Threats & Malware, Vulnerabilities
June 9, 2020
Via: Hot for SecurityA vast campaign targeting WordPress-based websites was identified by the Wordfence Firewall as it targeted 1.3 million pages, trying to leverage known plugins and theme vulnerabilities. WordPress is just one of the platforms used to create and deploy websites and, […]
Application security, Security
December 18, 2019
Via: Dark ReadingFacebook has fixed a bug in its WhatsApp chat platform that gave attackers a way to send a malicious group-chat message capable of repeatedly crashing the entire application for all members of a targeted chat group. To regain access to […]
Threats & Malware, Vulnerabilities
December 13, 2019
Via: Hot for SecurityIntel has quickly released a fix for the new and already infamous Plundervolt vulnerability found in Intel 6th, 7th, 8th, 9th, and 10th generation processors, alongside Xeon Processor E3 v5 and v6, and Xeon Processor E-2100 and E-2200. Security researchers […]
December 11, 2019
Via: Dark ReadingThis month’s batch of security updates addresses 36 CVEs, seven of which are rated Critical and one of which has been exploited in the wild. The last Patch Tuesday of 2019 is also Microsoft’s lightest of the year, with fixes […]
Threats & Malware, Vulnerabilities
September 24, 2019
Via: Help Net SecurityMicrosoft has unexpectedly released out-of-band security updates to fix vulnerabilities in Internet Explorer and Microsoft Defender. The IE zero-day bug is deemed “critical”, as it’s being actively exploited to achieve partial or complete control of a vulnerable systems. CVE-2019-1367 is […]
February 20, 2019
Via: Dark ReadingChip makers’ focus on performance has left microprocessors open to numerous side-channel attacks that cannot be fixed by software updates – only by hard choices. Side-channel attacks such as the Spectre family of vulnerabilities are more widespread threat than previously […]
Mobile security, Vulnerabilities
November 1, 2018
Via: Threat PostApple tackled a bevy of vulnerabilities across all its platforms Tuesday, including one that allowed a remote attacker to initiate a FaceTime call by exploiting a bug in some model iPhones, iPads, and iPad Air devices. The wide-ranging security fixes […]
September 10, 2018
Via: Security WeekGoogle has released its September 2018 security patches for Android, which resolves more than 50 vulnerabilities in the operating system. The September 2018 Android Security Bulletin is split into two parts, the 2018-09-01 security patch level, which resolves 24 bugs, […]
Mobile security, Vulnerabilities
July 6, 2018
Via: Security WeekGoogle this week released its July 2018 set of Android patches to address tens of vulnerabilities in the mobile operating system, including several rated as Critical. The Internet giant addressed 11 vulnerabilities as part of the 2018-07-01 security patch level, […]
Network security, Vulnerabilities
May 11, 2018
Via: Dark ReadingVulnerabilities in the framework used for secure data transfer in industrial systems were all fixed by March, says Kaspersky Lab. Researchers discovered 17 zero-day vulnerabilities in a popular framework for secure data transfer between clients and servers in industrial systems […]
Mobile security, Vulnerabilities
May 10, 2018
Via: Threat PostLG has patched two severe vulnerabilities that reside in the default keyboard on all mainstream LG smartphones, including its flagship handsets; the flaws could be used to remotely execute code with elevated privileges. LG’s update also includes a fix for […]
March 6, 2018
Via: Security WeekGoogle has released its March 2018 set of security updates for Android to address numerous Critical and High severity vulnerabilities in the popular mobile operating system. The majority of the Critical vulnerabilities addressed this month could allow an attacker to […]
February 28, 2018
Via: Threat PostIntel has issued updated microcode to help safeguard its Broadwell and Haswell chips from the Spectre Variant 2 security exploits. According to Intel documents, an array of its older processors, including the Broadwell Xeon E3, Broadwell U/Y, Haswell H,S and […]
February 19, 2018
Via: CSO OnlineGoogle seems to be gunning for Microsoft again by going public with a vulnerability in Microsoft Edge before Microsoft could develop a patch. The flaw affects Microsoft’s Arbitrary Code Guard (ACG) which Microsoft described a year ago in a post […]
January 17, 2018
Via: Security WeekOracle on Tuesday released its first Critical Patch Update for 2018 to deliver 237 new security fixes across its product portfolio. Over half of the addressed vulnerabilities could be remotely exploited without authentication. As part of the January 2018 Critical […]
December 13, 2017
Via: Threat PostMicrosoft patched 34 vulnerabilities that are part of its December Patch Tuesday release. A total of 20 vulnerabilities were rated critical and another 12 were rated important. Impacted are Internet Explorer, Microsoft Edge, Microsoft Windows, Microsoft Office, SharePoint and Exchange. […]
November 20, 2017
Via: Threat PostResearchers at Rhino Security Labs identified a flaw in Amazon’s Key delivery service and Cloud Cam security camera that allows a rogue courier to tamper with the camera and knock it offline, making it appear no one is entering home, […]
October 11, 2017
Via: Threat PostThree critical Windows DNS client vulnerabilities were patched today by Microsoft, closing off an avenue where an attacker could relatively simply respond to DNS queries with malicious code and gain arbitrary code execution on Windows clients or Windows Server installations. […]
October 3, 2017
Via: Threat PostNetgear recently issued 50 patches for its routers, switches, NAS devices, and wireless access points to resolve vulnerabilities ranging from remote code execution bugs to authentication bypass flaws. Twenty of the patches address “high” vulnerability issues with the remaining 30 […]
September 27, 2017
Via: Threat PostOracle released fixes for a handful of recently patched Apache Struts 2 vulnerabilities, including a critical remote code execution vulnerability (CVE-2017-9805) that could let an attacker take control of an affected system, late last week. The Apache Software Foundation patched […]