[securityaffairs] Satellite equipment affected by severe vulnerabilities

A study conducted by experts at IOActive uncovered a variety of severe vulnerabilities in Satellite equipment widely used in numerous industries.

[thehackernews] Multiple Vulnerabilities in Firefox for Android Leak Sensitive Information

The Android operating system has hardened its security with application Sandboxing features to ensure that no application can access sensitive information held by another without proper privileges.

[net-security] Exploiting vulnerabilities in media players to spread advanced malware

Trusteer’s research has shown that vulnerable media players are constantly targeted by malicious actors. Since in most environments media players exist on users’ desktops for their own personal use, IT and security administrators ignore these applications and the content files they use. After all, you want to keep your employees productive and happy, and allow them to listen to their harmless music while they work. However, because these applications are not controlled, and users are not in a rush to patch these applications, most installations are vulnerable to exploits.

[net-security] Less risk, more reward: Managing vulnerabilities in a business context

Network security can be both an organization’s savior, and its nemesis. How often does security slow down the business? But security is something you can’t run away from. Today’s cyber-attacks have a direct impact on the bottom line, yet many organizations lack the visibility to manage risk from the perspective of the business. This quandary is a common balancing act that organizations must manage without truly understanding the impact to the bottom line. 

Traditionally, network security revolves around scanning the servers for vulnerabilities, reviewing them and the risk to the server by drilling down through the reporting to assess how vulnerabilities could be exploited, and then looking at how those risks can be remediated. Looking at vulnerabilities in this technical context leaves a lot to be desired in terms of actual impact on the business.

[net-security] Third-party programs responsible for 76% of vulnerabilities in popular software

Third-party programs are responsible for 76% of the vulnerabilities discovered in the 50 most popular programs in 2013, say the results of Secunia's Vulnerability Review 2014, which is based on a sampling of the company’s seven million PSI users.

[cert] Vulnerabilities and Attack Vectors

Hi, this is Will Dormann of the CERT Vulnerability Analysis team. One of the responsibilities of a vulnerability analyst is to investigate the attack vectors for potential vulnerabilities. If there isn't an attack vector, then a bug is just a bug, right? In this post, I will describe a few interesting cases that I've been involved with.