Top

Tag: Bugs


Threats & Malware, Vulnerabilities

Chrome 111 Patches 40 Vulnerabilities

March 8, 2023

Via: Security Week

A total of 24 of the addressed security defects were reported by external researchers. These include eight high-severity flaws, 11 medium-severity bugs, and five low-severity issues. Three of the high-severity vulnerabilities reported by external researchers are use-after-free bugs impacting Swiftshader, […]


Threats & Malware, Vulnerabilities

Critical VMware Bugs Open ESXi, Fusion & Workstation to Attackers

February 16, 2022

Via: Threat Post

VMware has issued a critical security update to address issues in its ESXi, Fusion and Workstation products, including VMware Cloud Foundation versions. Exploitation could give attackers access to workloads inside organizations’ virtual environments. The bugs have a range of 5.3 […]


Application security, Security

Is $50,000 for a Vulnerability Too Much?

February 4, 2021

Via: Dark Reading

Zoom recently increased its maximum payout for vulnerabilities to $50,000 as part of its crowdsourced security program. Such a lofty figure makes great headlines, attracts new talent in search of the big bucks, and raises the question — how much […]


Threats & Malware, Vulnerabilities

Apple Patches Multiple Code Execution Flaws in Audio Components

July 17, 2020

Via: Security Week

The five bugs were found to affect macOS Catalina, with four of them also impacting iOS and iPadOS, tvOS, and watchOS. The first two of the flaws are CVE-2020-9884 and CVE-2020-9889, two out-of-bounds write issues, while the remaining three, namely […]


Application security, Security

Bugs in open-source libraries impact 70% of modern software

May 26, 2020

Via: Security Affairs

According to the Veracode’s annual State of Software Security report, 70 percent of mobile and desktop applications being used today have at least one security flaw that is the result of the use of an open-source library. Experts pointed out […]


Threats & Malware, Vulnerabilities

Bugs in Avast AntiTrack expose users to cyber attacks

March 11, 2020

Via: Security Affairs

Security expert David Eade has discovered a vulnerability (CVE-2020-8987) in Avast and AVG AntiTrack privacy software that could expose end-users to Man-in-The-Middle (MiTM) attacks, browser session hijack, with consequent exposure of sensitive data. “A remote attacker running a malicious proxy […]


Vulnerabilities

Critical Bugs Open Food-Safety Systems to Remote Attacks

September 5, 2019

Via: Threat Post

Two critical vulnerabilities in a food-quality management software package would allow adversaries to completely compromise the system. The issues affect the AK-EM 800 product from SCADA vendor Danfoss. It’s an enterprise management solution for the food retail industry that provides […]


Threats & Malware, Vulnerabilities

Web App Vulnerabilities Flying Under Your Radar

May 28, 2019

Via: Dark Reading

Organizations could face big problems from seemingly small Web application vulnerabilities. The problem is, many of these bugs fly under the radar because they’re not considered severe. Shandon Lewis, senior Web application penetration tester at Backward Logic, discussed a few […]


Hacker, Network security

Attackers chained three bugs to breach into the Facebook platform

October 2, 2018

Via: Security Affairs

Facebook has revealed additional details about the cyber attack that exposed personal information of 50 million accounts. Last week, Facebook announced that attackers exploited a vulnerability in the “View As” feature that allowed them to steal Facebook access tokens of […]


Mobile security, Vulnerabilities

The likely culprit for slow iOS 11 adoption? All of those bugs

April 27, 2018

Via: TechRadar

Compared to Android Oreo, which you’ll find only on 4.6% of Google phones around the globe, iOS 11 adoption is stellar at 76% of all compatible iPhones. Despite this incredible number and stark contrast, there may be reason for Apple […]


Vulnerabilities

Adobe Patches Four Critical Bugs in Flash, InDesign

April 11, 2018

Via: Threat Post

Adobe fixed four critical vulnerabilities in its Flash Player and InDesign products as part of its regularly scheduled April Security Bulletin Tuesday morning. In all, Adobe released 19 patches for products including Adobe Experience Manager, Adobe InDesign CC, Adobe Digital […]


Vulnerabilities

Cisco Patches Two Critical RCE Bugs in IOS XE Software

March 29, 2018

Via: Threat Post

Three critical vulnerabilities were patched by Cisco Systems on Wednesday, each tied to the company’s widely used internetworking operating system IOS XE. Two of the bugs are remote code execution vulnerabilities that could allow an attacker to take control over […]


Vulnerabilities

Microsoft December Patch Tuesday Update Fixes 34 Bugs

December 13, 2017

Via: Threat Post

Microsoft patched 34 vulnerabilities that are part of its December Patch Tuesday release. A total of 20 vulnerabilities were rated critical and another 12 were rated important. Impacted are Internet Explorer, Microsoft Edge, Microsoft Windows, Microsoft Office, SharePoint and Exchange. […]


Cloud security, Vulnerabilities

Cisco Patches Critical Playback Bugs in WebEx Players

December 1, 2017

Via: Threat Post

Cisco Systems issued a Critical alert on Wednesday warning of multiple vulnerabilities in its popular WebEx player. Six bugs were listed in the security advisory, each of them relating to holes in Cisco WebEx Network Recording Player for Advanced Recording […]


Vulnerabilities

Adobe Patches Flash Player, 56 Bugs in Reader and Acrobat

November 15, 2017

Via: Threat Post

Adobe kicked off today’s Patch Tuesday barrage with a monster update for Acrobat and Reader patching dozens of remote code execution vulnerabilities, along with the near-customary Flash Player update addressing a handful of critical flaws. None of the vulnerabilities patched […]


Application security, Vulnerabilities

5.3 billion devices at risk for invisible, infectious Bluetooth attack

September 12, 2017

Via: CSO Online

What spreads through the air, is invisible to users, and requires no user interaction— no clicking, no pairing, no downloading, not even turning on discoverable mode— but could bring the hurt to billions of devices? It’s an attack vector dubbed […]


Vulnerabilities

Bugs in Arris Modems Distributed by AT&T Vulnerable to Trivial Attacks

September 1, 2017

Via: Threat Post

Trivially exploitable vulnerabilities have been discovered in several Arris home modems, routers and gateways distributed to consumers and small businesses through AT&T’s U-verse service. It’s unknown yet whether the firmware vulnerabilities were introduced by the OEM or the ISP since […]


Vulnerabilities

Adobe and Apple to Outpace Microsoft in 2017 Vulnerability Discoveries. So What Now?

January 9, 2017

Via: TrendMicro Blog

Cyber-criminals by and large don’t work to annual schedules. But as a new year rolls around again, there’s a valuable opportunity for organizations to take stock of their IT security posture and consider where the key threats lie over the […]


Vulnerabilities

Project Springfield: Cloud-based fuzz testing for uncovering million-dollar bugs

September 28, 2016

Via: Help Net Security

This Moday Microsoft debuted Project Springfield, a cloud-based fuzz testing (aka fuzzing) service that the company has been working on for a quite a while. David Molnar and Patrice Godefroid, two of the key researchers behind Project Springfield, have been […]


Malware, Vulnerabilities

Google Fixes 48 Bugs, Sandbox Escape, in Chrome

July 22, 2016

Via: Threat Post

Google has patched a high-risk vulnerability in its Chrome browser that allows an attacker to escape the Chrome sandbox. That vulnerability is one of 48 bugs fixed in version 52 of Chrome released Wednesday. Four dozen of those flaws are […]