Tuesday , 25 April 2017
Home » Tag Archives: Vulnerability

Tag Archives: Vulnerability

Apple Patches Tens of Vulnerabilities in iOS, OS X

OS X El Capitan 10.11.6 fixes a total of 60 security bugs affecting components such as audio, CFNetwork, CoreGraphics, FaceTime, graphics drivers, ImageIO, the kernel, the login window, OpenSSL, QuickTime, sandbox profiles, and the libxml2 and libxslt libraries. The CFNetwork vulnerability, tracked as CVE-2016-4645, was reported to Apple by Abhinav Bansal of Zscaler. The security firm published a blog post ... Read More »

US gov vulnerability disclosure requires oversight, says new report

The US government should overhaul its policies on vulnerability disclosure according to a new report. Authored by Ari Schwartz and Rob Knake, the paper seeks to cut a middle ground between those who say that the government has the right to collect and exploit vulnerabilities and those, like Bruce Schneier, who says it does not. It takes specific aim at ... Read More »

CVE-2016-4171 – Another Flash Zero-Day exploited in targeted attacks

Once again Adobe Flash Player is the target of hackers in the wild. Adobe has released security updates for several of its products announcing that the fix for a critical Flash Player zero-day vulnerability (CVE-2016-4171) exploited in targeted attacks will only be issued later this week. A security fix for the vulnerability is expected to become available starting from June 16. The ... Read More »

WordPress plugin with 10,000+ installations being exploited in the wild

A growing number of WordPress websites have been infected by attackers exploiting a vulnerability that remains unpatched in a widely used plugin called WP Mobile Detector, security researchers warned. The attacks have been under way since last Friday and are mainly being used to install porn-related spamming scripts, according to a blog post published Thursday. The underlying vulnerability in WP ... Read More »

Five most common myths about Web security

Ilia Kolochenko,
High-Tech Bridge

Running behind trendy APTs we tend to forget about common-sense approach and holistic risk assessment. Almost 3 terabytes of data stolen in the Panama Gate scandal will shortly become searchable online. Mossack Fonseca, the breached legal firm behind one of the largest data leaks in the history, had numerous high-risk vulnerabilities in its front-end web applications, including its Client Information Portal. Actually, few ... Read More »

Uh-oh! Critical vulnerability in Symantec’s core scan engine – industry reaction

Symantec’s core scan engine has a critical vulnerability which lets attackers remotely execute code on a victim’s machine just by sending them an email or a link. The victim doesn’t even need to open it. It just has to be scanned by the AV program. The scan engine uses a filter driver to intercept I/O operations at the kernel level. In its advisory, Symantec acknowledged the ... Read More »

Nuix: Cybersecurity Industry “Fighting the Wrong Battle for 20 Years”

Chris Pogue of Nuix has penned a whitepaper that argues that the security industry has been “fighting the wrong battle” using the wrong tools for 20 years. He cites the human vulnerability as the factor behind this assertion. “In the more than 2,500 data breaches I have investigated, I can count exactly zero that were caused by non-human-initiated system failure—like it ... Read More »

SQL injection vuln found at Panama Papers firm Mossack Fonseca

Grey hat security researchers have discovered new flaws in the systems of Panama leak firm Mossack Fonseca. A self-styled “underground researcher” claims to have found a SQL injection flaw on one of the corporate systems of the Panamanian lawyers. “They updated the new payment CMS, but forgot to lock the directory /onion/,” he said via the “1×0123” Twitter profile. Mossack Fonseca specialises ... Read More »

1.5M Verizon Enterprise customer records selling on forum after breach

Some 1.5 million Verizon Enterprise customer records have been stolen and are being sold on a criminal hacking forum, according to reports. A trusted seller on a popular but shadowy unnamed criminal forum asked for US$100,000 for the database or US$10,000 for batches of 100,000 records, investigative blogger Brian Krebs reports. Verizon Enterprise counts 99 percent of the Fortune 500 ... Read More »

NSA hacker-in-chief says that zero-day vulnerabilities have been overstated

A hacker-in-chief from the National Security Agency (NSA) has explained that the consequences of zero-day vulnerabilities, which are undetected exploits that can create software problems, have been overstated by governments and security experts, since focus and persistence are also important when hacking a system. Declarations from Rob Joyce, the NSA’s chief of Tailored Access Operations (TAO), come after the security ... Read More »