Dennis Fisher and Mike Mimoso talk about the VENOM vulnerability, the idea of marketing bugs, Microsoft’s new Edge browser security features and the awesome CSI: Cyber finale.
Browsing Tag: vulnerabilities
Mozilla has fixed 13 security flaws in Firefox 38, including five critical vulnerabilities. The new version of the browser also includes a feature that enables the use of DRM-enabled video content in Firefox, a decision that comes with some controversy. DRM (digital rights management), the generic name for technologies that are used to restrict the[…]
For many years now, the browser has been the most dangerous piece of software on most users’ machines. Attackers love to target browsers and a remote code execution bug in a major browser is gold for them. The browser vendors have been making gradual changes to better protect users in recent years, and now Microsoft[…]
Two vulnerabilities in two different WordPress plugins – an Arbitrary Variable Overwrite vulnerability in eShop, and an XSS vulnerability in Jetpack – were identified this week.
Hospira’s Lifecare PCA3 Drug Infusion pumps are susceptible to multiple remotely exploitable vulnerabilities that could not only brick the device but allow an attacker to run commands and put lives in jeopardy.
Buffer and integer overflow vulnerabilities have been patched in the ICU Project ICU4C library, used in hundreds of open source and enterprise software packages.
For the second time in less than a week, Google has updated its Password Alert extension for Chrome to address a method for bypassing the warning screens that alert users that they’re entering data on a non-Google site.
Researchers have identified a serious vulnerability in some versions of Oracle’s MySQL database product that allows an attacker to strip SSL/TLS connections of their security wrapping transparently. The vulnerability is the result of the way that an option in MySQL handles requests for secure connections. Researchers at Duo Security discovered the bug after noticing some[…]
The manufacturer of a popular projector found primarily in classrooms is neglecting to address several authentication bugs that exist in the device that could open it up to hacks.
Siemens has released an update for some of its ICS products that are affected but the glibc Ghost vulnerability that was disclosed in January. The vulnerability affected both the Siemens Sinumerik and Simatic HMI Basic applications, which are used in a variety of industrial situations. “The affected products, SINUMERIK, SIMATIC HMI Basic, and Ruggedcom, are used as an[…]