Security news that informs and inspires

Archive

86 results for tag Vulnerability:

GitHub Alerts Help Fix Bugs in Ruby, JavaScript Code

When GitHub unveiled its Security Alerts scanning feature last November, it was betting that if project owners knew which software components they were using had vulnerabilities, they would update them with patched versions. GitHub said that by Dec. 1, 450,000 vulnerabilities had been resolved, either by removing the dependency entirely or swapping out with a more recent, patched version. That's a little over 10 percent of the vulnerabilities addressed, right off the bat.

App Security, Vulnerability, Software Security

More Than Half of Android Phones Vulnerable to Encryption Bypass Attacks

The security research team at Duo Security, Duo Labs analyzed our dataset of Android phones to find out how many were vulnerable to the latest Android encryption bypass attacks, patched in the May 2016 update.

Android, Vulnerability

That Big Symantec Antivirus Bug

A Duo Labs analysis of the recent critical vulnerability found in Symantec’s Antivirus Decomposer engine, used in Symantec Endpoint Protection and other Symantec and Norton security products, and discovered by Tavis Ormandy.

Antivirus, Vulnerability

DROWN Provides Another Reminder to Disable SSLv2 (and 3, while you’re at it)

A newly discovered vulnerability in crypto protocols breaks connections and reminds us all that it's long past time to move on from SSLv2.

Ssl, Ssl Security, Openssl, Vulnerability

OpenSSL Provides Another Reminder to Disable SSLv2 (and 3, while you’re at it)

A newly discovered vulnerability in OpenSSL reveals private keys and reminds us all that it's long past time to move on from SSLv2.

Ssl, Ssl Security, Openssl, Vulnerability