Vulnerabilities

Vulnerabilities

Issued by: Security Intelligence

Is Bluetooth Security Good Enough for Your Most Sensitive Corporate Communications?

Most users take Bluetooth security for granted. When you’re enjoying the convenience of hands-free phone conversations, streaming podcasts in your car or jogging with your awesome new wireless headphones, do you need to worry about whether the communication channel is secure or not? What’s acceptable for consumers may not meet corporate standards. With a new…

Vulnerabilities

Issued by: Security Week

Yahoo Pays Out $10,000 Bounty for Critical Mail Flaw

A researcher has earned $10,000 for finding a critical Yahoo! Mail vulnerability that could have been exploited simply by getting the targeted user to open a specially crafted email. Nearly one year ago, Jouko Pynnönen of Finland-based software company Klikki Oy discovered a stored cross-site scripting (XSS) vulnerability in the web version of the Yahoo!…

Vulnerabilities

Issued by: Security Intelligence

How to Find and Remediate Vulnerabilities in Real Time

Every business, large or small, must be able to remediate vulnerabilities that can threaten to undermine all its hard work and success. The security analysts and IT operators at these organizations have surely heard of household-name vulnerabilities like Heartbleed and Shellshock. But do they have all the knowledge and tools they need to track and…

Network Security, Vulnerabilities

Issued by: Help Net Security

The global decline of cybersecurity confidence

Tenable Network Security solicited insights from 700 security practitioners in nine countries and across seven industry verticals to calculate a global index score reflecting overall confidence that the world’s cyber defenses are meeting expectations. According to this year’s data, global cybersecurity confidence fell six points over 2016 to earn an overall score of 70 percent…

Vulnerabilities

Issued by: CSO

Feds provide legal loophole to hacking IoT devices

It was an especially happy Thanksgiving for security researchers, thanks to what they have called long-overdue exemptions to the Digital Millennium Copyright Act (DMCA). Those exemptions, which took effect Oct. 28, provide a two-year window allowing “good-faith” researchers to break into the software that controls most consumer and commercial Internet of Things (IoT) devices –…

Vulnerabilities

Issued by: Security Week

Microsoft’s EMET Protects Apps Better Than Windows 10, Researcher Says

While packed with a load of new security features, Window 10 doesn’t offer some of the additional protections that Microsoft’s Enhanced Mitigation Experience Toolkit (EMET) brings, CERT vulnerability analyst Will Dormann warns. Released in 2009, EMET was meant to provide mitigation against certain zero-day software vulnerabilities, filling a gap created by the release of major…

Vulnerabilities

Issued by: Dark Reading

Researchers Demo Method For Turning A PC Into An Eavesdropping Device

Researchers at Israel’s Ben-Gurion University of the Negev have devised a way to turn any computer into an eavesdropping device by surreptitiously getting connected headphones or earphones to function like microphones. In a paper titled “SPEAKE(a)R: Turn Speakers to Microphones for Fun and Profit,” the researchers this week described malware they have developed for reconfiguring…