Vulnerability Assessment - Infoworld http://www.infoworld.com/t/2121 en Oracle identifies products affected by Heartbleed, but work remains on fixes http://www.infoworld.com/d/security/oracle-identifies-products-affected-heartbleed-work-remains-fixes-240629?source=rss_vulnerability_assessment <p>Oracle has issued a comprehensive list of its software that may or may not be affected by the OpenSSL (secure sockets layer) vulnerability known as <a href="http://www.infoworld.com/t/security/5-no-bull-facts-you-need-know-about-heartbleed-right-now-240269">Heartbleed</a>, while warning that no fixes are yet available for some likely affected products.</p> Security Oracle Web Services Patch Management Vulnerability Assessment Wed, 16 Apr 2014 15:51:54 +0000 admin 240629 at http://www.infoworld.com Think tank challenges Heartbleed handwringing http://www.infoworld.com/d/security/think-tank-challenges-heartbleed-handwringing-240607?source=rss_vulnerability_assessment <p>A think tank opinion piece that claims the threat from the <a href="http://www.infoworld.com/t/security/5-no-bull-facts-you-need-know-about-heartbleed-right-now-240269">Heartbleed bug</a> is overblown has sparked a debate among researchers over the seriousness of the OpenSSL flaw.</p> Security Cyber Crime Encryption Vulnerability Assessment Wed, 16 Apr 2014 13:58:50 +0000 admin 240607 at http://www.infoworld.com Rushed Heartbleed fixes may expose users to new attacks http://www.infoworld.com/d/security/rushed-heartbleed-fixes-may-expose-users-new-attacks-240597?source=rss_vulnerability_assessment <p>In the race to protect themselves from the <a href="http://www.infoworld.com/t/security/5-no-bull-facts-you-need-know-about-heartbleed-right-now-240269">Heartbleed</a> vulnerability, enterprises could be opening themselves up to new attacks if they aren't careful.</p> <p>Perpetrators of some of the most virulent cyberattacks on the Internet will try to take advantage of the chaos that's bound to occur in some IT shops as administrators and developers hurriedly respond to Heartbleed, the widespread OpenSSL flaw that was discovered last week, a top researcher at Kaspersky Lab said.</p> Security Encryption Open Source Software Patch Management Vulnerability Assessment Wed, 16 Apr 2014 11:16:08 +0000 admin 240597 at http://www.infoworld.com VMware promises Heartbleed patches for affected products by the weekend http://www.infoworld.com/d/security/vmware-promises-heartbleed-patches-affected-products-the-weekend-240538?source=rss_vulnerability_assessment <p>VMware started patching its products against <a href="http://www.infoworld.com/t/security/5-no-bull-facts-you-need-know-about-heartbleed-right-now-240269">the critical Heartbleed flaw</a> that puts encrypted communications at risk, and plans to have updates ready for all affected products by Saturday.</p> Security Encryption Patch Management Vulnerability Assessment Tue, 15 Apr 2014 16:13:16 +0000 admin 240538 at http://www.infoworld.com Obama backs disclosing software vulnerabilities in most cases http://www.infoworld.com/d/security/obama-backs-disclosing-software-vulnerabilities-in-most-cases-240404?source=rss_vulnerability_assessment <p>The administration of U.S. President Barack Obama favors disclosing to the public vulnerabilities in commercial and open source software in the national interest, unless there is a national security or law enforcement need, the country's spy agency said.</p> Security The Industry Standard Application Security Vulnerability Assessment Government Mon, 14 Apr 2014 12:21:26 +0000 admin 240404 at http://www.infoworld.com Tests confirm Heartbleed bug can expose server's private key http://www.infoworld.com/d/security/tests-confirm-heartbleed-bug-can-expose-servers-private-key-240403?source=rss_vulnerability_assessment <p>Four researchers working separately have demonstrated a server's private encryption key can be obtained using the Heartbleed bug, an attack thought possible but unconfirmed.</p> <p>The findings come shortly after a challenge created by CloudFlare, a San Francisco-based company that runs a security and redundancy service for website operators.</p> Security Data Loss Prevention Data Security Encryption Open Source Software Vulnerability Assessment Web Security Mon, 14 Apr 2014 12:00:32 +0000 admin 240403 at http://www.infoworld.com Akamai admits its OpenSSL patch was faulty, reissues keys http://www.infoworld.com/d/security/akamai-admits-its-openssl-patch-was-faulty-reissues-keys-240405?source=rss_vulnerability_assessment <p>Akamai Technologies, whose network handles up to 30 percent of all Internet traffic, said Sunday a researcher found a fault in custom code that the company thought shielded most of its customers from the <a href="http://www.infoworld.com/t/security/5-no-bull-facts-you-need-know-about-heartbleed-right-now-240269">Heartbleed bug</a>.</p> <p>As a result, Akamai is now reissuing all SSL (Secure Sockets Layer) certificates and security keys used to create encrypted connections between its customer's websites and visitors to those sites.</p> Security Data Security Encryption Open Source Software Vulnerability Assessment Web Security Mon, 14 Apr 2014 11:45:35 +0000 admin 240405 at http://www.infoworld.com Don't overlook URL fetching agents when fixing Heartbleed flaw on servers, researchers say http://www.infoworld.com/d/security/dont-overlook-url-fetching-agents-when-fixing-heartbleed-flaw-servers-researchers-say-240335?source=rss_vulnerability_assessment <p>Website operators should assess their whole Web infrastructure when patching <a href="http://www.infoworld.com/d/security/the-heartbleed-openssl-flaw-worse-you-think-240231">the critical Heartbleed flaw in OpenSSL</a>, otherwise they risk leaving important components open to remote attacks, despite fixing the problem on their publicly facing servers.</p> Security Encryption Patch Management Security Tools Vulnerability Assessment Fri, 11 Apr 2014 15:44:51 +0000 admin 240335 at http://www.infoworld.com Website operators will have a hard time dealing with the Heartbleed vulnerability http://www.infoworld.com/d/security/website-operators-will-have-hard-time-dealing-the-heartbleed-vulnerability-240305?source=rss_vulnerability_assessment <p>Website and server administrators will have to spend considerable time, effort, and money to mitigate all the security risks associated with <a href="http://heartbleed.com/" target="_blank">Heartbleed</a>, one of the most severe vulnerabilities to endanger encrypted SSL communications in recent years.</p> Security Encryption Open Source Software Patch Management Vulnerability Assessment Fri, 11 Apr 2014 11:48:48 +0000 admin 240305 at http://www.infoworld.com Google amps up fight against malicious apps with enhanced Android security http://www.infoworld.com/d/mobile-technology/google-amps-fight-against-malicious-apps-enhanced-android-security-240283?source=rss_vulnerability_assessment <p>Google is boosting Android security safeguards to better detect potentially harmful apps throughout their life cycle.</p> <p>The security enhancement, announced Thursday, is designed to continually check Android devices to detect vulnerabilities in apps that could be introduced at any time. Previously, malicious apps downloaded outside of Google Play could only be flagged at the time of installation.</p> Mobile Technology Security Google Android Application Security Mobile Security Vulnerability Assessment Fri, 11 Apr 2014 11:27:11 +0000 admin 240283 at http://www.infoworld.com Adobe patches a critical flaw in Flash Player and AIR shown at Pwn2Own contest http://www.infoworld.com/d/security/adobe-patches-critical-flaw-in-flash-player-and-air-shown-pwn2own-contest-240152?source=rss_vulnerability_assessment <p>Adobe Systems released security updates for Flash Player and AIR in order to address four critical vulnerabilities that could lead to arbitrary code execution and information disclosure.</p> Security Adobe Adobe Flash Patch Management Vulnerability Assessment Wed, 09 Apr 2014 13:07:55 +0000 admin 240152 at http://www.infoworld.com Researchers disclose vulnerabilities in Oracle Java Cloud Service http://www.infoworld.com/d/cloud-computing/researchers-disclose-vulnerabilities-in-oracle-java-cloud-service-239663?source=rss_vulnerability_assessment <p>Security researchers released <a href="http://www.security-explorations.com/en/SE-2013-01-details.html" target="_blank">technical details and proof-of-concept code for 30 security issues</a> affecting Oracle's Java Cloud Service, some of which could allow attackers to compromise business-critical Java applications deployed on it.</p> Cloud Computing Security Oracle Cloud Security PaaS SaaS Intrusion Detection Vulnerability Assessment Wed, 02 Apr 2014 17:24:49 +0000 admin 239663 at http://www.infoworld.com Proprietary firmware poses a security threat, Ubuntu founder says http://www.infoworld.com/d/security/proprietary-firmware-poses-security-threat-ubuntu-founder-says-238635?source=rss_vulnerability_assessment <p>Mark Shuttleworth, the founder of the popular Ubuntu Linux distribution, believes proprietary and unverifiable firmware code poses a serious security threat to users and he encourages hardware manufacturers to implement support for their innovations through the Linux kernel instead.</p> <p>"If you read the catalogue of spy tools and digital weaponry provided to us by Edward Snowden, you'll see that firmware on your device is the NSA's best friend," Shuttleworth said Monday in a <a href="http://www.markshuttleworth.com/archives/1332" target="_blank">blog post</a>.</p> Security Patch Management Security Tools Vulnerability Assessment Security Tue, 18 Mar 2014 21:34:13 +0000 admin 238635 at http://www.infoworld.com Adobe patches a critical vulnerability in Shockwave Player http://www.infoworld.com/d/security/adobe-patches-critical-vulnerability-in-shockwave-player-238334?source=rss_vulnerability_assessment <p>Adobe Systems released a new security update for Shockwave Player in order to fix a critical vulnerability that could allow attackers to remotely take control of affected systems.</p> <p>The vulnerability, identified as CVE-2014-0505, is the result of a memory corruption issue and can lead to arbitrary code execution. According to Adobe, the flaw was privately reported to the company and there are no reports of active exploits targeting it in the wild.</p> Security Patch Management Security Tools Vulnerability Assessment Thu, 13 Mar 2014 18:00:01 +0000 admin 238334 at http://www.infoworld.com Some Samsung Galaxy devices contain a file access backdoor, Replicant developers say http://www.infoworld.com/d/security/some-samsung-galaxy-devices-contain-file-access-backdoor-replicant-developers-say-238332?source=rss_vulnerability_assessment <p>The developers of Replicant, a mobile OS based on Android, claim to have found a backdoor vulnerability in a software component shipped with some Samsung Galaxy devices that potentially provides remote access to users' private files through the device modem.</p> <p>The problem is located in the proprietary library that handles communications between the Android OS and the firmware running on the modem chipset, also known as the baseband or radio processor.</p> Mobile Technology Security Android Authentication Mobile Security Vulnerability Assessment Thu, 13 Mar 2014 16:20:32 +0000 admin 238332 at http://www.infoworld.com Adobe patches two important vulnerabilities in Flash Player http://www.infoworld.com/d/security/adobe-patches-two-important-vulnerabilities-in-flash-player-238234?source=rss_vulnerability_assessment <p>Adobe released updates for Flash Player that fix two vulnerabilities that could allow attackers to bypass security controls in the software.</p> Security Adobe Flash Patch Management Security Tools Vulnerability Assessment Wed, 12 Mar 2014 14:02:17 +0000 admin 238234 at http://www.infoworld.com Microsoft Patch Tuesday rounds up IE flaws http://www.infoworld.com/d/security/microsoft-patch-tuesday-rounds-ie-flaws-238197?source=rss_vulnerability_assessment <p>For this month's "Patch Tuesday" round of bug fixes, Microsoft has focused on correcting multiple vulnerabilities in Internet Explorer (IE), including one that is already being used in targeted attacks.</p> Security Malware Patch Management Vulnerability Assessment Wed, 12 Mar 2014 12:20:39 +0000 admin 238197 at http://www.infoworld.com Joomla receives patches for zero-day SQL injection vulnerability http://www.infoworld.com/d/security/joomla-receives-patches-zero-day-sql-injection-vulnerability-238070?source=rss_vulnerability_assessment <p>Recently released security updates for the popular Joomla CMS (content management system) address a SQL injection vulnerability that poses a high risk and can be exploited to extract information from the databases of Joomla-based sites.</p> <p>The Joomla Project released versions 3.2.3 and 2.5.19 of the open-source CMS Thursday. Both updates address two cross-site scripting (XSS) vulnerabilities in core components, but version 3.2.3 also patches a SQL injection flaw, publicly disclosed in early February, and an unauthorized log-in flaw in the Gmail-based authentication plug-in.</p> Security Content Management Patch Management Vulnerability Assessment Mon, 10 Mar 2014 18:12:52 +0000 admin 238070 at http://www.infoworld.com Linux bug exposes open source to its own 'goto fail' http://www.infoworld.com/t/vulnerability-assessment/linux-bug-exposes-open-source-its-own-goto-fail-237665?source=rss_vulnerability_assessment <div id="tw-edit" style="padding: 8px; background: none no-repeat scroll center top #ffffff; position: relative; float: right; width: 243px; height: 182px;"><img src="http://www.infoworld.com/sites/infoworld.com/files/media/image/Security_lock_2_hp.jpg" alt="Linux bug exposes open source to its own 'goto fail'" width="243" height="182" align="right" /></div> <p>The GnuTLS library, used in a great deal of software, including many Linux distributions, has been revealed to have <a href="http://gnutls.org/security.html#GNUTLS-SA-2014-2" target="_blank">a bug</a> that could allow an attacker to ste</p> Open Source Software Linux Open Source Software Vulnerability Assessment Tue, 04 Mar 2014 21:04:18 +0000 InfoWorld Tech Watch 237665 at http://www.infoworld.com Gameover malware tougher to kill with new rootkit component http://www.infoworld.com/d/security/gameover-malware-tougher-kill-new-rootkit-component-237430?source=rss_vulnerability_assessment <p>A new variant of the Gameover malware that steals online banking credentials comes with a kernel-level rootkit that makes it significantly harder to remove, according to security researchers from Sophos.</p> <p>Gameover is a computer Trojan based on the infamous Zeus banking malware whose source code was leaked on the Internet in 2011. Gameover stands apart from other Zeus-based Trojan programs because it uses peer-to-peer technology for command and control instead of traditional servers, making it more resilient to takedown attempts.</p> Security Microsoft Windows Cyber Crime Data Security Encryption Intrusion Detection Malware Vulnerability Assessment Fri, 28 Feb 2014 20:12:16 +0000 admin 237430 at http://www.infoworld.com