Yelp Launches Public Bug Bounty
Yelp today announced a public bug bounty, which will pay up to $15,000 for critical vulnerabilities found on its mobile and desktop sites, public API and other areas of its infrastructure.
Vulnerabilities
Adding CIA to DNA
In this Threatpost op-ed, computer engineer Alexandrea Mellen explores the need for information security concepts in genetic engineering, and how concepts such as the security triad of confidentiality, integrity and availability apply.
Android Patch Fixes Nexus 5X Critical Vulnerability
Google patched an undocumented vulnerability that allowed attackers to bypass Nexus 5X device’s lock screen via a forced memory dump that exposed the device owner’s password.
Apple has patched the Trident vulnerabilities in OS X and Safari. The flaws were originally disclosed in iOS and used to spy on a UAE human rights activist.
Mike Mimoso, Tom Spring, and Chris Brook discuss the news of the week, including the MedSec/Muddy Waters story, how the Angler EK was traced back to the Lurk Gang, Fairware hitting Linux servers, and the Bashlite IoT malware.
Researchers uncovered a global malvertising campaign exposing potentially millions of users to the risk of being hit with CrypMIC ransomware delivered via the Neutrino Exploit Kit.
Attackers are targeting insecure Redis instances, exposed to the internet, to access Linux servers and delete web files and folders in exchange for ransom.
Google patched 33 bugs in total in Chrome 53, almost half of which are branded high severity by the company.
Adobe pushed hotfixes to ColdFusion 11 and 10 installations addressing a XXE vulnerability that can be exploited processing OOXML documents.
Banks face persistent, sophisticated and sustained cyberattacks from hackers looking to exploit the SWIFT messaging network, according to reports.
