The general population may have had its fill of Facebook at this point, but attackers sure haven’t. There is a new round of Facebook-related spam that is using fake messages about recent crimes involving recipients’ friends as a lure to direct them to Tumblr pages serving exploits. The campaign comprises several different individual messages purporting[...]
Browsing Category: Vulnerabilities
Adobe published two bulletins, resolving a pair of vulnerabilities in the Shockwave and Flash players.
Mozilla has released a major new version of Firefox, which includes fixes for more than a dozen security vulnerabilities as well as an important change that makes all Java plugins click-to-play be default. This feature prevents those plugins from running automatically on Web pages, which helps protect users against some Web-based attacks.
Siemens has patched a serious remotely exploitable vulnerability in its SINAMICS S/G ICS software that could enable an attacker to take arbitrary actions on a vulnerable installation without having to authenticate.
Attackers are able to bypass the reflective cross-site scripting filter in Internet Explorer; the weakness is accepted by Microsoft as part of its design philosophy for the filter and will not be fixed.
VMware released patches yesterday to fix a vulnerability that could have led to a privilege escalation in older Windows systems running in virtual environments.
Although there are still a number of issues that need to be addressed with the Department of Homeland Security’s information security efforts, the department is improving in many areas and making strong progress toward implementing better security controls, a new report from the Inspector General found. DHS, which is responsible for a large portion of[...]
The researchers who discovered a serious vulnerability in Android 4.3 Jelly Bean that enables a malicious app to disable the security locks on a vulnerable device have published a proof-of-concept app that exploits the bug, as well as source code for the app.
D-Link has patched a backdoor vulnerability in a number of different versions of its routers that could allow an attacker using a particular string to access the router’s admin panel and make any changes.
There is a vulnerability in Android 4.3 Jelly Bean that enables a malicious app to disable all of the security locks on a given device, leaving it open to further attacks.