US Navy Soliciting Zero Days
A RFP, which has since been taken down, surfaced last week from the Naval Supply Systems Command seeking operational exploits and vulnerability intelligence for commercial software from leading IT vendors.
Vulnerabilities
Cisco Patches IPv6 Vulnerability in Carrier-Grade Router System
Cisco patched a denial of service vulnerability in its IOS XR software used in carrier-grade routers.
OpenSSL Patches Five Flaws, Adds Protection Against Logjam Attack
The OpenSSL project has patched several moderate- and low-severity security vulnerabilities and also has added protection against the Logjam attack in new releases of the software.
Mozilla announced that it has increased rewards for vulnerabilities submitted to its bug bounty program, and that for the first time it will pay for some bugs whose severity is rated moderate.
A bug in the standalone mail client for both iOS and OSX could allow an attacker to load external HTML and make it easy to carry out convincing phishing attacks on unsuspecting users.
The Duqu attackers, who are considered by researchers to be at the top of the food chain of APT groups and are responsible for attacking certificate authorities and perhaps spying on Iran’s nuclear program, have resurfaced with a new platform that was used to compromise high-profile victims, including some related to the Iran nuclear talks […]
Microsoft released two critical bulletins—eight overall—as part of the June 2015 Microsoft Patch Tuesday security updates. One of the critical bulletins patches 24 vulnerabilities in Internet Explorer.
Adobe’s monthly patch release features just an update for Flash Player, addressing 13 security vulnerabilities that expose the software to remote attacks.
Toshiba has eliminated a hard-coded cryptographic key in its CHEC software, but is dealing with an information-disclosure bug in its 4690 operating system.
The Office of Personnel Management was warned as recently as November of numerous system vulnerabilities and governance weaknesses.
