Vulnerabilities News, Articles and Updates

Teen arrested for reporting bug in Budapest transit system

An 18-year-old Budapest man was arrested after reporting a poor security glitch in the cities public transportation system.

Two RCE, four DoS flaws found in FreeRDP

"The open source nature of the FreeRDP library means that it is integrated into many commercial remote desktop protocol applications," Talos researchers wrote in a blog post.

Killing video game characters enables remote code execution in Valve games

Video game developer Valve Corporation recently created a patch to fix a buffer overflow vulnerability in its Source SDK library that can allow for remote code execution on client and server devices.

Devil's Ivy bug patched after found in toolkit potentially used by millions of IoT devices

Researchers investigating a vulnerability in security cameras from Axis Communications ended up uncovering a far more wide-ranging threat when they discovered the flaw actually lies within a toolkit used by myriad IoT product developers.

Oracle patches 308 bugs, including high-risk arbitrary download flaw in E-Business Suite

Oracle has issued a critical patch update for July 2017, fixing 308 vulnerabilities across its product line.

FBI PSA says connected toys may present privacy risks to children

The agency encourages parents to do their due diligence into the cybersecurity of toys that connect to the internet both directly through Wi-Fi and indirectly via Bluetooth to a mobile device connected to the internet.

Cisco patches critical remote code execution flaw in WebEx browser extensions

Cisco on Monday released software updates to fix a critical remote code execution vulnerability in its WebEx browser extensions for both the Google Chrome and Mozilla Firefox browsers.

Elon Musk: biggest concern for autonomous vehicles is fleet hack

As automakers rush to bring autonomous vehicles to market, white hats continue to find vulnerabilities that could be exploited remotely.

Thousands of hosts still vulnerable to EternalBlue after WannaCry attacks

Researchers found just two weeks after the EternalBlue exploit was used in the WannaCry ransomware attack that 60,000 hosts are still vulnerable.

Uber patches authentication bypass flaw

Uber recently patched an authentication bypass vulnerability on its custom single sign-on solution.

SAP addresses high-priority POS server flaw on Patch Tuesday

SAP on Tuesday released a dozen security notes after developing patches for a series of vulnerabilities, including a high-priority flaw in its Point of Sale Retail Xpress Server that could expose the server to attackers.

Patch Tuesday: Adobe addresses three Flash Player vulnerabilities

Adobe issued a light Patch Tuesday bulletin today covering three vulnerabilities in Flash Player and three in Adobe Connect for Windows.

Google patches 138 vulnerabilities in Android, Nexus, Pixel

Google this week released its July 2017 security bulletin for the Android operating system and Nexus and Pixel devices, making patching available for all 138 vulnerabilities.

Cisco fixes seven bugs, including three critical vulnerabilities

Cisco on Thursday released security updates to fix multiple vulnerabilities - three critical in severity - in its Elastic Services Controller, Ultra Services Framework and Staging Server, and StarOS CLI products.

Trio of Lenovo Vibe vulnerabilities can lead to device rooting

Lenovo VICE mobile phones running on Android Lollipop and earlier versions contain three vulnerabilities that allow rooting of the device.

Four nabbed for tech support telephone scam

Four people have been arrested in the U.K. and charged with running a tech support scam posing as Microsoft technical support personnel.

Automotive and IoT companies paying handsomely as bug bounty rewards rise

The average bug bounty payout has jumped from $295 a little over a year ago to $451, as the automotive industry leads the way with an average payout of $1,514, according to Bugcrowd, a leading vulnerability disclosure platform provider.

Siemens patches critical vulnerabilities in infrastructure tech

German industrial manufacturing company Siemens patched a pair of vulnerabilities in their products.

Cisco fixes multiple product bugs to prevent malicious code execution, DoS conditions

Cisco has patched vulnerabilities in its Prime Infrastructure (PI) and Evolved Programmable Network Manager (EPNM), Virtualized Packet Core - Distributed Instance (VPC-DI), and WebEx Network Recording Player products.

A quarter of enterprises worldwide affected by Wannacry or Fireball, Check Point report

The top three malware families in May impacted a quarter of the globe's organizations with zero-day attacks, according to Check Point's latest Global Threat Impact Index.

'Doubleswitch' targeting activists via social media, Access Now report

The scourge is intended to silence journalists, activists and human rights defenders.

Acronis True Image develops patch, after utility software fails to update securely

The disk back-up utility software Acronis True Image is susceptible to arbitrary code execution attacks because it does not perform update operations securely, according to a new vulnerability advisory published on Monday.

Vault 7: WikiLeaks dumps reveal CIA's use of home router exploits

The latest WikiLeaks dump shows off the CIA's exploitation of vulnerabilities in internet routers.

Stack Clash exploits spotted in Linux, OpenBSD, NetBSD, FreeBSD and Solaris

Researchers spotted a Stack Clash vulnerability in several operating systems which can be used to corrupt memory and execute arbitrary code.

Samsung left millions at risk by not renewing domain, patches Magician

Samsung Magician recently patched a flaw which could allow an attacker to execute arbitrary code but a separate flaw may have left millions at risk all because of an renewed domain.

Security updates announced for Mozilla Thunderbird, Google Chrome, ISC's BIND

The US-CERT on Thursday announced security updates to Mozilla Thunderbird, Google Chrome and the Internet Systems Consortium's BIND Domain Name System software.

Microsoft releases Patch Tuesday fixes, including WannaCry defense

Defenses to thwart the WannaCry malware have been embedded into the latest Patch Tuesday release from Microsoft.