SEARCH KEYWORD -- Security vulnerability


  Severe SSL 3.0 vulnerability to be released

According to The Register, another severe security vulnerability has been found in the widely used SSL v3 protocol. Until now, it's still in patch phase and the details of this vulnerability is expected to be released today. There are a few widely impacted security vulnerabilities revealed this year and they bring people's attention to the long existing security concerns. Previously, we have seen the HeartBleed issue and also the recently ShellShock issue. Both of them occur in popular libraries...

   SSL,Security vulnerability, The Register     2014-10-14 22:22:39

  30 minutes to fix Java vulnerability

On September 25, Adam Gowdiak from the Polish security consulting firm Security Explorations submitted a Java security vulnerability to Oracle and provided a proof-of-concept. The vulnerability exists in Java 5 6,7, once the user accesses hosted malware site, an attacker can remotely control the infected machine.Gowdiak later got in touch again with Oracle and got the response that the fix has reached the final stage. He can expect the patch in four months later. He eventually unbearable Oracle'...

   Java, Vulnerability,Fix     2012-10-29 11:53:43

  A new SSL 3.0 vulnerability named POODLE is released

Today a new SSL v3 security vulnerability is released by Google and it affects all products which is using SSL v3 protocol as this vulnerability is introduced by a design flaw. Google revealed details of the design flaw on Tuesday, and dubbed it POODLE – short for Padding Oracle On Downgraded Legacy Encryption. It is a blunder within the blueprints of SSL 3.0 rather than a software bug, so it affects any product following the protocol – from Google Chrome and Mozilla Firefox to Micro...

   SSL v3, vulnerability, Google, POODLE     2014-10-15 04:48:59

  Oracle released an urgent Java patch

On March 23, Oracle just released an urgent Java patch which is out of its normal update schedule. The security vulnerability is related to the Java SE running in web browsers on desktops. The CVE ID for this issue is CVE-2016-0636. With the unpatched Java, attackers can remotely exploit the target system without username and credentials. Successful exploits can impact the availability, integrity, and confidentiality of the user's system. When the user access pages containing malicious code...

   JAVA,SECURITY,ORACLE,NEWS     2016-03-25 08:39:59

  A serious security vulnerability found in MySQL/MariaDB

Recently a serious security vulnerability was found in MySQL/MariaDB. It relates to the access to the database. The issue is described below.When a user connects to MariaDB/MySQL, a token (SHA over a password and a random scramble string) is calculated and compared with the expected value. Because of incorrect casting, it might've happened that the token and the expected value were considered equal, even if the memcmp() returned a non-zero value. In this case MySQL/MariaDB would think that the p...

   MySQL,MariaDB,bug,fix,password,memcmp()     2012-06-11 10:28:09

  25 worst passwords in 2012

Weak password is a serious security vulnerability, but the majority of network users still use some universal simple character sequences as the password. SplashData recently announced the world's worst password list in 2012.  "password","123456" and "12345678" are still at top places, while others have varying,  some new passwords like  "welcome" "Jesus" "ninja","mustang"and "password1 "are in the list. With the risk of password loss, SplashData CEO Morgan Slain said we hoped netw...

   Password,Security     2012-10-25 12:04:49

  How to Prevent a Data Breach: Guide For Businesses

The consequences of a data breach are nothing to joke about. From reputation damage to regulatory fines, it is a disaster for any business. So you should always strive to do your best to prevent it. But with so many steps to take, where do you even begin? Businesses of all shapes and sizes should follow this 8-step approach: 1. Outline Your Assets Your assets, whether digital or physical, should always remain in your sight. It should be the very first step you take. Picture anything that might r...

   DATA SECURITY     2020-03-04 08:16:44

  Top 3 Cybersecurity Trends to Watch Out for Today

One trend in cybersecurity that never changes is that it’s getting more important with every passing year. According to statistics, the number of cyberattacks and severity of the losses they incur are growing at an alarming rate. Every day about 24,000 of malicious mobile apps get blocked yet more pop up overnight. For a business today cybersecurity isn’t an option, it’s a necessary measure one needs to invest in heavily. And it’s essential to follow the trends and develo...

   SECURITY,CYBER SECURITY     2019-05-14 09:03:24

  Secure Your Go Code With Vulnerability Check Tool

Security vulnerabilities exist in any language and any code, some are written by ourselves, but more are from the upstream dependencies, even the underlying Linux. We have discussed the security protection methods for Go and Kubernetes Image in Path to a Perfect Go Dockerfile and Image Vulnerability Scanning for Optimal Kubernetes Security, in which the security scanning was performed based on generic. As the Go community grows, more and more open-source packages have caused ...

   GOVULNCHECK,GOSEC,GOLANG     2022-10-29 23:43:20

  8 very useful and free web security testing tools

With more pervasive of web applications, web security threats are becoming increasingly prominent. Hackers gain web server control by exploiting web server vulnerabilities and SQL injection vulnerabilities, then they may tamper with web content, or steal important internal data, the more serious is to inject malicious code into web pages to affect visitors of websites. Attention is gradually warming up to Web Application Security. Here we recommend eight very useful and free web security testing...

   Website, security,Web security,Attack     2012-07-22 10:59:09

RECENT