The Windows installer for Apache Tomcat 6.0.0 through 6.0.20, 5.5.0 through 5.5.28, and possibly earlier versions uses a blank default password for the administrative user, which allows remote attackers to gain privileges.
CVSS v2 Base Score: 7.5 (AV:N/AC:L/Au:N/C:P/I:P/A:P)
Posted on 19 December 2014. | A new variant of the infamous Zeus banking and information-stealing Trojan has been created to target the users of over 150 different banks and 20 payment systems in 15 countries, including the UK, the US, Russia, Spain and Japan.
Posted on 19 December 2014. | Security researcher Samy Kamkar has devised a fast and easy way to compromise an unlocked computer and open a backdoor on it: a simple and cheap ($20) pre-programmed Teensy microcontroller.
Posted on 17 December 2014. | How to deal with untrustworthy third-party add-ons that could endanger your own users? Prevent them from loading - if you can. That's what Google recently did with Gmail extensions that load code that interferes with the users' Gmail session or malware that can compromise their emailís security.
Posted on 12 December 2014. | Make sure you understand the service level agreements with your cloud service provider. They will often replicate virtual machines in the cloud to ensure availability and make sure they maintain their SLAs. Ask them how they are making sure that your apps and data stay where they belong.