April 17, 2019
Via: Threat PostOracle is urging customers to patch critical vulnerabilities in its products as part of its massive April update, which fixes a whopping 297 flaws. Of those flaws, 53 vulnerabilities in Oracle products had a CVSS score of 9.0 or higher, […]
April 10, 2019
Via: Dark ReadingMicrosoft today issued its April batch of security fixes, which patches 74 vulnerabilities including two Windows zero-days under active attack. CVE-2019-0803 and CVE-2019-0859 both patch Windows elevation of privilege bugs found exploited in the wild. Microsoft describes both patches in […]
Malware, Mobile security, Vulnerabilities
March 27, 2019
Via: Threat PostASUS has expedited a patch for a major bug impacting thousands of PCs that allowed an advanced persistent threat group to launch a supply-chain attack dubbed “Operation ShadowHammer.” The vulnerability targeted a range of new ASUS PCs with a backdoor […]
March 15, 2019
Via: Threat PostCisco Systems is warning customers that a discovery tool for network devices can be accessed by a remote and unauthenticated attacker. The flaw could allow an adversary to log into the system and collect sensitive data tied to host operating […]
Cyber-crime, Malware, Threats & Malware, Virus & Malware, Vulnerabilities
March 15, 2019
Via: Security AffairsSeveral threat actors are actively exploiting a critical remote code execution vulnerability recently addressed in WinRAR. The exploitation of the flaw in the wild is worrisome because the WinRAR software doesn’t have an auto-update feature, leaving millions of users potentially […]
March 12, 2019
Via: Threat PostMicrosoft won’t be patching the bug, but a proof of concept shows the potential for successful malware implantation. A previously unknown bug in Microsoft Windows would allow an attacker to spoof Windows dialog boxes that surface when making changes to […]
March 7, 2019
Via: Help Net SecurityCheckpoint has released more details about CVE-2018-8476, a critical remote code execution vulnerability affecting all Windows Servers since 2008 SP2. The bug was responsibly disclosed to Microsoft last year and was fixed last November, but there are likely still servers […]
Mobile security, Privacy protection
February 8, 2019
Via: Hot for SecurityLast week a bug became such big news that it broke out of the technology press, and into the mainstream media – generating headlines around the globe. The reason? A bizarre bug had been discovered in the way iPhones and […]
Mobile security, Vulnerabilities
February 6, 2019
Via: Threat PostEleven critical bugs will be patched as part of the February Android Security Bulletin. Google has patched a critical vulnerability in its current and legacy versions of its Android operating system, which allow an attacker to send a specially crafted […]
Network security, Vulnerabilities
January 29, 2019
Via: Security AffairsiPhone, iPad, or Mac users might disable FaceTime to avoid being spied through their devices. Experts warn that it is possible to call someone via FaceTime and listen via the microphone of their devices before they accept or reject the […]
Network security, Vulnerabilities
September 28, 2018
Via: Dark ReadingGood digital hygiene will lower your risk, and these six tips can help. This past April saw a milestone: the 100,000th common vulnerability and exposure (CVE). Although we’ve hit a major mark in CVE identifiers, Cisco found that the total […]
September 18, 2018
Via: Threat PostFirmware used in up to 800,000 CCTV cameras open to attack thanks to buffer overflow zero-day bug. Between 180,000 and 800,000 IP-based closed-circuit television cameras are vulnerable to a zero-day vulnerability that allows hackers to access surveillance cameras, spy on […]
Cloud security, Vulnerabilities
August 16, 2018
Via: Threat PostA browser bug in Google Chrome has been discovered that lets bad actors uncover private data stored on Facebook, Google sites and other platforms, by using video and audio HTML tags, and the filtering functions in websites. The bug in […]
August 13, 2018
Via: Threat PostLAS VEGAS – Tens of millions of fax-ready HP OfficeJet inkjet printers are vulnerable to a simple hack that gives an attacker full control over a targeted printer. Once compromised, the all-in-one OfficeJet could act as a springboard for deeper […]
Network security, Vulnerabilities
July 18, 2018
Via: CSO OnlineMicrosoft launched a new bug bounty program specifically aimed at identity services with bounty payouts ranging from $500 to $100,000. Microsoft’s Identity Bounty program will reward researchers for finding eligible bugs in not only its identity solutions but also for […]
Mobile security, Vulnerabilities
June 12, 2018
Via: Threat PostNine months after researchers warned of the BlueBorne remote code execution bug, Lenovo said Thursday that a patch is finally available for three popular lines of its Android tablets. Lenovo, the world’s No. 3 Android tablet-maker, said BlueBorne patches are […]
Vulnerabilities, Wireless security
May 23, 2018
Via: Threat PostComcast patched a bug Monday that under certain conditions leaked customer SSID names and passwords of Xfinity routers. The flaw was accessible via the Comcast website used by customers to activate and manage their Xfinity router. The bug did not […]
Mobile security, Vulnerabilities
May 15, 2018
Via: Threat PostSamsung began rolling out patches over the weekend to fix six critical bugs found in its flagship Android handsets as part of its May patch bulletin. Flaws range from a remote code execution bug to a buffer overflow vulnerability, plus […]
Cloud security, Vulnerabilities
March 19, 2018
Via: Threat PostIn the wake of the Meltdown and Spectre flaws, Microsoft has rolled out a new bug bounty program targeting speculative execution side channel vulnerabilities. The limited time program is open until December 31, and offers up to $250,000 for identifying […]
Cloud security, Vulnerabilities
March 2, 2018
Via: Threat PostHewlett Packard Enterprise has patched a vulnerability in its remote management hardware called Integrated Lights-Out 3 that is used in its popular line of HP ProLiant servers. The bug allows an attacker to launch an unauthenticated remote denial of service […]