpost.com3/2/2015
Netwire RAT Behind Recent Targeted Attacksblogs.mcafee.com3/2/2015
Advisory: Seagate NAS Remote Code Executionisc.sans.edu3/1/2015
PlugX APT group uses backdoor in India campaignwww.scmagazine.com2/27/2015
Researchers uncover signs of Superfish-style attackswww.computerworld.com2/26/2015
Security Advisory – WP-Slimstat 3.9.5 and lowerblog.sucuri.net2/25/2015
Cisco IPv6 Denial of Service Vulnerabilitywww.us-cert.gov2/25/2015
Facebook security chap finds 10 Superfish sub-specieswww.theregister.co.uk2/23/2015
Hackers now popping Cisco VPN portalswww.theregister.co.uk2/20/2015
Using Google Cloud Platform for Security Scanninggoogleonlinesecurity.blogspot.com2/19/2015
iOS Masque Attack Revived: Bypassing Prompt for Trust and App URL Scheme Hijackingwww.fireeye.com2/19/2015
ISC Releases Security Updates for BINDwww.us-cert.gov2/18/2015
Banking Malware VAWTRAK Now Uses Malicious Macros, Abuses Windows PowerShellblog.trendmicro.com2/16/2015
Carbanak Ring Steals $1 Billion from Banksthreatpost.com2/15/2015
Feedback and data-driven updates to Google’s disclosure policygoogleonlinesecurity.blogspot.ro2/13/2015
Mobile Malware Gang Steals Millions from South Korean Usersblog.trendmicro.com2/12/2015
Dating apps pose US corporate security risk, says IBMwww.cnbc.com2/11/2015
Facebook Unveils Tool For Sharing Data On Malicious Botnetswww.wired.com2/11/2015
Google Releases Security Update for Chrome OSwww.us-cert.gov2/10/2015
MS15-011 & MS15-014: Hardening Group Policyblogs.technet.com2/10/2015
Microsoft Security Bulletin Summary for February 2015technet.microsoft.com2/10/2015
Another day, another zero-day – Internet Explorer's turn (CVE-2015-0072)community.websense.com2/5/2015
Google Releases Security Updates for Chromewww.us-cert.gov2/5/2015
Adobe Releases Security Updates for Flash Playerwww.us-cert.gov2/5/2015
Following Exploits, Zero Day in WordPress Plugin FancyBox Patchedthreatpost.com2/5/2015
Adobe Begins Patching Third Flash Player Zero Daythreatpost.com2/4/2015
Trend Micro Discovers New Adobe Flash Zero-Day Exploit Used in Malvertisementsblog.trendmicro.com2/2/2015
Outlook for iOS app "breaks" corporate security, developer sayswww.zdnet.com1/30/2015
New 'f0xy' malware is intelligent - employs cunning stealth & trickerycommunity.websense.com1/29/2015
Winnti trojan may help set stage for Skeleton Key attacks, analysts saywww.scmagazine.com1/29/2015
GHOST: Most Linux servers have a horrible, horrible vulnerability (in glibc)www.computerworld.com1/28/2015
I ain't afraid of no GHOST – securo-bodswww.theregister.co.uk1/28/2015
Apple releases security updates for OS X, iOS, Safari and AppleTVsupport.apple.com1/27/2015
Apple preparing to release Thunderstrike patchwww.zdnet.com1/26/2015
Android WiFi-Direct Denial of Servicewww.coresecurity.com1/26/2015
Adobe to release patch next week for 'critical' Flash zero-day under attackwww.zdnet.com1/23/2015
Google's Project Zero reveals three Apple OS X zero-day vulnerabilitieswww.zdnet.com1/23/2015
Adobe issues emergency fix for Flash zero-daynakedsecurity.sophos.com1/23/2015
Chrome 40 promoted to stable channel, includes 62 security fixeswww.scmagazine.com1/22/2015
Exploit for Flash Zero Day Appears in Angler Exploit Kitthreatpost.com1/21/2015
Oracle E-Business suite wide open to database attackwww.channelregister.co.uk1/20/2015
Here’s What Helped Sony’s Hackers Break In: Zero-Day Vulnerabilitywww.cnbc.com1/20/2015
Oracle Releases January 2015 Security Advisorywww.us-cert.gov1/20/2015
Vulnerability in Verizon My FIOS App Allowed Users to Compromise Others’ Email Accountswww.tripwire.com1/19/2015
Google goes public with more Windows bugswww.computerworld.com1/16/2015
Mozilla Patches Nine Vulnerabilities With Firefox 35:threatpost.com1/16/2015
Malware sites offering Oracle 'patches'blogs.oracle.com1/14/2015
Attackers planting banking Trojans in industrial systemswww.theregister.co.uk1/13/2015
Microsoft Security Bulletin Summary for January 2015technet.microsoft.com1/13/2015
Thunderstrike - new Mac "ueberrootkit" could own your Apple forever?nakedsecurity.sophos.com1/9/2015
CryptoWall ransomware variant gets new defenseswww.computerworld.com1/9/2015
Malvertising campaign strikes news outlets through AOLwww.zdnet.com1/9/2015
Evolving Microsoft's Advance Notification Service in 2015blogs.technet.com1/8/2015
Root Command Execution Flaw Haunts ASUS Routersthreatpost.com1/8/2015
BlackEnergy Malware Caused Ukrainian Power Outage, Confirms Researcherswww.tripwire.com1/5/2015
Unpatched Windows Privilege Elevation Vulnerability Details Disclosedthreatpost.com1/2/2015
Hackers Exploit Android Same Origin Policy Bug to Takeover Facebook Accountswww.tripwire.com12/29/2014
ISC website compromised, possibly due to vulnerable WordPress pluginwww.scmagazine.com12/29/2014
Apple pushes out first-ever automatic security upgrade for Macmoney.cnn.com12/23/2014
SoakSoak Malware Campaign Evolvesthreatpost.com12/23/2014
Cheap Black Friday/Cyber Monday Android tablets riddled with vulnerabilities and security headacheswww.zdnet.com12/20/2014
Alert (TA14-353A) Targeted Destructive Malwarewww.us-cert.gov12/20/2014
ZeuS variant strikes 150 banks worldwidewww.zdnet.com12/19/2014
Critical Git Vulnerability Allows for Remote Code Executionwww.tripwire.com12/19/2014
Two Cisco Products Vulnerable to POODLE Attack on TLSthreatpost.com12/16/2014
Google Blacklists WordPress Sites Peddling SoakSoak Malwarethreatpost.com12/15/2014
‘SoakSoak’ Malware Compromises More Than 100,000 WordPress Websiteswww.tripwire.com12/15/2014
Bonus Windows updates fix other Windows updateswww.zdnet.com12/10/2014
Google App Engine has THIRTY flaws, says researcherwww.theregister.co.uk12/9/2014
Two stealthy Linux malware samples uncovered, following in Windows variants' trackswww.zdnet.com12/9/2014
New ‘Fakedebuggerd’ Vulnerability Must Be Taken Seriouslywww.tripwire.com12/7/2014
Details Emerge on Sony Wiper Malware Destover:threatpost.com12/4/2014
SpoofedMe Social Login Attack Discovered by IBM X-Force Researcherssecurityintelligence.com12/4/2014
Evidence links malware to attack against Sony Pictureswww.computerworld.com12/4/2014
VMware vSphere product updates address security vulnerabilities - VMSA-2014-0012www.vmware.com12/4/2014
Siemens patches critical SCADA flaws likely exploited in recent attackswww.computerworld.com11/27/2014
Adobe tries to fix Flash vulnerability (again)www.computerworld.com11/25/2014
WordPress 4.0.1 Security Releasewordpress.org11/20/2014
Angler Exploit Kit Adds New Flash Exploit for CVE-2014-8440threatpost.com11/20/2014
Cybercriminals Use Citadel to Compromise Password Management and Authentication Solutionssecurityintelligence.com11/19/2014
Drupal Core - Moderately Critical - Multiple Vulnerabilities - SA-CORE-2014-006www.drupal.org11/19/2014
Microsoft Security Bulletin MS14-068 - Critical - Vulnerability in Kerberos Could Allow Elevation of Privilege (3011780)technet.microsoft.com11/18/2014
Google Removes SSLv3 Fallback Support From Chrome:threatpost.com11/18/2014
Microsoft fixes critical crypto flaw, strengthens encryption for older systemswww.computerworld.com11/12/2014
Windows vulnerability identified as root cause in Home Depot breachwww.scmagazine.com11/10/2014
Alert (TA14-310A) Microsoft Ending Support for Windows Server 2003 Operating Systemwww.us-cert.gov11/10/2014
Masque Attack: All Your iOS Apps Belong to Uswww.fireeye.com11/10/2014
Horrible Apple iOS virus; vectored via USB: WireLurker is 'new brand of threat' [u]www.computerworld.com11/6/2014
Apple addresses OS X, iOS WireLurker malware threat, C&C goes offlinewww.scmagazine.com11/6/2014
Yosemite infested by nasty 'Rootpipe' vulnwww.theregister.co.uk11/4/2014
Introducing nogotofail—a network traffic security testing toolgoogleonlinesecurity.blogspot.com11/4/2014
BlackEnergy cyberespionage group targets Linux and Ciscowww.computerworld.com11/4/2014
ROM – A New Version of the Backoff PoS Malwareblog.fortinet.com11/3/2014
Assume ‘Every Drupal 7 Site Was Compromised’ Unless Patched By Oct. 15threatpost.com10/31/2014
Popular Science site shrugs off malicious code infectionwww.theregister.co.uk10/31/2014
Hackers Are Using Gmail Drafts to Update Their Malware and Steal Datawww.wired.com10/29/2014
The dangers of opening suspicious emails: Crowti ransomwareblogs.technet.com10/28/2014
Alert (TA14-300A) Phishing Campaign Linked with “Dyre” Banking Malwarewww.us-cert.gov10/27/2014
Backoff malware linked to data breaches is spreadingwww.computerworld.com10/24/2014
PHP Patches Vulnerabilities, Including Remote Code Execution Flaw:threatpost.com10/22/2014
Apple pushes out iOS 8.1 - kills the mobile POODLE and closes some, ahem, "backdoors"nakedsecurity.sophos.com10/21/2014
Microsoft Security Advisory 3010060: Vulnerability in Microsoft OLE Could Allow Remote Code Executiontechnet.microsoft.com10/21/2014
Adobe exploit used to spread Dyre credential stealerwww.scmagazine.com10/21/2014
Apple patches 144 security flaws across seven productswww.zdnet.com10/17/2014
Drupal SQL injection nasty leaves sites 'wide open' to attackwww.theregister.co.uk10/16/2014
OpenSSL Patches Four Vulnerabilitieswww.us-cert.gov10/16/2014
Microsoft Windows 0-Day Vulnerability (CVE-2014-4114) Used by Russian Espionage Group “Sandworm”www.tripwire.com10/14/2014
Retail applications hit hardest, Web Application Attack Report indicateswww.scmagazine.com10/9/2014
Google Fixes 159 Flaws in Chromethreatpost.com10/9/2014
Multiple Vulnerabilities in Cisco ASA Softwaretools.cisco.com10/8/2014
Yahoo confirms servers infected — but not by Shellshockwww.zdnet.com10/7/2014
Shellshock attackers targeting NAS deviceswww.computerworld.com10/2/2014
Serious Hypervisor Bug Fix Causes Unexpected Cloud Downtimethreatpost.com10/2/2014
Apple Patches Shellshock Vulnerability in Bash for OS Xthreatpost.com9/29/2014
Hackers Are Already Using the Shellshock Bug to Launch Botnet Attackswww.wired.com9/25/2014
Microsoft Starts Online Services Bug Bountythreatpost.com9/23/2014
Credential-Stealing Malware Targets Salesforce Userswww.tripwire.com9/8/2014
Researchers discover two SQL injection flaws in WordPress security pluginwww.scmagazine.com9/4/2014
Twitter swaps kudos for cash with launch of bug bounty security programwww.zdnet.com9/4/2014
Patch Tuesday Includes Another IE Update; Vuln Disclosures Upthreatpost.com9/4/2014
Firefox 32.0 fixes holes, shakes out some old SSL certs, introduces certificate pinningnakedsecurity.sophos.com9/3/2014
Apple patches 'Find My iPhone' exploitwww.zdnet.com9/1/2014
Microsoft Security Bulletin MS14-045 - Importanttechnet.microsoft.com8/27/2014
New variants of POS malware 'Backoff' found as infections expandwww.scmagazine.com8/25/2014
Netis Routers Leave Wide Open Backdoorblog.trendmicro.com8/25/2014
Akeeba Patches Bypass Vulnerability in Joomlathreatpost.com8/22/2014
Reveton ransomware adds powerful password stealerwww.computerworld.com8/20/2014
Google Fixes 12 Vulnerabilities in Chrome 36threatpost.com8/15/2014
Redmond stall means IE Java axe won't swing till Septemberwww.theregister.co.uk8/14/2014
Malware no longer avoids virtual machineswww.computerworld.com8/13/2014
Two new Gameover Zeus variants in the wildwww.scmagazine.com8/11/2014
Critical Vulnerability Disclosed on WordPress Custom Contact Forms Pluginblog.sucuri.net8/8/2014
Stay up-to-date with Internet Explorerblogs.msdn.com8/8/2014
Yes, Hackers Could Build an iPhone Botnet—Thanks to Windowswww.wired.com8/1/2014
Backoff: New Point of Sale Malwarewww.us-cert.gov7/31/2014
NOAA, Satellite Data, Fraught with Vulnerabilitiesthreatpost.com7/30/2014
Critical Android FakeID Bug Allows Attackers to Impersonate Trusted Appsthreatpost.com7/29/2014
Only '3% of web servers in top corps' fully fixed after Heartbleed snafuwww.theregister.co.uk7/29/2014
How Hackers Hid a Money-Mining Botnet in Amazon’s Cloudwww.wired.com7/24/2014
Wordpress Sites Seeing Increased Malware, Brute Force Attacks This Weekthreatpost.com7/23/2014
Firefox 31 has arrived - 11 bulletins, 3 critical, 0 visual surprisesnakedsecurity.sophos.com7/23/2014
Secondhand Point-o-Sale terminal was horrific security middenwww.theregister.co.uk7/21/2014
Siemens Working on Patched For OpenSSL Bugs Under Exploitthreatpost.com7/18/2014
WordPress plugin vulnerabilities affect 20 million downloadswww.zdnet.com7/17/2014
Emergency vBulletin patch fixes SQL injection vulnerabilitywww.computerworld.com7/17/2014
Crooks fling banking Trojan at Japanese smut site fanswww.theregister.co.uk7/16/2014
Meet ‘Project Zero,’ Google’s Secret Team of Bug-Hunting Hackerswww.wired.com7/15/2014
Future Java 7 patches will work on Windows XP despite end of official supportwww.computerworld.com7/14/2014
The Father of Zeus: Kronos Malware Discoveredsecurityintelligence.com7/11/2014
Android bug lets apps make rogue phone callswww.computerworld.com7/7/2014
Cisco Patches Hardcoded SSH Key Vulnerability in UCMthreatpost.com7/3/2014
RSA: Brazil's 'Boleto Malware' stole nearly $4 billion in two yearswww.zdnet.com7/3/2014
Critical flaw in WordPress newsletter plug-in endangers many blogswww.computerworld.com7/2/2014
Latest Microsoft Malware Takedown Causes Waves in Security Communitythreatpost.com7/1/2014
Heartbleed still a threat: Over 300,000 servers remain exposedwww.cnet.com6/23/2014
Surprise Android 'KitKat' update fixes nasty OpenSSL vulnwww.theregister.co.uk6/20/2014
Not big, not clever: Some businesses just can't let go of Windows XPwww.zdnet.com6/18/2014
VMware Patches ESXi Against OpenSSL Flaw, But Many Other Products Still Vulnerablethreatpost.com6/12/2014
After Heartbleed, We’re Overreacting to Bugs That Aren’t a Big Dealwww.wired.com6/10/2014
Office, IE and Windows in line for critical fixes from Redmondwww.theregister.co.uk6/6/2014
Patch ready for newly-discovered Linux kernel flawwww.zdnet.com6/6/2014
Flaws open gates to WordPress en-masse SEO beat-downwww.theregister.co.uk6/2/2014
New attack methods can 'brick' systems, defeat Secure Boot, researchers saywww.computerworld.com5/30/2014
Security Manager's Journal: Dealing with the heartburn of Heartbleedwww.computerworld.com5/19/2014
Facebook Takes Tougher Stand Against BREACH Attackthreatpost.com5/19/2014
Latest IE flaw being actively exploitedwww.theregister.co.uk5/15/2014
New iPhone lock screen flaw gives hackers full access to contact list datawww.zdnet.com5/8/2014
Microsoft to Patch IE Again Next Week; Adobe to Clean Up Reader, Acrobatthreatpost.com5/8/2014
Hackers target ZOMBIE XP boxes: Get patching, Internet Explorer 8 userswww.theregister.co.uk5/2/2014
Windows XP stays strong despite end of supportwww.cnet.com5/1/2014
Microsoft tells IE users how to defend against zero-day bugwww.cnet.com4/30/2014
After Heartbleed, NSA reveals some flaws are kept secretwww.cnet.com4/28/2014
'Triple handshake' bug another big problem for TLS/SSLwww.zdnet.com4/28/2014
Vulnerability in Internet Explorer Could Allow Remote Code Executiontechnet.microsoft.com4/26/2014
Why It’s Insanely Easy to Hack Hospital Equipmentwww.wired.com4/25/2014
Apple splats 'new' SSL snooping bug in iOS, OS X - but it's no Heartbleedwww.theregister.co.uk4/23/2014
Obamacare enrollees urged to change passwords over Heartbleed bugwww.cnbc.com4/21/2014
Oracle Gives Heartbleed Update, Patches 14 Productsthreatpost.com4/21/2014
Heartbleed attack used to skip past multifactor authenticationwww.cnet.com4/18/2014
Heartbleed Bug Sends Bandwidth Costs Skyrocketingwww.wired.com4/17/2014
Heartbleed Saga Escalates With Real Attacks, Stolen Private Keysthreatpost.com4/14/2014
CloudFlare keys snatched using Heartbleedwww.zdnet.com4/12/2014
VMware patches man-in-the-middle vSphere vulnwww.theregister.co.uk4/12/2014
Heartbleed coder admits 'oversight' but backs open sourcewww.cnet.com4/11/2014
Heartbleed: What programs are 'critical infrastructure'?www.zdnet.com4/9/2014
OpenSSL Fixes Serious TLS Vulnerabilitythreatpost.com4/7/2014
Final Windows XP-Office 2003 Patch Tuesday a light onewww.zdnet.com4/3/2014
Facebook flashes its One Tool To Rule Them All in security threat analysiswww.theregister.co.uk3/26/2014
Cisco Event Response: Semiannual Cisco IOS Software Security Advisory Bundled Publicationwww.cisco.com3/26/2014
WordPress tops for blogging and malware distributionwww.zdnet.com3/25/2014
Attackers Picking Off Websites Running 7-Year-Old Unsupported Versions of Linuxthreatpost.com3/21/2014
Hackers transform EA Web page into Apple ID phishing schemenews.cnet.com3/19/2014
Microsoft touts study showing the cost of pirated softwarenews.cnet.com3/19/2014
Beware this big iOS flaw -- and it's not alonenews.cnet.com3/17/2014
Word Zero Day Attacks Use Complex Chain of Exploitsthreatpost.com3/15/2014
SCADA Vulnerabilities Identified in Power, Petrochemical Plantsthreatpost.com3/14/2014
DDoS attack is launched from 162,000 WordPress sitesnews.cnet.com3/11/2014
Apple iOS 7.1 patches 41 vulnerabilitieswww.zdnet.com3/10/2014
Microsoft to issue Windows, IE and Silverlight patcheswww.zdnet.com3/6/2014
Cisco Patches Authentication Flaw in Wireless Routersthreatpost.com3/6/2014
Google Fixes Nearly 20 Bugs in Chrome 33threatpost.com3/4/2014
Cisco launches Internet of Things security challengewww.zdnet.com3/3/2014
Apple issues many security updates for OS X, including Lion and Mountain Lionwww.zdnet.com2/26/2014
New security flaw opens iPhone, iPads to covert keyloggingwww.zdnet.com2/25/2014
Pony up: Botnet succesfully targets Bitcoinwww.theregister.co.uk2/25/2014
Apple vows to fix Mac SSL encryption bug 'very soon'www.zdnet.com2/23/2014
Apple security update fixes iOS vulnerabilitynews.cnet.com2/21/2014
Attackers scanning for Symantec Endpoint Protection Manager flawwww.zdnet.com2/18/2014
More Trouble for Linksys Home, Small Office Routersthreatpost.com2/18/2014
IE 10 zero-day attack targets US militarywww.zdnet.com2/14/2014
Syrian Electronic Army hacks Forbes, steals user datanews.cnet.com2/14/2014
Suspected Mass Exploit Against Linksys E1000 / E1200 Routersisc.sans.edu2/13/2014
Change your passwords: Comcast hushes, minimizes serious hackwww.zdnet.com2/9/2014
The Internet is Broken–Act Accordinglythreatpost.com2/7/2014
Light Microsoft Patch Load Precedes MD5 Deprecationthreatpost.com2/6/2014
Uncle Sam: I want you to sell me malwarewww.zdnet.com2/6/2014
Adobe issues emergency Flash update for Windows and Macnews.cnet.com2/4/2014
Cross-Platform Java bot foundwww.zdnet.com1/29/2014
Android VPN Bypass Vulnerability Affects KitKat As Well As Jelly Beanthreatpost.com1/28/2014
Cisco patches backdoor in WAP4410N Wireless-N Access Pointwww.zdnet.com1/24/2014
New Android Malware Steals SMS Messages, Intercepts Callsthreatpost.com1/22/2014
Don't be a DDoS dummy: Patch your NTP servers, plead infosec bodswww.theregister.co.uk1/21/2014
Android Vulnerability Enables VPN Bypassthreatpost.com1/20/2014
Oracle E-Business suite wide open to database attackwww.channelregister.co.uk1/20/2014
Starbucks App Stores User Information, Passwords in Clear Textthreatpost.com1/15/2014
Google Blocks Malicious File Downloads Automatically in Chromethreatpost.com1/14/2014
More retailers hit by security breaches; malware found on Target's POS machineswww.zdnet.com1/13/2014
Oracle, Adobe Announce First Critical Patches of 2014threatpost.com1/10/2014
OpenSUSE forums hacked in ANOTHER vBulletin attackwww.theregister.co.uk1/8/2014
Teen Reported to Police After Finding Security Hole in Websitewww.wired.com1/8/2014
The Internet of Things Is Wildly Insecure — And Often Unpatchablewww.wired.com1/6/2014
Gaping admin access holes found in SoHo routers from Linksys, Netgear and othersnakedsecurity.sophos.com1/3/2014
Windows Error Reporting Exposes Your Vulnerabilitiessecuritywatch.pcmag.com1/2/2014
Snapchat API has several vulnerabilities, researchers reportwww.scmagazine.com12/27/2013
Researchers publish Snapchat code allowing phone number matching after exploit disclosures ignoredwww.zdnet.com12/25/2013
Researchers report security flaw in Samsung's Galaxy S4news.cnet.com12/24/2013
CryptoLocker Creators Infected Nearly 250,000 Systems, Earned $300k Since Septemberthreatpost.com12/20/2013
Apple OS X Mavericks Update Patches Safari, WebKitthreatpost.com12/17/2013
Safari on Mac OS exposes web login credentialswww.zdnet.com12/13/2013
Android 4.4.2 Update Fixes Flash SMS DoS Vulnerabilitythreatpost.com12/12/2013
Microsoft To Patch TIFF Zero Day; Wait Til Next Year for XP Zero Day Fixthreatpost.com12/5/2013
Someone’s Been Siphoning Data Through a Huge Security Hole in the Internetwww.wired.com12/5/2013
VMware Patches Privilege Escalation Vulnerabilitythreatpost.com12/4/2013
Your browser may be up to date: But what about the PLUGINS?www.theregister.co.uk12/2/2013
Google Nexus phones reportedly susceptible to SMS attacksnews.cnet.com11/29/2013
Bitcoin developers offer $10,000 virtual bounty to fix mystery Mac bugwww.zdnet.com11/26/2013
Ruby on Rails CookieStore Vulnerability Plagues Prominent Websitesthreatpost.com11/26/2013
Rackspace patches Windows Updater vulnwww.theregister.co.uk11/24/2013
Hack-a-thon Finds 220 Bugs in Facebook, Google, Etsysecuritywatch.pcmag.com11/22/2013
OS X Mountain Lion: Still unsupported and vulnerablewww.zdnet.com11/22/2013
FBI: Anonymous has been exploiting Adobe flaws in year-long, ongoing assault on US government sitesnakedsecurity.sophos.com11/20/2013
Old JBoss vuln in the wild, needs patchingwww.theregister.co.uk11/19/2013
JBoss Attacks Up Since Exploit Code Disclosurethreatpost.com11/19/2013
vBulletin Zero Day Used to Attack Popular Forumsthreatpost.com11/18/2013
Apple iOS 7.04 Fixes App Store Purchase Flawthreatpost.com11/15/2013
Linux backdoor squirts code into SSH to keep its badness buriedwww.theregister.co.uk11/15/2013
IE zero-day is targeted, sophisticatedwww.zdnet.com11/11/2013
Microsoft plans to address zero-day IE bug on Tuesdaynews.cnet.com11/11/2013
OpenSSH Fixes Memory Corruption Bug With Updatethreatpost.com11/11/2013
Microsoft, Facebook unite for Internet Bug Bounty programnews.cnet.com11/7/2013
Twitter Fixes Bug that Enabled Takeover of Any Accountthreatpost.com11/6/2013
Following Controversy, Yahoo Officially Launches Bug Bounty Programthreatpost.com11/4/2013
Microsoft security research paints bleak picture for XP userswww.zdnet.com10/29/2013
PHP.net resets passwords after malware flinging HACK FLAPwww.theregister.co.uk10/25/2013
Cisco Fixes DoS, Remote Code Execution Bugs in Six Productsthreatpost.com10/24/2013
NETGEAR ReadyNAS Storage Vulnerable to Serious Command-Injection Flawthreatpost.com10/22/2013
VMware Patches Flaws in ESX, vCenterthreatpost.com10/18/2013
Researchers Uncover Holes That Open Power Stations to Hackingwww.wired.com10/16/2013
Oracle Quarterly Update Includes Patches for 50 Remotely Executable Java Bugsthreatpost.com10/16/2013
Microsoft-DS no longer hackers' top targetnews.cnet.com10/16/2013
Back door found in D-Link routerswww.theregister.co.uk10/13/2013
Google to Pay Rewards For Patches to Open Source Projectsthreatpost.com10/10/2013
Moscow cops cuff suspect in Blackhole crimeware bustwww.theregister.co.uk10/10/2013
Android adware that MUST NOT BE NAMED threatens MILLIONSwww.theregister.co.uk10/8/2013
Researcher Takes Home $100k Prize From Microsoft For New Attackthreatpost.com10/8/2013
Researchers Nab $28k in Microsoft Bug Bounty Programthreatpost.com10/7/2013
Hold in there, Internet Explorer peeps: Gaping zero-day fix coming Tueswww.theregister.co.uk10/4/2013
iOS 7's Airplane mode 'can be exploited for iPhone account hijack attack'www.zdnet.com10/4/2013
Yahoo changes bug bounty policy following 't-shirt gate'www.zdnet.com10/3/2013
Internet Explorer exploit release could trigger a surge in attacksnews.cnet.com10/2/2013
Having a bug bounty doesn't mean you take security seriouslywww.zdnet.com10/1/2013
Three New Attacks Using IE Zero-Day Exploitthreatpost.com10/1/2013
Yahoo offers its first tepid bug bountynews.cnet.com9/30/2013
Cisco IOS Update Patches Eight Vulnerabilitiesthreatpost.com9/26/2013
Security Issue in Ruby on Rails Could Expose Cookiesthreatpost.com9/25/2013
Cisco launches open-source tool for penetration testerswww.zdnet.com9/25/2013
Announcing the IBM X-Force 2013 Mid-Year Trend and Risk Reportsecurityintelligence.com9/24/2013
Compromised Japanese Media Sites Serving Exploits for Latest IE Zero Daythreatpost.com9/23/2013
Unpatched Internet Explorer vulnerability details emergewww.zdnet.com9/23/2013
New OS X Trojan found and blocked by Apple's XProtectreviews.cnet.com9/22/2013
Apple promises to fix iOS 7 lock screen hacknews.cnet.com9/19/2013
Firefox 24 fixes many serious vulnerabilitieswww.zdnet.com9/18/2013
NASDAQ Fixes XSS 2 Weeks After Bug Reportedthreatpost.com9/17/2013
BlackBerry Patches Flash, WebKit and Libexif Flaws on Mobile Devicesthreatpost.com9/11/2013
Internet Census 2012 Data: Millions of Devices Vulnerable by Defaultthreatpost.com9/11/2013
Microsoft Security Bulletin Summary for September 2013technet.microsoft.com9/10/2013
Clear next Tues: Incoming Outlook, IE, Windows critical security patcheswww.theregister.co.uk9/6/2013
NSA Laughs at PCs, Prefers Hacking Routers and Switcheswww.wired.com9/4/2013
Cisco Warns Users of Four Vulnerabilitiesthreatpost.com9/3/2013
Apple Mac flaw gives hackers 'super status,' root accesswww.zdnet.com8/30/2013
Java 6 users vulnerable to zero day flaw, security experts warnwww.zdnet.com8/29/2013
Office 2003 soon to lose support toowww.zdnet.com8/28/2013
Millions of Android users vulnerable to security threats, say fedswww.zdnet.com8/26/2013
Pinterest Closes Hole That Allowed Anyone to View Users’ Email Addressesthreatpost.com8/26/2013
VMware Patches Root Privilege-Escalation Flawthreatpost.com8/23/2013
Google Chrome 29 Fixes 25 Vulnerabilitiesthreatpost.com8/20/2013
Jigsaw Pen-Testing Tool Spotted in Attacksthreatpost.com8/19/2013
Researcher posts Facebook bug report to Mark Zuckerberg's wallnews.cnet.com8/18/2013
Google confirms Android flaw that led to Bitcoin theftnews.cnet.com8/14/2013
Google to quintuple some bug bountiesnews.cnet.com8/13/2013
BIND Vulnerability Enables DNS Cache Poisoning Attackthreatpost.com8/13/2013
BYOD Gives Vulnerable Devices Corporate Network Accessthreatpost.com8/9/2013
HP plugs password-leaking printer flawwww.theregister.co.uk8/8/2013
Critical IE, Exchange Updates on Tap in August Patch Tuesday Releasethreatpost.com8/8/2013
Chrome password security issue stirs debatenews.cnet.com8/7/2013
Fort Disco Brute-Force Attack Campaign Targets CMS Websitesthreatpost.com8/7/2013
Remotely Exploitable Bug Affects Wide Range of Cisco TelePresence Systemsthreatpost.com8/7/2013
Black Hat: Mobile carriers react quickly to major SIM card vulnerabilitywww.scmagazine.com8/2/2013
Black Hat: Mobile carriers react quickly to major SIM card vulnerabilitywww.scmagazine.com8/2/2013
Apple to Fix ‘Fake USB Charger’ Flaw in iOS 7threatpost.com8/1/2013
Mozilla, Blackberry Join Forces To Advance Peach Fuzzerthreatpost.com7/30/2013
Personal data on 72,000 staff taken in University of Delaware hacknakedsecurity.sophos.com7/30/2013
ISC announces BIND 9 DoS Vulnerability and patch updateisc.sans.edu7/26/2013
Malicious Android master key apps found in China: Symantecwww.theregister.co.uk7/25/2013
Apple hack exploited with new phishing campaignwww.zdnet.com7/25/2013
PayPal opens bug bounty program to minorswww.computerworld.com7/25/2013
US Top Source of Web-Based Attacks; Retailers Heavily Targetedthreatpost.com7/24/2013
E-shopkeepers stabbed with SQL needles 'twice' as much as other siteswww.theregister.co.uk7/23/2013
Failure to clean up old Java is leaving enterprises vulnerable to attackwww.zdnet.com7/22/2013
SIM cards vulnerable to hacking, says researcherwww.computerworld.com7/22/2013
Tumblr Fixes Password-Sniffing Bug on iPad, iPhonethreatpost.com7/18/2013
Oracle releases July patch batch... with 27 fixes for remote exploitswww.theregister.co.uk7/17/2013
Third-party app released to fix Bluebox Security Android holewww.zdnet.com7/17/2013
Amazon 1Button Browser Add-On Leaks Data in Plain Textthreatpost.com7/16/2013
Sony to pay £250,000 fine for PlayStation Network breachnakedsecurity.sophos.com7/16/2013
Android should embrace a Windows-style security update modelwww.zdnet.com7/15/2013
Practical IT: How to plan against threats to your businessnakedsecurity.sophos.com7/12/2013
Targeted attacks exploit now-patched Windows bug revealed by Google engineerwww.computerworld.com7/12/2013
Microsoft to Pay First Bug Bounty for IE 11threatpost.com7/11/2013
Proof-of-concept exploit available for Android app signature check vulnerabilitywww.computerworld.com7/9/2013
July Patch Tuesday Updates Expected to Include Fix for Ormandy Kernel Bugthreatpost.com7/8/2013
FAA Called Out for Lax Information Security Controlsthreatpost.com7/8/2013
Vulns 'like a hacker camped in the server room' all across the netwww.theregister.co.uk7/4/2013
Several Flaws Discovered in ZRTPCPP Library Used in Secure Phone Appswww.computerworld.com6/30/2013
Latest WordPress Update Patches Seven Vulnerabilitiesthreatpost.com6/25/2013
Common Web Vulnerabilities Plague Top WordPress Plug-Insthreatpost.com6/20/2013
Apple pours OS X Snow Leopard another Java fixwww.computerworld.com6/19/2013
Microsoft Launches $100,000 Bug Bounty Programthreatpost.com6/19/2013
Scores of vulnerable SAP deployments uncoveredwww.scmagazine.com.au6/18/2013
Oracle releases Java update to close 37 high-risk vulnerabilitieswww.scmagazine.com6/18/2013
DHS warns of vulns in hospital medical equipmentwww.theregister.co.uk6/14/2013
Critical Java SE update due Tuesday fixes 40 flawswww.theregister.co.uk6/14/2013
FDA Warns Medical Device Manufacturers to Take Security More Seriouslythreatpost.com6/13/2013
Microsoft patches critical IE vulnerabilities and actively exploited Office flawwww.computerworld.com6/11/2013
IRC Botnet Leveraging Unpatched Plesk Vulnerabilitythreatpost.com6/10/2013
Five Bulletins, One Critical in Microsoft’s June Patchthreatpost.com6/6/2013
FBI and Microsoft in massive takedown of "Citadel" crimewarenakedsecurity.sophos.com6/6/2013
Google Ships 12 Security Patches in Latest Chrome Updatethreatpost.com6/5/2013
Apple's OS X and Safari get biggish security fixesnakedsecurity.sophos.com6/5/2013
Rise in Red Kit Exploit Kit Activityresearch.zscaler.com6/1/2013
VMware releases new and updated security advisoriesisc.sans.edu5/31/2013
Hackers exploit Ruby on Rails vulnerability to compromise servers, create botnetwww.computerworld.com5/29/2013
Google Advocates 7-Day Deadline to Publicize Critical Vulnerabilitiesthreatpost.com5/29/2013
Drupal resets account passwords after detecting unauthorized accesswww.computerworld.com5/29/2013
Apple patches security holes in QuickTime on Windowswww.zdnet.com5/24/2013
EMC vuln gives mere sysadmins the power of storage adminswww.theregister.co.uk5/19/2013
IE10 beats Chrome, Safari, Firefox at blocking web malwarewww.zdnet.com5/15/2013
Firefox 21 Fixes Three Critical Flaws, Introduces New Health Reportthreatpost.com5/15/2013
Microsoft Security Bulletin Summary for May 2013technet.microsoft.com5/14/2013
Microsoft warns of new Trojan hijacking Facebook accountsnews.cnet.com5/12/2013
May's Patch Tuesday to fix two critical flaws in Internet Explorerwww.zdnet.com5/10/2013
Microsoft plasters IE8 hole abused in nuke lab PC meltdownwww.theregister.co.uk5/9/2013
Hacked DNS Servers Used in Linux/Cdorked Malware Campaignthreatpost.com5/8/2013
D.C. Media Sites Hacked, Serving Fake AVthreatpost.com5/7/2013
U.S. Department of Labor website was serving zero-day Internet Explorer 8 exploitwww.scmagazine.com5/6/2013
IE8 zero-day flaw targets U.S. nuke researchers; all versions of Windows affectedwww.zdnet.com5/5/2013
Cameras leak credentials, live videowww.theregister.co.uk5/1/2013
Oracle slaps critical patch on insecure Javawww.theregister.co.uk4/17/2013
ACLU complains to FTC that mobile carriers leave Android phones unsecuredwww.computerworld.com4/17/2013
Oracle critical patch plugs 128 security vulnswww.theregister.co.uk4/16/2013
Online Poker Rooms Fraught With Vulnerabilitiesthreatpost.com4/15/2013
Wireless IP cameras open to hijacking over the Internet, researchers saywww.computerworld.com4/11/2013
Adobe Ships Fixes for Flash, ColdFusion and Shockwave in April Patch Releasethreatpost.com4/9/2013
Microsoft's April Patch Tuesday brings no Pwn2Own fixwww.computerworld.com4/9/2013
Adobe Ships Fixes for Flash, ColdFusion and Shockwave in April Patch Releasethreatpost.com4/9/2013
Microsoft to patch IE10 Pwn2Own bugs next week, says security expertwww.computerworld.com4/4/2013
Firefox 20 Fixes 11 Critical Flaws, Adds Per-Tab Private Browsingthreatpost.com4/2/2013
Outdated Java weak spots are widespread, Websense saysnews.cnet.com3/27/2013
XSS Flaw in WordPress Plugin Allows Injection of Malicious Codethreatpost.com3/25/2013
Cloud security service protects WordPress contentwww.zdnet.com3/19/2013
Huawei USB modems vulnerablewww.theregister.co.uk3/17/2013
Apple updates Mountain Lion, patches Safariwww.computerworld.com3/15/2013
Reckless IT pros are missing security holes in non-Microsoft softwarewww.zdnet.com3/15/2013
Third-Party Applications to Blame for 87 Percent of Vulnerabilities Last Yearthreatpost.com3/15/2013
Attack Exploits Weakness in RC4 Cipher to Decrypt User Sessionsthreatpost.com3/14/2013
Tripwire buys nCirclewww.theregister.co.uk3/11/2013
HP, CERT Warn of Critical Hole in LaserJet Printersthreatpost.com3/11/2013
Apple, Facebook hackers hit car and candy companies toonews.cnet.com3/11/2013
Microsoft preps UPDATE ALL THE THINGS security patch batchwww.theregister.co.uk3/8/2013
Java zero-day malware 'was signed with certificates stolen from security vendor'www.zdnet.com3/4/2013
Oracle releases emergency fix for Java zero-day exploitwww.computerworld.com3/4/2013
Researchers warn of new Java exploit being used by attackerswww.computerworld.com3/1/2013
Adobe Patches Two Critical Flash Player Vulnerabilitiesthreatpost.com2/26/2013
HTC Settlement Could Alter Mobile Security and Privacy Landscapethreatpost.com2/25/2013
Zendesk says breach compromised email addresseswww.computerworld.com2/22/2013
HTC settles with FTC over software security vulnerabilitiesnews.cnet.com2/22/2013
VMware promises better security, considers scheduled patcheswww.theregister.co.uk2/20/2013
Facebook, Apple hacks could affect anyone: Here's what you can dowww.zdnet.com2/20/2013
iOS 6.x hack allows personal data export, free callswww.theregister.co.uk2/15/2013
Banking apps not safe from OS vulnerabilitieswww.zdnet.com2/15/2013
Facebook hit by 'sophisticated attack'; Java zero-day exploit to blamewww.zdnet.com2/15/2013
Adobe confirms targeted attacks due to security hole in Readernews.cnet.com2/14/2013
Adobe Recommends Protected View as Temporary Zero Day Mitigationthreatpost.com2/14/2013
Don't open that PDF: There's an Adobe Reader zero-day on the loosewww.zdnet.com2/13/2013
Microsoft monthly patches touch Exchange, Windows, Explorerwww.computerworld.com2/12/2013
Yahoo! Pushing Java Version Released in 2008krebsonsecurity.com2/11/2013
Change your passwords: Comcast hushes, minimizes serious hackwww.zdnet.com2/9/2013
Patch Tuesday: IE at risk of malware attacks; 57 flaws in totalwww.zdnet.com2/8/2013
Adobe releases emergency Flash fixes for two zero-day bugswww.computerworld.com2/8/2013
Critical cURL library flaw could expose many apps to hackerswww.computerworld.com2/8/2013
Vulnerability Lets Hackers Control Building Locks, Electricity, Elevators and Morewww.wired.com2/6/2013
Apple blocks Java on the Mac over security concernswww.theregister.co.uk2/1/2013
New bug makes moot Java's latest anti-exploit defenses, claims researcherwww.computerworld.com1/28/2013
Backdoors Mitigated in a Number of Barracuda Networks Productsthreatpost.com1/24/2013
iPhone hackers hint at progress towards iOS 6 jailbreakwww.computerworld.com1/21/2013
College Student Expelled After Bringing Web Vulnerability to School's Attentionthreatpost.com1/21/2013
Security Firms Warn Users of Fake Java Updatesthreatpost.com1/21/2013
Patient data revealed in medical device hackwww.scmagazine.com1/17/2013
Researchers Claim Linksys Routers Vulnerable to Remote Root Exploitthreatpost.com1/16/2013
Oracle Releases 86 Patches in its January Critical Patch Updatethreatpost.com1/16/2013
China's Android users warned of giant botnetwww.theregister.co.uk1/15/2013
ADP-Themed Phishing Emails Lead to Blackhole Sitesthreatpost.com1/14/2013
Homeland Security still advises disabling Java, even after updatenews.cnet.com1/14/2013
Microsoft to patch Internet Explorer zero-day flaw todaywww.zdnet.com1/14/2013
YOUR Cisco VoIP phone is easily TAPPED, warns CompSci profwww.theregister.co.uk1/14/2013
Oracle releases software update to fix Java vulnerabilitynews.cnet.com1/13/2013
Bank DDoS Attacks Using Compromised Web Servers as Botsthreatpost.com1/11/2013
New tool jailbreaks Microsoft Surface slabs in 20 SECONDSwww.theregister.co.uk1/11/2013
Mozilla touts 'Click to Play' in defense against Java vulnerabilitywww.zdnet.com1/11/2013
Chrome 24 Fixes More Than 20 Flawsthreatpost.com1/10/2013
Nasty New Java Zero Day Found; Exploit Kits Already Have Itthreatpost.com1/10/2013
Adobe warns of critical ColdFusion hole being exploited in the wildwww.zdnet.com1/8/2013
5 key security threats in 2013www.zdnet.com1/8/2013
Facebook Patches Password Reset Vulnerabilitythreatpost.com1/8/2013
Adobe Patches Acrobat, Reader and Flash Flawsthreatpost.com1/8/2013
Microsoft kicks off 2013 with clutch of critical Windows updateswww.computerworld.com1/8/2013
Researchers: We've cracked Microsoft fix for Windows IE zero day exploitwww.zdnet.com1/7/2013
Samsung rolls out Exynos patch to Galaxy S3 handsetswww.zdnet.com1/4/2013
Latest IE attacks connected to espionage groupwww.scmagazine.com1/4/2013
Researchers Bypass Microsoft Fix It for IE Zero Daythreatpost.com1/4/2013
Ruby on Rails has SQL injection vulnwww.theregister.co.uk1/3/2013
Microsoft to open year with seven patcheswww.scmagazine.com1/3/2013
Microsoft issues 'fix it' for IE vulnerabilitywww.computerworld.com1/1/2013
Facebook Patches Webcam Snooping Vulnerabilitythreatpost.com12/31/2012
Microsoft Responds to IE Zero Day Used in CFR Watering Hole Attackthreatpost.com12/31/2012
Microsoft confirms zero-day bug in IE6, IE7 and IE8www.computerworld.com12/29/2012
Mobile threats predicted top concern for 2013www.scmagazine.com12/28/2012
New WordPress vuln emergeswww.theregister.co.uk12/27/2012
Exploring the Market for Stolen Passwordskrebsonsecurity.com12/26/2012
Google to scan Chrome extensions, bans auto-installwww.theregister.co.uk12/23/2012
Samsung aims to fix severe Android device vulnerabilitywww.zdnet.com12/20/2012
VMware Patches Directory Traversal Vulnerability in View Server and Security Serverthreatpost.com12/19/2012
Shocking Delay in Fixing Adobe Shockwave Bugkrebsonsecurity.com12/19/2012
Oracle Adds Ability to Prevent Java Apps From Running in Browsersthreatpost.com12/18/2012
Cisco VoIP Phone Hacked, Turned into Listening Devicethreatpost.com12/17/2012
Security flaw found in Samsung handsets, tabletswww.zdnet.com12/17/2012
Egyptian hacker claims to find Yahoo flawswww.computerworld.com12/16/2012
Mac OS X users targeted in SMS scamwww.scmagazine.com12/12/2012
Microsoft fixes critical Windows 8, IE10 flaws for Patch Tuesdaywww.zdnet.com12/11/2012
‘Sanny’ Malware Targeting Russian Space, IT, Telecom Industriesthreatpost.com12/11/2012
ExploitHub admits 'embarrassing oversight' led to hackwww.computerworld.com12/11/2012
Necurs Rootkit Infections Way Upthreatpost.com12/7/2012
Microsoft Fixing 11 Vulnerabilities for December Patch Tuesdaythreatpost.com12/6/2012
Instagram vulnerability on iPhone allows for account takeoverwww.computerworld.com12/2/2012
Forget Disclosure Hackers Should Keep Security Holes to Themselveswww.wired.com11/29/2012
WCSU Alerts Students and Families Their Personal Data Exposedthreatpost.com11/29/2012
Researchers Remotely Control Smart Cards with Malware PoCthreatpost.com11/20/2012
VMware Security Update Fixes DoS, Other Vulnerabilitiesthreatpost.com11/16/2012
Slide Show: The Vulnerability 'Usual Suspects' Of 2012www.darkreading.com11/16/2012
Skype Restores Password Resets, Repairs Flaw that Allows Account Hijackingthreatpost.com11/14/2012
Microsoft Update Includes Critical Security Update for IE 9, First Patches for Windows 8, RTthreatpost.com11/13/2012
3 Ways To Get Executives To Listen About Riskwww.darkreading.com11/2/2012
Ten Ways To Secure Web Data Under PCIwww.darkreading.com10/29/2012
DDoS and SQL injection are the most popular attack subjectswww.infosecurity-magazine.com10/29/2012
McAfee debuts data center security suites for physical, cloud environmentswww.zdnet.com10/16/2012
Zero-Day Attacks Thrive for Months Before Disclosurethreatpost.com10/16/2012
Microsoft Security Bulletin Summary for October 2012technet.microsoft.com10/9/2012
Botnet Spotted Silently Scanning IPv4 Address Space For Vulnerable VoIPwww.darkreading.com10/4/2012
The Rise of Data-Driven Securitythreatpost.com10/1/2012
DSL modem hack used to infect millions with banking fraud malwarearstechnica.com10/1/2012
Over half of Android devices have unpatched vulnerabilities, report sayswww.csoonline.com9/14/2012
Old Operating Systems Die Harderwww.darkreading.com9/11/2012
Virtual Machine Escape Exploit Targets Xenthreatpost.com9/6/2012
New Attack Uses SSL/TLS Information Leak to Hijack HTTPS Sessionsthreatpost.com9/5/2012
Chorus Grows Louder to Disable Java 7 After Exploit Hits Mainstreamthreatpost.com8/29/2012
As Bug Bounty Programs Mature, Still More Room For Growththreatpost.com8/17/2012
Serious Vulnerabilities Remain in Reader After Huge Patch Release, Researchers Saythreatpost.com8/15/2012
Reuters was using old WordPress version when it was hackedwww.zdnet.com8/6/2012
Criminals target firms with rogue emails from payroll services providerswww.computerworld.com8/6/2012
Reuters hacked, fake news postedwww.zdnet.com8/3/2012
Microsoft tool shows whether apps pose danger to Windowswww.computerworld.com8/3/2012
Siemens squashes Stuxnet-like bugs in SCADA kitwww.theregister.co.uk7/25/2012
Vulnerabilities in Gadgets Could Allow Remote Code Executionwww.technolog.msnbc.msn.com7/10/2012
FTC sues Wyndham hotels over data breachesnews.cnet.com6/26/2012
Whitelisting is the solution for the national infrastructurewww.infosecurity-magazine.com6/21/2012
Hackers exploit Windows XML Core Services flawwww.csoonline.com6/20/2012
Attack code published for 'critical' IE flaw; Patch your browser nowwww.zdnet.com6/18/2012
Apple hustles, patches Java bugs same day as Oraclewww.computerworld.com6/14/2012
Microsoft Security Bulletin Summary for June 2012technet.microsoft.com6/12/2012
MySQL vulnerability allows attackers to bypass password verificationwww.computerworld.com6/11/2012
Adobe patches critical Flash Player holes; adds support for Mac OS X Gatekeeperwww.zdnet.com6/8/2012
The six most dangerous infosec attackswww.scmagazine.com.au3/7/2012
Trojan appears that leverages patched Microsoft Office flawwww.scmagazine.com2/9/2012
Hackers claim to have penetrated Foxconn backdoorwww.theregister.co.uk2/9/2012
Flaw in Home Security Cameras Exposes Live Feeds to Hackerswww.wired.com2/7/2012
Cyber Attacks Becoming Top Terror Threat, FBI Saysinformationweek.com2/1/2012
Possible New Zero-Day Windows 7 Flaw Under Investigationwww.darkreading.com12/22/2011
Vulnerabilities give hackers ability to open prison cells from afararstechnica.com11/7/2011
***The Government Model: The State Department's approach to cybersecurity is so innovative and effective that companies are clamoring to copy itonline.wsj.com9/26/2011
The Inside Story of SQL Slammerthreatpost.com10/20/2010
White Papers
McAfee Labs Threats Report: September 2016www.mcafee.com9/14/2016
PCI DSS Penetration Testing Guidancewww.pcisecuritystandards.org3/29/2015
McAfee Labs Threats Report: August 2014 (2nd Quarter)www.mcafee.com8/31/2014
McAfee Labs Threats Report: June 2014 (1st Quarter)www.mcafee.com6/30/2014
Microsoft Security Intelligence Report (SIR) Volume 15: January 2013 to June 2013www.microsoft.com10/31/2013
IBM X-Force 2013 Mid-Year Trend and Risk Reportwww14.software.ibm.com9/24/2013
McAfee Threats Report: Second Quarter 2013www.mcafee.com8/21/2013
2013 Internet Security Threat Report, Volume 18www.symantec.com4/16/2013
Security Flaws in Universal Plug and Play: Unplug, Don't Playcommunity.rapid7.com1/29/2013
2013 Threats Predictionswww.mcafee.com1/7/2013
2012 DATA BREACH INVESTIGATIONS REPORTwww.verizonbusiness.com3/22/2012
Technology Security Assessment for Capabilities and Applicability in Energy Sector Industrial Control Systemswww.mcafee.com3/1/2012
In a Zero-Day World, It’s Active Attacks that Matterkrebsonsecurity.com10/1/2001
Policies
Software Maintenance Policy
Vulnerability Management Policy
Standards
FIPS 199 Standards for Security Categorization of Federal Information and Information SystemsFIPS2/1/2004
NIST SP 800-40 Rev. 3 Guide to Enterprise Patch Management TechnologiesNIST7/25/2013
NIST Guide for Mapping Types of Information and Information Systems to Security CategoriesNIST8/1/2008
NIST Appendices to Guide for Mapping Types of Information and Information Systems to Security CategoriesNIST8/1/2008
NIST SP 800-167 Guide to Application WhitelistingNIST10/30/2015
NIST SP 800-179 Guide to Securing Apple OS X 10.10 Systems for IT Professionals: A NIST Security Configuration ChecklistNIST12/12/2016