China CERT: We Missed Report On SCADA Hole

China’s Computer Emergency Response Team (CERT) admitted that it missed a September e-mail message from a researcher at NSS Labs that pointed out a critical vulnerability in a commonly used SCADA (Supervisory Control And Data Acquisition) software package. The lapse resulted in a gap of almost four months before the hole was patched.

Google Picasa Heap Overflow Hole Closed

Secunia reports a hole in Google’s Picasa image management and editing software that allows attackers to compromise Windows using specially crafted JPEG images to provoke an integer overflow in the PicasaPhotoViewer.exe file, which can then be exploited to cause a heap overflow. Google closed the hole in the recently released Picasa 3.6 build
105.41, although Google’s release notes say nothing about a fix. Read the full article. [The H Security]

Subscribe to our newsletter, Threatpost Today!

Get the latest breaking news delivered daily to your inbox.