Mike Mimoso and Chris Brook discuss the news of the week, including Pwn2Own 2017, Microsoft’s silence around February’s Patch Tuesday, and a nasty SAP bug.
Browsing Category: Web Security
On the first day of Pwn2Own 2017 hackers poked holes in Adobe Reader, Apple Safari, Microsoft Edge, and Ubuntu Linux.
WhatsApp and Telegram patched vulnerabilities in the last week that could have let an attacker take over a user’s account.
For a long time, exploit kits were the most prolific malware distribution vehicle available to attackers. Where did they go and what’s replaced them?
Adobe fixed seven vulnerabilities, six that could lead to code execution, in Flash Player on Tuesday.
The recently patched REST API Endpoint vulnerability in WordPress could be leveraged to pull off stored cross-site scripting attacks.
Google paid out $38,000 in bounty rewards tied to flaws it fixed with a Chrome 57 browser update.
While probes looking for vulnerable Apache Struts 2 deployments continue, malicious traffic has tapered off, researchers at Rapid7 said.
A look at 200 zero day vulnerabilities reveals key details on longevity, value and how long it takes to create one after a software vulnerability has been identified.
Apache administrators are urged to immediately upgrade the Struts 2 web application framework to address a remote code execution flaw under public attack.