Threats & Malware, Vulnerabilities
March 8, 2023
Via: Security WeekA total of 24 of the addressed security defects were reported by external researchers. These include eight high-severity flaws, 11 medium-severity bugs, and five low-severity issues. Three of the high-severity vulnerabilities reported by external researchers are use-after-free bugs impacting Swiftshader, […]
Threats & Malware, Vulnerabilities
February 16, 2022
Via: Threat PostVMware has issued a critical security update to address issues in its ESXi, Fusion and Workstation products, including VMware Cloud Foundation versions. Exploitation could give attackers access to workloads inside organizations’ virtual environments. The bugs have a range of 5.3 […]
Application security, Security
February 4, 2021
Via: Dark ReadingZoom recently increased its maximum payout for vulnerabilities to $50,000 as part of its crowdsourced security program. Such a lofty figure makes great headlines, attracts new talent in search of the big bucks, and raises the question — how much […]
Threats & Malware, Vulnerabilities
July 17, 2020
Via: Security WeekThe five bugs were found to affect macOS Catalina, with four of them also impacting iOS and iPadOS, tvOS, and watchOS. The first two of the flaws are CVE-2020-9884 and CVE-2020-9889, two out-of-bounds write issues, while the remaining three, namely […]
Application security, Security
May 26, 2020
Via: Security AffairsAccording to the Veracode’s annual State of Software Security report, 70 percent of mobile and desktop applications being used today have at least one security flaw that is the result of the use of an open-source library. Experts pointed out […]
Threats & Malware, Vulnerabilities
March 11, 2020
Via: Security AffairsSecurity expert David Eade has discovered a vulnerability (CVE-2020-8987) in Avast and AVG AntiTrack privacy software that could expose end-users to Man-in-The-Middle (MiTM) attacks, browser session hijack, with consequent exposure of sensitive data. “A remote attacker running a malicious proxy […]
September 5, 2019
Via: Threat PostTwo critical vulnerabilities in a food-quality management software package would allow adversaries to completely compromise the system. The issues affect the AK-EM 800 product from SCADA vendor Danfoss. It’s an enterprise management solution for the food retail industry that provides […]
Threats & Malware, Vulnerabilities
May 28, 2019
Via: Dark ReadingOrganizations could face big problems from seemingly small Web application vulnerabilities. The problem is, many of these bugs fly under the radar because they’re not considered severe. Shandon Lewis, senior Web application penetration tester at Backward Logic, discussed a few […]
October 2, 2018
Via: Security AffairsFacebook has revealed additional details about the cyber attack that exposed personal information of 50 million accounts. Last week, Facebook announced that attackers exploited a vulnerability in the “View As” feature that allowed them to steal Facebook access tokens of […]
Mobile security, Vulnerabilities
April 27, 2018
Via: TechRadarCompared to Android Oreo, which you’ll find only on 4.6% of Google phones around the globe, iOS 11 adoption is stellar at 76% of all compatible iPhones. Despite this incredible number and stark contrast, there may be reason for Apple […]
April 11, 2018
Via: Threat PostAdobe fixed four critical vulnerabilities in its Flash Player and InDesign products as part of its regularly scheduled April Security Bulletin Tuesday morning. In all, Adobe released 19 patches for products including Adobe Experience Manager, Adobe InDesign CC, Adobe Digital […]
March 29, 2018
Via: Threat PostThree critical vulnerabilities were patched by Cisco Systems on Wednesday, each tied to the company’s widely used internetworking operating system IOS XE. Two of the bugs are remote code execution vulnerabilities that could allow an attacker to take control over […]
December 13, 2017
Via: Threat PostMicrosoft patched 34 vulnerabilities that are part of its December Patch Tuesday release. A total of 20 vulnerabilities were rated critical and another 12 were rated important. Impacted are Internet Explorer, Microsoft Edge, Microsoft Windows, Microsoft Office, SharePoint and Exchange. […]
Cloud security, Vulnerabilities
December 1, 2017
Via: Threat PostCisco Systems issued a Critical alert on Wednesday warning of multiple vulnerabilities in its popular WebEx player. Six bugs were listed in the security advisory, each of them relating to holes in Cisco WebEx Network Recording Player for Advanced Recording […]
November 15, 2017
Via: Threat PostAdobe kicked off today’s Patch Tuesday barrage with a monster update for Acrobat and Reader patching dozens of remote code execution vulnerabilities, along with the near-customary Flash Player update addressing a handful of critical flaws. None of the vulnerabilities patched […]
Application security, Vulnerabilities
September 12, 2017
Via: CSO OnlineWhat spreads through the air, is invisible to users, and requires no user interaction— no clicking, no pairing, no downloading, not even turning on discoverable mode— but could bring the hurt to billions of devices? It’s an attack vector dubbed […]
September 1, 2017
Via: Threat PostTrivially exploitable vulnerabilities have been discovered in several Arris home modems, routers and gateways distributed to consumers and small businesses through AT&T’s U-verse service. It’s unknown yet whether the firmware vulnerabilities were introduced by the OEM or the ISP since […]
January 9, 2017
Via: TrendMicro BlogCyber-criminals by and large don’t work to annual schedules. But as a new year rolls around again, there’s a valuable opportunity for organizations to take stock of their IT security posture and consider where the key threats lie over the […]
September 28, 2016
Via: Help Net SecurityThis Moday Microsoft debuted Project Springfield, a cloud-based fuzz testing (aka fuzzing) service that the company has been working on for a quite a while. David Molnar and Patrice Godefroid, two of the key researchers behind Project Springfield, have been […]
July 22, 2016
Via: Threat PostGoogle has patched a high-risk vulnerability in its Chrome browser that allows an attacker to escape the Chrome sandbox. That vulnerability is one of 48 bugs fixed in version 52 of Chrome released Wednesday. Four dozen of those flaws are […]