Microsoft released a scant nine bulletins today for Patch Tuesday, but six of them are marked critical and seven can lead to remote code execution. The updates, which address 25 vulnerabilities will be the last many who run Internet Explorer 8, 9, and 10 will receive unless they elect to update to a newer browser. The patches, the...

Adobe today patched 17 vulnerabilities in Acrobat and Reader, all of which the vendor rated as critical and warn could allow an attacker to commandeer the underlying system. Adobe said desktop versions of Acrobat and Reader XI (11.0.13), for Windows and Macintosh, are affected, as are Acrobat and Reader DC (15.009.20077 and 15.006.30097). None of...

Connecting a webcam to your home or office network might seem like a harmless thing, but researchers have figured out how to turn that connected device into a backdoor. Researchers at Vectra Networks today released a report demonstrating how a $30 D-Link webcam can be abused by attackers and turned into a medium for sending...

Juniper Networks announced late Friday it was removing the suspicious Dual_EC_DRBG random number generator from its ScreenOS operating system. And while that’s heralded as a positive move considering Dual_EC’s dubious origins, there remain important and unanswered questions about Juniper’s decision to include what is considered to be a backdoored random number generator in its NetScreen...

General Motors’ new vulnerability disclosure program puts it alongside Tesla as the only major automakers with a mechanism for security researchers to report flaws. Unlike Tesla’s program, however, GM’s does not offer a monetary reward. GM launched its program last week via the HackerOne platform, and while there’s no mention of a payout, the company...

Anxiety was high around April 8, 2014 when Microsoft officially closed the door on security support for Windows XP. Many envisioned black hats worldwide stockpiling exploits waiting for the day when XP machines would be left permanently exposed. The anticipated malware apocalypse, however, never really came for the remaining XP machines in circulation. And now...

Developers at WordPress are encouraging users of the content management system to download and apply the most recent update, pushed yesterday, to address a cross-site scripting (XSS) vulnerability. According to WordPress the bug exists in all versions before 4.4 and if exploited, could allow a hacker to take control of an affected website. An independent security researcher based...

If you’re hanging on to the theory that collision attacks against SHA-1 and MD5 aren’t yet practical, two researchers from INRIA, the French Institute for Research in Computer Science and Automation, have demonstrated new attacks that raise the urgency to move away from these broken cryptographic algorithms. Karthikeyan Bhargavan and Gaetan Leurent recently published an...

A number of issues exist in the content management system Drupal that could lead to code execution and the theft of database credentials via a man-in-the-middle attack, a researcher warns. The vulnerabilities lie in the way Drupal processes updates, according to Fernando Arnaboldi, senior security consultant with IOActive. Arnaboldi wrote a blog entry describing three...

Silent Circle, makers of the security and privacy focused Blackphone, have patched a vulnerability that could allow a malicious mobile application or remote attacker to access the device’s modem and perform any number of actions. The update was released Dec. 7 in version 1.1.13 RC3; details of the issue were disclosed today by SentinelOne, which...