vulnerabilities

Vulnerabilities

Issued by: CIO Security

Privacy groups complain to FTC over Google’s ‘deceptive’ policy change

Privacy groups have complained to the Federal Trade Commission that Google is encroaching on user privacy through a policy change in June that allows it to combine personally-identifiable information with browsing data collected by its DoubleClick digital advertising service. The complaint by Consumer Watchdog and Privacy Rights Clearing House alleged that Google has created “super-profiles”…

Vulnerabilities

Issued by: Security Week

Microsoft Patches Several Publicly Disclosed Flaws

Microsoft’s December 2016 Patch Tuesday updates include a total of 12 critical and important security bulletins that resolve vulnerabilities in Windows, Office, Internet Explorer and Edge. Several of the vulnerabilities patched this week have already been publicly disclosed. For instance, the critical bulletin MS16-144 fixes eight remote code execution, security bypass and information disclosure flaws….

Vulnerabilities

Issued by: Security Week

Yahoo Pays Out $10,000 Bounty for Critical Mail Flaw

A researcher has earned $10,000 for finding a critical Yahoo! Mail vulnerability that could have been exploited simply by getting the targeted user to open a specially crafted email. Nearly one year ago, Jouko Pynnönen of Finland-based software company Klikki Oy discovered a stored cross-site scripting (XSS) vulnerability in the web version of the Yahoo!…

Vulnerabilities

Issued by: Security Intelligence

How to Find and Remediate Vulnerabilities in Real Time

Every business, large or small, must be able to remediate vulnerabilities that can threaten to undermine all its hard work and success. The security analysts and IT operators at these organizations have surely heard of household-name vulnerabilities like Heartbleed and Shellshock. But do they have all the knowledge and tools they need to track and…

Vulnerabilities

Issued by: CSO

Feds provide legal loophole to hacking IoT devices

It was an especially happy Thanksgiving for security researchers, thanks to what they have called long-overdue exemptions to the Digital Millennium Copyright Act (DMCA). Those exemptions, which took effect Oct. 28, provide a two-year window allowing “good-faith” researchers to break into the software that controls most consumer and commercial Internet of Things (IoT) devices –…

Vulnerabilities

Issued by: Security Week

Microsoft’s EMET Protects Apps Better Than Windows 10, Researcher Says

While packed with a load of new security features, Window 10 doesn’t offer some of the additional protections that Microsoft’s Enhanced Mitigation Experience Toolkit (EMET) brings, CERT vulnerability analyst Will Dormann warns. Released in 2009, EMET was meant to provide mitigation against certain zero-day software vulnerabilities, filling a gap created by the release of major…

Vulnerabilities

Issued by: CSO

BrandPost: Emerging cybersecurity vulnerabilities

One unfortunate aspect of human psychology involves how people tend to deal with potential threats. As long as the threats are more abstract than actual, all too often we reason that there’s no rush to build defenses against them. Only after a threat materializes and does actual harm do we start to really take it…