Vulnerabilities

Air Force Hopes To Attract Hackers With Bug Bounty Program

The Hack the Air Force bug bounty program invites white hats from inside and outside the U.S. to hack its websites.

Lack of Security Talent Afflicts Healthcare

At Source Boston, Josh Corman of the Atlantic Council said that healthcare is suffering from a lack of security talent, devices rife with vulnerabilities, and government incentivizing bad behavior.

Auto Lender Exposes Loan Data For Up To 1 Million Applicants

A trove of consumer auto loan data—some 1 million records—has been locked down after a researcher found an exposed and accessible database online.

Atlassian Resets HipChat Passwords Following Breach

Atlassian reset user passwords for its group chat service HipChat on Monday following an incident that may have resulted in unauthorized access to a server used by the service.

xDedic Market Spilling Over With School Servers, PCs

Nearly two-thirds of servers and PCs peddled on the xDedic underground marketplace belong to schools and universities based in United States.

VU#219739: Portrait Displays SDK applications are vulnerable to arbitrary code execution...

Applications developed using the Portrait Display SDK,versions 2.30 through 2.34,default to insecure configurations which allow arbitrary code execution.

ColdFusion Hotfix Resolves XSS, Java Deserialization Bugs

Adobe released an important security hotfix for several versions of Coldfusion, resolving two bugs, Tuesday morning.

Zimperium Acquisition Program Publishes Exploits for Patched Android Bugs

Exploits for patched Android elevation of privilege vulnerabilities were published through the Zimperium N-Days Exploit Acquisition Program.

Hyundai Patches Leaky Blue Link Mobile App

Hyundai Motor America patched its Blue Link mobile app after researchers found a cleartext encryption key that could be use to expose user and vehicle information.

Hard Target: Fileless Malware

Researchers say fileless in-memory malware attacks have become a major nuisance to businesses and have become even harder to detect and defend.

Original XPan Ransomware Returns, Targets Brazilian SMBs

Brazilian cybercriminals are using the original version of the XPan ransomware, targeting small to medium-sized business based in Brazil with the malware.

NSA’s DoublePulsar Kernel Exploit In Use Internet-Wide

Scans show tens of thousands of Windows servers infected with the DoublePulsar kernel exploit leaked by the ShadowBrokers two weeks ago.