Web Browser Security
- April 02, 2014
The Safari security update addresses a number of remotely exploitable vulnerabilities and includes a fix for a hack from the Pwn2Own competition.
- March 21, 2014
Researchers have warned of numerous HealthCare.gov security issues. Michael Cobb reviews the website security lessons learned for enterprises.
- March 18, 2014
Researchers at the 2014 Pwn2Own contest bypassed application sandboxing repeatedly, proving even the most secure applications can be vulnerable.
- February 14, 2014
FireEye first reported that the zero-day exploit affecting IE 9 and 10 is part of a watering hole attack utilizing the U.S. VFW's website.
- October 07, 2013
Expert Michael Cobb discusses the ins and outs of the Firefox Health Report, and the implications it has for browser security and enterprise security.
- October 03, 2013
Microsoft's October Patch Tuesday expected to resolve four critical vulnerabilities, with experts hoping a recent high-profile IE zero-day is patched.
- September 18, 2013
Microsoft provides an Internet Explorer fix after confirming a vulnerability affecting all versions of the Web browser is being actively exploited.
- May 09, 2013
Microsoft is still working on a permanent fix for the IE8 zero-day found in the Dept. of Labor website attack. Also: Adobe preps ColdFusion patch.
- October 18, 2012
Spammers have spoofed shortened URLs designed to validate redirects to several states including California, Iowa, Indiana and Vermont.
- September 20, 2012
A temporary automated fix plugging the dangerous flaw is available until an official patch is released.
- August 29, 2012
Basic Java sandboxing has been around since 1995, but flaws in the Java virtual machine are highly targeted. Experts are calling on Oracle to do more.
- August 16, 2012
The search engine giant is doubling its payout when it holds its Pwnium 2 hacking contest in October at the Hack In the Box conference in Malaysia.
- August 16, 2012
Oracle said it would begin providing timely security updates to Java for Mac OS X.
- July 31, 2012
Researchers from IBM's X-Force Advanced Research Team demonstrated how an attacker could escape a Flash sandbox implementation at Black Hat.
- July 16, 2012
The Google Chrome Native Client was designed to secure browser plug-ins, but researcher Chris Rohlf says Google Chrome sandbox security flaws exist.