Vulnerabilities News, Articles and Updates

Blender 3D open source platform plagued with arbitrary code vulnerabilities

Cisco Talos researchers identified multiple unpatched vulnerabilities in the Blender Open Source 3D creation suite that could allow an attacker to run arbitrary code.

Facebook bug bounty program paid out $880K in 2017

The 2017 number brings the total payout for the six-year program to $6.3 million.

Researchers find 147 vulnerabilities in 34 SCADA mobile applications

Researchers released a whitepaper outlining 147 vulnerabilities in 34 mobile applications used in tandem with Supervisory Control and Data Acquisition (SCADA) systems.

Researchers: Security of messaging apps breaks down during group chats

Academic researchers have reported vulnerabilities in the group communication protocols of three encrypted messaging apps -- WhatsApp, Signal, and Threema -- that could allow attackers to willfully subvert their integrity and confidentiality.

Malicious websites can steal from vulnerable Electrum cryptocurrency wallets

The popular Bitcoin client Electrum has developed a patch for a critical vulnerability that allows malicious websites to steal from digital wallets that are not password-protected.

Intel's Krzanich sold $39 million in stock before chip flaws disclosed

Intel CEO Brian Krzanich's sale of Intel stock in November before security flaws in the chip became public is raising some eyebrows among regulatory and legal officials.

Privacy of location tracking device owners threatened by 'Trackmageddon' flaws

A slew of online services used to manage GPS- and GSM-based location tracking devices have been found vulnerable to flaws that could allow attackers to hijack these devices and reveal their owners' past and current locations.

VMware repairs three critical bugs in vSphere Data Protection

VMware issued patches on Wednesday for a trio of critical vulnerabilities in its vSphere Data Protection disk-based backup and recovery solution.

Mozilla patches one critical, two high flaws in Thunderbird

Mozilla issued a series of security updates for Thunderbird 52.5.2 that includes a critically rated buffer overflow issue that could lead to a crash if exploited.

Microsoft bug CVE-2017-11882 exploited to deliver Loki information stealer

Attackers continue to exploit a recently patched remote code execution vulnerability in the Microsoft Equation Editor component of Microsoft Office, this time using the bug to deliver a modified version of Loki information-stealing malware.

VMware fixes bugs in vCenter Service Appliance, three hypervisors

VMware on Tuesday patched a series of vulnerabilities in its ESXI, Workstation Pro, and Fusion hypervisors, as well as its vCenter Server Appliance.

Attackers exploit old WordPress to inject sites with code enabling site redirection, takeover

Attackers have exploited an old WordPress vulnerability to infect more than one thousand websites with malware capable of injecting malvertising and even creating a rogue admin user with full access privileges, according to researchers.

Top Google Play App Dune! leaks data and geolocates users

A Top Google Play App was found to be leaking sensitive data and to contain several OWASP flaws

Apple releases security updates in devices shortly after releasing another KRACK fix

Apple released security updates for its cellphones, set top box and Window's iCloud platform shortly after rolling out another patch for the KRACK exploits.

Apple addresses KRACK exploits in AirPort Base Station firmware

Apple has continued to roll out patches to fix the KRACK (Key Reinstallation AttaCKs) series of vulnerabilities, this time in its AirPort Base Station firmware.

Microsoft Patch Tuesday: 34 vulnerabilities most browser related

Microsoft's December Patch Tuesday release contained 34 vulnerabilities with 22 of these being rated critical and affecting the company's browser products.

Two keyless entry door locks vulnerable to unauthenticated requests

A vulnerability found in two keyless entry door locks enables local attackers to lock and unlock doors.

HP fixes hidden, deactivated keylogger in 460 laptop models

HP said an attacker would need administrative privileges in order to take advantage of the vulnerability.

Researchers: Microsoft Office flaw exploited by suspected Iranian APT group

Researchers believe a suspected Iranian APT group is responsible for a recent cyber espionage operation that targeted a Middle Eastern government organization, using a recently patched remote code execution vulnerability in Microsoft Office as an attack vector.

Microsoft issues emergency fix for Malware Protection Engine flaw

The vulnerability impacts numerous Microsoft security offerings, including multiple versions of Microsoft Exchange, ForcePoint End Point Protector and Defender.

Mozilla patches two vulnerabilities, one rated critical

The Mozilla Foundation has fixed two security issue, one rated critical, in Firefox 57.0.2 and Firefox ESR 52.5.2.

Uber paid Florida hacker responsible for breach $100K through bug bounty program

Uber reportedly funneled payment through the program - intended to encourage security researchers to find and disclose vulnerabilities - which is hosted by HackerOne.

Google patches 37 security issues in Chrome

Google issued patches for 37 security issues in Chrome, with one being rated critical and six considered high risks, with the release of Chrome 63.0.3239.84.

Newly created tool spots TLS vulnerability in major banking and VPN apps

Eight banking apps and one virtual private app were found to contain a hidden vulnerability in their TLS protections, which can be exploited to perform MITM attacks, according to academic researchers who created a new black-box tool capable of detecting the flaw.

MailSploit bugs let spoofed emails bypass DMARC, spam detectors

The spoofed emails are "virtually unstoppable," said the researcher who discovered the MailSploit vulnerabilities.