A new version of OpenSSH has been released, fixing four security vulnerabilities and a number of non-security related bugs. OpenSSH 7.0 includes patches for a use-after-free vulnerability and three other flaws, two of which only affect Portable OpenSSH. The maintainers of the software also gave users notice that the next version of the software would[…]
Browsing Category: Vulnerabilities
Lenovo is under fire again for installing a covert utility on laptops and desktops that some users have compared to a rootkit. The issue stems from a utility called the Lenovo Service Engine, that is designed to collect some system information and send it to Lenovo at the time the machine connects to the Internet. But[…]
Facebook doubles the payout of its Internet Defense Prize with a $100,000 award to a team of Georgia Tech researchers for a new class of browser-based memory-corruption vulnerabilities and a corresponding detection technique.
Researchers have identified a handful of vulnerabilities present in three different plugins used by the content management system WordPress.
Cisco is warning enterprise customers about a spike in attacks in which hackers use valid credentials on IOS devices to log in as administrators and then upload malicious ROMMON images to take control of the devices. The ROM Monitor is the program that initializes the hardware and software on IOS devices, and an attacker who[…]
A vulnerability patched by Microsoft in the Windows Mount Manager is being exploited in targeted attacks.
Microsoft released a security bulletin for its new Edge browser, patching four critical vulnerabilities.
UPDATE–Oracle, never the most researcher-friendly software vendor, has taken its antagonism to another level after publishing a blog post by CSO Mary Ann Davidson that rails against reverse engineering and saying that the company has no need for researchers to look at Oracle’s code for vulnerabilities because “it’s our job to do that, we are[…]
Adobe has released a massive update for Flash, the application that has become the Internet’s problem child. The update contains patches for more than 30 vulnerabilities in Flash on Windows, OS X, and Linux. Adobe pushed out the fixes on Tuesday afternoon, the latest in a long series of fixes for Flash in the last[…]
Google has patched a severe Android serialization vulnerability that exposes more than half of devices to takeover.