Google Chrome 33 is out, and the new version of the browser includes fixes for 28 security vulnerabilities, including a number of high-severity bugs. The company paid out more than $13,000 in rewards to researchers who reported vulnerabilities that were fixed in this release. One of the high-priority vulnerabilities Google patched in Chrome 33 is[...]
Adobe released an out-of-band patch for its Flash Player that corrects a zero-day vulnerability being exploited in the wild in watering hole attacks against defense and public policy websites.
Microsoft made a Fix-It tool available as a temporary mitigation for a zero-day vulnerability in Internet Explorer 10. The zero day is being exploited by two hacker groups.
The Internet Bug Bounty program, a cooperative effort among security experts and vendors, paid out its first $10,000 bounty this week for a serious Flash vulnerability. The flaw, which Adobe fixed in December, was a serious one that has been used in targeted attacks. Started in November, the Internet Bug Bounty is a system set[...]
New report shows that health care industry intellectual property, payment information, and patient data are poorly protected and, in many cases, already compromised.
Duo Security acknowledged late last week that it had discovered a vulnerability in its WordPress plugin that could allow a user to bypass two-factor authentication (2FA) on a multisite network.
A new Metasploit module exploits a remote code execution vulnerability in Android devices prior to version 4.2.1, which encompasses 70 percent of Android devices.
Cisco’s UCS Director infrastructure management product contains a set of default credentials that any remote attacker can exploit to take complete control of any vulnerable machine. The flaw is in UCS Director versions 18.104.22.168 and below. The Cisco UCS Director software is designed to allow administrators to manage a variety of storage, networking, virtualization and[...]
Windows Error Reporting, or Dr. Watson, can be used to detect advanced exploits targeting organizations by fingerprinting exploit behaviors and correlating those with system or application crashes.
There are at least two different groups running attacks exploiting the recently published zero day vulnerability in Internet Explorer 10, and researchers say one of the groups used the bug to impersonate a French aerospace manufacturer and compromise victims visiting the spoofed Web page.