A new report by Synopsys indicates that open source security vulnerabilities are on the rise, putting companies that increasingly make use of such solutions at risk. In 2018, 7,000 open source vulnerabilities were identified, bringing the total of flaws found in the past twenty years to over 50,000. The research

Vodafone has admitted to Bloomberg that it discovered backdoors in software for Huawei products used by the carrier to provide various services to customers in Italy. The backdoors were discovered between 2009 and 2011 and remained in place for years. As a result, Huawei could have obtained unauthorized access to

US government agencies need to patch critical security flaws within 15 days and high-severity vulnerabilities within 30 days under BOD 19-02, a new Binding Operational Directive issued by the Department of Homeland Security (DHS). The period for fixing critical issues was cut in half, because the previous directive (BOD 15-01)

Default passwords are a security hazard in general, and when they affect applications used by firms to keep track of vehicles and perform remote actions like starting or shutting off engines, they can even put people’s lives at risk. A hacker using the moniker L&M claims that this applies to

The number of new security vulnerabilities affecting Microsoft products increased last year compared to 2017, and has more than doubled since 2013, a new BeyondTrust report shows. While the number of critical vulnerabilities declined based on the number for 2017, critical flaws have generally increased by 30% over the last

Threat actors are stepping up their efforts to weaponize vulnerabilities affecting Adobe products, new data by RiskSense shows. In 2018, a record-breaking 177 flaws were weaponized, which is 139% higher than in 2017. The study also found that last year almost three times more vulnerabilities were exploited in the wild before

Last week, an independent security researcher managed to get access to a brand new encrypted messaging application used by French government officials. The application is available for download on the Google Play Store, but normally only people with an official government email address can use it. Despite reports claiming that

New research by Outpost 24 exposes serious shortcomings in application security practices. Almost one-fourth (23%) of organizations do not test the security of applications before launching them. Moreover, 31% of firms have tried to gain a competitive advantage by launching one or more applications despite being aware that the product(s)

A new report[pdf] by Ixia analyses the 2018 cyber threat landscape. According to the report the 5 main security issues last year were: Most product vulnerabilities were the result of software design flaws including well-documented and easily avoidable issues like SQL injection and cross-site scripting vulnerabilities The human factor is

New Kaspersky Lab research shows that threat actors are increasingly trying to take advantage of security flaws in Microsoft Office products. In the last quarter of 2018, attackers went after Office flaws in a whopping 70% of attacks detected by Kaspersky. In Q4 of 2016 this number was still only