Vulnerabilities

Since the beginning of recorded time, security researchers, software vendors and hackers have been issuing security advisories in all kinds of nutty formats. Some feature excellent ASCII art, some have clever inside jokes and some come from Microsoft. Now, there's a effort underway, called the Common Vulnerability Reporting Framework, to standardize the way that vulnerabilities are reported so that they're in a common, machine-readable format.  Read more »

A recent string of Web site hacks at Amnesty International and other NGOs are evidence of a campaign of cyber espionage directed against human rights orgnaizations, according to a report from The Shadowserver Foundation. Read more »

In a bulletin, the Department of Homeland Security (DHS) is warning healthcare organizations about the threat posed by insecure, network attached medical devices and the proliferation of smart phones, tablet PCs and other mobile devices in medical settings. Read more »

Legitimate Web sites that have been hijacked and used to serve malicious content greately outnumber malicious sites on a list of the most-trafficked sites on Google's blacklist, according to analysis by security firm Zscaler.  Read more »

Google has released Chrome 19 and fixed more than 20 vulnerabilities in its browser, including eight high-risk bugs. The company paid security researchers $7,500 in rewards as part of its bug bounty program, including two rewards for vulnerabilities that applied to Chrome as well as other applications. Read more »

The Pentagon on Friday invited a slew of government contractors to meet and share classified information on cyber threats going forward, part of an initiative that the department hopes will reduce the risk of intrusions to government systems. Read more »

The first annual Index of Cyber Security finds that senior security officers are more concerned than at this time last year about the risk of cyber attack and other online risks, with concerns about ideologically-motivated hacktivists and the threats posed by business partners and other "counter parties" topping the list. Read more »

Just a few days after the company announced that customers would have to pay for security updates to some of its popular products, Adobe officials backed off of that idea and announced that patches for flaws in Illustrator, Photoshop and Flash Professional would be provided after all. Read more »

The U.S. Department of Homeland Security issued a bulletin on Thursday warning readers about a previously undisclosed, critical vulnerability in Movicon 11, a product used to manage critical infrastructure including the manufacturing, energy and water sectors. Read more »

Amnesty International’s United Kingdom website was compromised and hosting the potent Gh0st RAT Trojan earlier this week, according to research conducted by security firm Websense. Read more »