Top

Category: Vulnerabilities


Vulnerabilities

Oracle Issues Emergency Patches for ‘JoltandBleed’ Vulnerabilities

November 17, 2017

Via: Threat Post

Oracle pushed out an emergency update for vulnerabilities affecting several of its products that rely on its proprietary Jolt protocol. The bugs were discovered by researchers at ERPScan who named the series of five vulnerabilities JoltandBleed. The vulnerabilities are severe, […]


Vulnerabilities

Cisco Warns of Critical Flaw in Voice OS-based Products

November 16, 2017

Via: Threat Post

Cisco Systems issued a security advisory warning customers key products tied to its Cisco Voice Operating System software platform were vulnerable to an attack where an unauthenticated, remote hacker could gain unauthorized and elevated access to impacted devices. The Cisco […]


Vulnerabilities

WordPress Sites Exposed to Attacks by ‘Formidable Forms’ Flaws

November 16, 2017

Via: Security Week

Vulnerabilities found by a researcher in a popular WordPress plugin can be exploited by malicious actors to gain access to sensitive data and take control of affected websites. Formidable Forms, available both for free and as a paid version that […]


Mobile security, Vulnerabilities

Debugging Tool Left on OnePlus Phones, Enables Root Access

November 15, 2017

Via: Threat Post

Chinese phone maker OnePlus is accused of leaving a debugging app on its phones capable of giving adversaries root access to the devices. The application in question is called EngineerMode and is made by Qualcomm. An anonymous researcher who goes […]


Vulnerabilities

Adobe Patches Flash Player, 56 Bugs in Reader and Acrobat

November 15, 2017

Via: Threat Post

Adobe kicked off today’s Patch Tuesday barrage with a monster update for Acrobat and Reader patching dozens of remote code execution vulnerabilities, along with the near-customary Flash Player update addressing a handful of critical flaws. None of the vulnerabilities patched […]


Vulnerabilities

Microsoft Patches 20 Critical Browser Vulnerabilities

November 15, 2017

Via: Security Week

Microsoft’s Patch Tuesday updates for November address more than 50 vulnerabilities, including 20 critical flaws affecting the company’s web browsers. A total of 53 CVE identifiers have been assigned to the security bugs addressed by Microsoft this month. None of […]


Vulnerabilities

What Happens When Security Companies Fail at Security?

November 9, 2017

Via: Security Week

Several recent cyber attacks have successfully targeted organizations that should be poster children for security hygiene. Why are even the most security-conscious organizations being compromised, and what does it mean for everyone else? Examining recent high-profile cyber attacks The most […]


Vulnerabilities

Majority of US Companies’ DDoS Defenses Breached

November 8, 2017

Via: Dark Reading

Survey finds 69% of companies’ distributed denial-of-service attack defenses were breached in the past year – despite confidence in their mitigation technologies. A whopping 88% of US companies claim confidence in their DDoS mitigation technologies, yet 69% have suffered an […]


Vulnerabilities

Stack Ranking SSL Vulnerabilities: DUHK and ROCA

November 3, 2017

Via: Security Week

Even with catchy branding and cute mascot and a theme song, these two SSL/TLS vulnerabilities nearly went unnoticed last week. The WPA2 Key Reinstallation Attack (KRACK) overshadowed them both, vacuuming up the tech media attention. DUHK and ROCA are both […]


Vulnerabilities

Injection Attacks: The Least Glamorous Attack Is One of the Most Threatening

November 2, 2017

Via: Security Intelligence

Very little in life grabs our attention like a shiny new object. The gleam can be irresistible, the glitter mesmerizing. That’s how it is in cybersecurity, where the landscape is almost always dotted with alluringly novel hazards. Brand new threats, […]