Bleeping Computer

Four Years Later, We Have a New OWASP Top 10

The Open Web Application Security Project (OWASP) has published a new version of its infamous Top 10 vulnerability ranking, four years after its last update, in 2013. The OWASP Top 10 is not an ...
Threat Post

Siemens Patches Authentication Bypass Flaw in SiPass Server

Siemens patches four vulnerabilities, including a critical authentication bypass flaw, in its SiPass integrated access control server. A handful of vulnerabilities in Siemens’ SiPass integrated server ...
ZDNet

Some enterprise VPN apps store authentication/session cookies insecurely

At least four Virtual Private Network (VPN) applications sold or made available to enterprise customers share security flaws, warns the Carnegie Mellon University CERT Coordination Center (CERT/CC) ...
Bleeping Computer

VMware Aria vulnerable to critical SSH authentication bypass flaw

VMware Aria Operations for Networks (formerly vRealize Network Insight) is vulnerable to a critical severity authentication bypass flaw that could allow remote attackers to bypass SSH authentication ...
eWeek

OWASP Lists Top 10 Most Critical Web Application Risks

The Open Web Application Security Project cited injection flaws as the top risk facing software developers today in the recent version of its annual list of security threats. The findings are based on ...
Threat Post

Flaw Lets Attackers Bypass PayPal Two-Factor Authentication

There’s a vulnerability in the way that PayPal handles certain requests from mobile clients that can allow an attacker to bypass the two-factor authentication mechanism for the service and transfer ...