Vulnerability Assessment - Infoworld en Coding error protects some Android apps from Heartbleed <p>Some Android apps thought to be vulnerable to the Heartbleed bug were spared because of a common coding error in the way they implemented their own native OpenSSL library.</p> <p>FireEye scanned 54,000 Android applications in Google's Play store on April 10 to see which ones are vulnerable to Heartbleed. The flaw, publicly disclosed on April 7, is contained in OpenSSL, a code library used to encrypt data traffic.</p> Mobile Technology Security Android Mobile Apps Mobile Security Vulnerability Assessment Wed, 23 Apr 2014 12:08:37 +0000 admin 241031 at CloudFlare launches bug bounty program <p>CloudFlare started a bug bounty program on Monday, joining a host of companies that are turning to independent security researchers to spot bugs in their network.</p> <p>The San Francisco-based company runs a widely used global content delivery network that keeps copies of websites in various data centers in order to speed loading times and reduce bandwidth usage. It also offers security features.</p> Security Application Security Vulnerability Assessment Tue, 22 Apr 2014 13:18:04 +0000 admin 240945 at The rise and fall of Heartbleed hysteria <div id="tw-edit" style="padding: 8px; background: none no-repeat scroll center top #ffffff; position: relative; float: right; width: 243px; height: 182px;"><img src="" alt="The rise and fall of Heartbleed hysteria" width="243" height="182" align="right" /></div> <p>The crescendo of stories dissecting the Heartbleed bug is testimony to just how much <a href="" target="_blank">everyone loves a good train wreck</a>.</p> Data Explosion Security Internet Encryption Open Source Software Patch Management Vulnerability Assessment Fri, 18 Apr 2014 10:00:00 +0000 InfoWorld Tech Watch 240773 at Oracle identifies products affected by Heartbleed, but work remains on fixes <p>Oracle has issued a comprehensive list of its software that may or may not be affected by the OpenSSL (secure sockets layer) vulnerability known as <a href="">Heartbleed</a>, while warning that no fixes are yet available for some likely affected products.</p> Security Oracle Web Services Patch Management Vulnerability Assessment Wed, 16 Apr 2014 15:51:54 +0000 admin 240629 at Think tank challenges Heartbleed handwringing <p>A think tank opinion piece that claims the threat from the <a href="">Heartbleed bug</a> is overblown has sparked a debate among researchers over the seriousness of the OpenSSL flaw.</p> Security Cyber Crime Encryption Vulnerability Assessment Wed, 16 Apr 2014 13:58:50 +0000 admin 240607 at Rushed Heartbleed fixes may expose users to new attacks <p>In the race to protect themselves from the <a href="">Heartbleed</a> vulnerability, enterprises could be opening themselves up to new attacks if they aren't careful.</p> <p>Perpetrators of some of the most virulent cyberattacks on the Internet will try to take advantage of the chaos that's bound to occur in some IT shops as administrators and developers hurriedly respond to Heartbleed, the widespread OpenSSL flaw that was discovered last week, a top researcher at Kaspersky Lab said.</p> Security Encryption Open Source Software Patch Management Vulnerability Assessment Wed, 16 Apr 2014 11:16:08 +0000 admin 240597 at VMware promises Heartbleed patches for affected products by the weekend <p>VMware started patching its products against <a href="">the critical Heartbleed flaw</a> that puts encrypted communications at risk, and plans to have updates ready for all affected products by Saturday.</p> Security Encryption Patch Management Vulnerability Assessment Tue, 15 Apr 2014 16:13:16 +0000 admin 240538 at Obama backs disclosing software vulnerabilities in most cases <p>The administration of U.S. President Barack Obama favors disclosing to the public vulnerabilities in commercial and open source software in the national interest, unless there is a national security or law enforcement need, the country's spy agency said.</p> Security The Industry Standard Application Security Vulnerability Assessment Government Mon, 14 Apr 2014 12:21:26 +0000 admin 240404 at Tests confirm Heartbleed bug can expose server's private key <p>Four researchers working separately have demonstrated a server's private encryption key can be obtained using the Heartbleed bug, an attack thought possible but unconfirmed.</p> <p>The findings come shortly after a challenge created by CloudFlare, a San Francisco-based company that runs a security and redundancy service for website operators.</p> Security Data Loss Prevention Data Security Encryption Open Source Software Vulnerability Assessment Web Security Mon, 14 Apr 2014 12:00:32 +0000 admin 240403 at Akamai admits its OpenSSL patch was faulty, reissues keys <p>Akamai Technologies, whose network handles up to 30 percent of all Internet traffic, said Sunday a researcher found a fault in custom code that the company thought shielded most of its customers from the <a href="">Heartbleed bug</a>.</p> <p>As a result, Akamai is now reissuing all SSL (Secure Sockets Layer) certificates and security keys used to create encrypted connections between its customer's websites and visitors to those sites.</p> Security Data Security Encryption Open Source Software Vulnerability Assessment Web Security Mon, 14 Apr 2014 11:45:35 +0000 admin 240405 at Don't overlook URL fetching agents when fixing Heartbleed flaw on servers, researchers say <p>Website operators should assess their whole Web infrastructure when patching <a href="">the critical Heartbleed flaw in OpenSSL</a>, otherwise they risk leaving important components open to remote attacks, despite fixing the problem on their publicly facing servers.</p> Security Encryption Patch Management Security Tools Vulnerability Assessment Fri, 11 Apr 2014 15:44:51 +0000 admin 240335 at Website operators will have a hard time dealing with the Heartbleed vulnerability <p>Website and server administrators will have to spend considerable time, effort, and money to mitigate all the security risks associated with <a href="" target="_blank">Heartbleed</a>, one of the most severe vulnerabilities to endanger encrypted SSL communications in recent years.</p> Security Encryption Open Source Software Patch Management Vulnerability Assessment Fri, 11 Apr 2014 11:48:48 +0000 admin 240305 at Google amps up fight against malicious apps with enhanced Android security <p>Google is boosting Android security safeguards to better detect potentially harmful apps throughout their life cycle.</p> <p>The security enhancement, announced Thursday, is designed to continually check Android devices to detect vulnerabilities in apps that could be introduced at any time. Previously, malicious apps downloaded outside of Google Play could only be flagged at the time of installation.</p> Mobile Technology Security Google Android Application Security Mobile Security Vulnerability Assessment Fri, 11 Apr 2014 11:27:11 +0000 admin 240283 at Adobe patches a critical flaw in Flash Player and AIR shown at Pwn2Own contest <p>Adobe Systems released security updates for Flash Player and AIR in order to address four critical vulnerabilities that could lead to arbitrary code execution and information disclosure.</p> Security Adobe Adobe Flash Patch Management Vulnerability Assessment Wed, 09 Apr 2014 13:07:55 +0000 admin 240152 at Researchers disclose vulnerabilities in Oracle Java Cloud Service <p>Security researchers released <a href="" target="_blank">technical details and proof-of-concept code for 30 security issues</a> affecting Oracle's Java Cloud Service, some of which could allow attackers to compromise business-critical Java applications deployed on it.</p> Cloud Computing Security Oracle Cloud Security PaaS SaaS Intrusion Detection Vulnerability Assessment Wed, 02 Apr 2014 17:24:49 +0000 admin 239663 at Proprietary firmware poses a security threat, Ubuntu founder says <p>Mark Shuttleworth, the founder of the popular Ubuntu Linux distribution, believes proprietary and unverifiable firmware code poses a serious security threat to users and he encourages hardware manufacturers to implement support for their innovations through the Linux kernel instead.</p> <p>"If you read the catalogue of spy tools and digital weaponry provided to us by Edward Snowden, you'll see that firmware on your device is the NSA's best friend," Shuttleworth said Monday in a <a href="" target="_blank">blog post</a>.</p> Security Patch Management Security Tools Vulnerability Assessment Security Tue, 18 Mar 2014 21:34:13 +0000 admin 238635 at Adobe patches a critical vulnerability in Shockwave Player <p>Adobe Systems released a new security update for Shockwave Player in order to fix a critical vulnerability that could allow attackers to remotely take control of affected systems.</p> <p>The vulnerability, identified as CVE-2014-0505, is the result of a memory corruption issue and can lead to arbitrary code execution. According to Adobe, the flaw was privately reported to the company and there are no reports of active exploits targeting it in the wild.</p> Security Patch Management Security Tools Vulnerability Assessment Thu, 13 Mar 2014 18:00:01 +0000 admin 238334 at Some Samsung Galaxy devices contain a file access backdoor, Replicant developers say <p>The developers of Replicant, a mobile OS based on Android, claim to have found a backdoor vulnerability in a software component shipped with some Samsung Galaxy devices that potentially provides remote access to users' private files through the device modem.</p> <p>The problem is located in the proprietary library that handles communications between the Android OS and the firmware running on the modem chipset, also known as the baseband or radio processor.</p> Mobile Technology Security Android Authentication Mobile Security Vulnerability Assessment Thu, 13 Mar 2014 16:20:32 +0000 admin 238332 at Adobe patches two important vulnerabilities in Flash Player <p>Adobe released updates for Flash Player that fix two vulnerabilities that could allow attackers to bypass security controls in the software.</p> Security Adobe Flash Patch Management Security Tools Vulnerability Assessment Wed, 12 Mar 2014 14:02:17 +0000 admin 238234 at Microsoft Patch Tuesday rounds up IE flaws <p>For this month's "Patch Tuesday" round of bug fixes, Microsoft has focused on correcting multiple vulnerabilities in Internet Explorer (IE), including one that is already being used in targeted attacks.</p> Security Malware Patch Management Vulnerability Assessment Wed, 12 Mar 2014 12:20:39 +0000 admin 238197 at