Exploits

2014 Annual Security Roundup: 2014 was the year of mega breaches, hard-to-patch vulnerabilities, and thriving cybercriminal underground economies.

Trend Micro researchers found that the recently discovered Adobe Flash player zero-day vulnerability is being abused by malware advertisements used by a top video-sharing site, among other sites. Update: Adobe has released an update that addresses this vulnera

Looking back at the biggest security stories and issues of 2014, how they affected users and various industries, and what we can learn from them.

A look into the threat landscape during the third quarter of 2014 reveals the loopholes and vulnerabilities in often overlooked targets such as routers and PoS systems that were used as attack vectors.

A new Shellshock attack targeting SMTP servers has been discovered. Attackers used email to deliver the exploit, which downloads and executes an IRC Bot.

A recent investigation revealed that the Sandworm zero day exploit could likely be used to target GE Intelligent Platform CIMPLICITY users. Find out what it does and how you can safeguard your systems against this emerging attack.

The term “secure” can only mean so much, especially in the case of the widely-used Secure Sockets Layer (SSL) protocol version 3.0, a 15-year old design Google found to have a major flaw that possibly affects millions of Internet users.

A new zero-day exploit that reportedly targets a military organization welcomes Patch Tuesday announcements as Microsoft announces a previously unknown vulnerability on Windows systems. (Update: Patch for "Sandworm" vulnerability has been released.)

Earlier this year, a website was compromised and used to spread online baking malware to approximately 7,000 victims in a span of two hours. This video describes how the site was compromised, the details of the attack, and the capabilities of the payloads.