Google Debuts Continuous Fuzzer for Open Source Software
A new Google program OSS-Fuzz is aimed at continuously fuzzing open source software and has already detected over 150 bugs.
Chris Brook
About
"Distrust and caution are the parents of security" - Benjamin Franklin
Mozilla Patches Firefox Zero Day Used to Unmask Tor Browser Users
Mozilla released a new version of Firefox on Wednesday to address a zero day vulnerability that was actively being exploited to de-anonymize Tor Browser users.
Microsoft Silently Fixes Kernel Bug That Led to Chrome Sandbox Bypass
Microsoft appears to have silently fixed a two-year-old bug in in Windows Kernel Object Manager that could have allowed for the bypass of privileges in Google’s Chrome browser.
Researchers say they spotted the remote access Trojan NetWire stealing payment card data from one organization.
PayPal fixed an issue that could have allowed an attacker to hijack OAuth tokens associated with any PayPal OAuth application.
Vulnerabilities in UberCENTRAL, a portal used by businesses to facilitate rides, could have leaked the names, phone numbers, email addresses, and unique IDs.
Attackers could exploit over-the-air updates in three million Android devices to remotely execute commands with root privileges via a man-in-the-middle (MiTM) attack.
Drupal fixed a handful of issues in version 7 and 8 of the content management system core engine that could have led to cache poisoning, social engineering attacks, and a denial of service condition.
Mike Mimoso and Chris Brook discuss the news of the week, including this week’s House hearing on the Internet of Things, Samy Kamkar’s PoisonTap tool, and Windows 10’s ransomware protections.
A vulnerability in iOS 8, 9, 10, and even the most recent beta version, 10.2 beta 3, could allow an attacker to access photos and contacts on a locked iPhone.
