The glitch stems from a functionality intended to allow updates to the UEFI firmware.

Lenovo warns of a high-severity bug impacting its System x line of servers, along with a medium-severity buffer-overflow vulnerability affecting its popular ThinkPad line.

Cisco patched nine publicly disclosed remote code execution vulnerabilities in the SNMP subsystem running in its IOS and IOS XE software.

Researchers have found a half-dozen flaws in popular printer models that allow attackers to do everything from steal print jobs to conduct buffer overflow attacks.

Networking giant Cisco issued five security bulletins this week with two critical bugs allowing remote execute code.

Advantech has published a new version of its WebAccess product to address vulnerabilities that put installations at risk to remote code execution attacks. Exploiting the vulnerabilities would be a challenge, however, according to an advisory published Tuesday by the Industrial Control Systems Cyber Emergency Response Team (ICS-CERT). ICS-CERT said the flaws patched in versions prior...

Apple has updated its Xcode development environment, patching two vulnerabilities in its implementation of git. Git is a version control system, and in March its handlers patched two flaws that exposed the software to remote code execution. The new version of Xcode, 7.3.1, is available for El Capitain v 10.11 and later. Apple said it...

Mozilla yesterday updated Firefox and patched 10 vulnerabilities, one which was rated critical. Firefox 46 also included patches for four vulnerabilities that Mozilla rated as high severity. Critical bugs enabled remote code execution without user interaction, while bugs rated high can be exploited to steal browser data or inject code into websites via the browser....

A number of publicly disclosed vulnerabilities in Moxa networking gear won’t be patched until August, if at all, according to an alert published on Friday by the Industrial Control System Cyber Emergency Response Team (ICS-CERT). Researcher Joakim Kennedy of Rapid7 disclosed in March some details affecting critical flaws in Moxa NPort 6110 Modbus/TCP to serial...

Users of secure messaging apps such as Pidgin, Adium and others built upon libotr, the Off-the-Record protocol, are being urged to update immediately to current versions after the discovery of a critical flaw that can be used in targeted attacks to expose encrypted communication. The OTR development team yesterday pushed out libotr 4.1.1 which patches...