Vulnerabilities

Chrome 40 Patches 62 Security Vulnerabilities, Pays Bounties Aplenty

Google released version 40 of the Chrome browser, patching 62 vulnerabilities, including close to two-dozen critical memory corruption flaws.

Adobe Patches One Zero Day in Flash, Will Patch a Second Flaw Next Week

UPDATE–Adobe has released an emergency update for Flash to address a zero-day vulnerability that is being actively exploited. The company also is looking into reports of exploits for a separate Flash bug not fixed in the new release, which is being used in attacks by the Angler exploit kit. The vulnerability that Adobe patched Thursday is […]

Exploit for Flash Zero Day Appears in Angler Exploit Kit

The dangerous Angler exploit kit has a new piece of ammunition to use in its attacks: a fresh Adobe Flash zero-day vulnerability.

Bypass Demonstrated for Microsoft Use-After-Free Mitigation in IE

by Michael Mimoso

January 21, 2015

A researcher has developed a bypass for Microsoft’s latest memory corruption mitigations in Internet Explorer, Heap Isolation and Delay Free.

Hard-Coded FTP Credentials Found in Schneider Electric SCADA Gateway

by Dennis Fisher

January 21, 2015

Two flaws in Schneider Electric’s ETG3000 FactoryCast HMI Gateway allow unauthenticated remote access to the device’s FTP server and configuration file.

Oracle Patches Backdoor Vulnerability, Recommends Disabling SSL

by Michael Mimoso

January 21, 2015

Oracle’s January 2015 Critical Patch update includes a fix for a backdoor found in the Oracle E-Business Suite by researcher David Litchfield. The patch is among 169 released in the CPU.

Like a Nesting Doll, Vawtrak Malware Has Many Layers

by Chris Brook

January 20, 2015

Researchers have peeled back more layers on Vawtrak, a relatively new banking Trojan so complex that those who have taken it apart have likened it to a Matryoshka, or Russian nesting doll.

Ubuntu Patches Several Security Flaws

by Dennis Fisher

January 20, 2015

Ubuntu has released a number of patches for security vulnerabilities in several versions of the OS, including some remote code execution flaws in Thunderbird, which is included with Ubuntu. Thunderbird is Mozilla’s email client, and the company recently fixed several memory corruption vulnerabilities, along with a cross-site request forgery bug and a flaw that could lead to […]

Academics Use Siri to Move Secrets Off Jailbroken iOS Devices

by Michael Mimoso

January 20, 2015

Researchers describe an attack leverage Siri on jailbroken iOS devices to steal secrets such as credit card numbers or passwords.

Nasty Oracle Vulnerability Leaves Researcher ‘Gobsmacked’

by Dennis Fisher

January 20, 2015

Oracle on Tuesday will release a huge number of security fixes as part of its quarterly critical patch update, and one of them is a patch for a vulnerability that a well-known security researcher said looks a lot like a back door but was likely just a terrible mistake. The flaw is found in Oracle’s […]

Vulnerabilities

Chrome 40 Patches 62 Security Vulnerabilities, Pays Bounties Aplenty

Adobe Patches One Zero Day in Flash, Will Patch a Second Flaw Next Week

Exploit for Flash Zero Day Appears in Angler Exploit Kit

Bypass Demonstrated for Microsoft Use-After-Free Mitigation in IE

Hard-Coded FTP Credentials Found in Schneider Electric SCADA Gateway

Oracle Patches Backdoor Vulnerability, Recommends Disabling SSL

Like a Nesting Doll, Vawtrak Malware Has Many Layers

Ubuntu Patches Several Security Flaws

Academics Use Siri to Move Secrets Off Jailbroken iOS Devices

Nasty Oracle Vulnerability Leaves Researcher ‘Gobsmacked’

InfoSec Insider

Securing Your Move to the Hybrid Cloud

Why Physical Security Maintenance Should Never Be an Afterthought

Conti’s Reign of Chaos: Costa Rica in the Crosshairs

How War Impacts Cyber Insurance

Rethinking Vulnerability Management in a Heightened Threat Landscape

Topics

Authors

Threatpost

Vulnerabilities

InfoSec Insider

Topics

Authors

Threatpost

Infosec Insider Post

Sponsored Content