Vulnerabilities News, Articles and Updates

Struts and Shadow Brokers exploits among the 299 fixed by Oracle patch

April 19 may now be known as Oracle Patch Day with the company issuing and record 299 critical security fixes, including several that patch issues that can be exploited by some of the leaked NSA tools.

Microsoft's Patch Tuesday new Security Update Guide gets mixed reviews

Microsoft's April Patch Tuesday finally revealed the company's new approach in rolling out and informing the industry on the security updates for the month and at best has received mixed reviews from industry insiders.

CERT/CC issues vulnerability advisory for 'Equation Group' exploit targeting IBM Lotus Domino

The CERT Coordination Center has issued an advisory for a vulnerability in IBM Domino servers that has apparently been exploited by a technique referenced in the Shadow Brokers' latest unauthorized release of alleged NSA hacking tools.

VMware security update patches RCE flaw

VMware released security updates to contend with a vulnerability in vCenter Server.

New social media site Mastodon potential cybersecurity tar pit

A new social network named Mastodon popped up a few months ago that is designed to deliver a decentralized, open-source experience, but its unique structure may make its members vulnerable to cyberattacks.

Hackers attacking WordPress sites via home routers

hackers are launching coordinated brute-force attacks on the administration panels of WordPress sites via unsecured home routers.

Attackers Strut Their Stuff, exploiting Apache Struts 2 framework to serve ransomware

Bad actors have been leveraging a disclosed remote code execution exploit in Apache Struts 2 to launch an evolving array of malicious campaigns, including Cerber ransomware attacks, against machines that still use unpatched versions of the software.

Broadcom patches chipset flaws that enable remote code execution on Android and ioS devices

A Google Project Zero researcher has detailed a series of vulnerabilities in Broadcom's Wi-Fi chipsets that could potentially allow remote code execution on Android and iOS devices.

Cisco releases patches for several products

On Thursday, Cisco released a number of patches to mitigate exposures affecting several products.

Patches issued for Java flaws

A number of Java implementations of AMF3 are susceptible to insecure deserialization and XML external entities reference, according to an advisory from CERT.

Google bug bounty contest ends without a winner... or even a single valid entry

Google's Project Zero Prize ironically lived up to its name when the company announced last week that not a single researcher submitted a valid entry to the company's bug bounty contest.

Samsung Tizen OS found to contain over 40 zero-day vulnerabilities

Samsung's smart device operating system, Tizen - designed to replace Google's Android OS - is the "worst code" ever seen, says security researcher.

Islamic State site hacked to spread malware

Amaq, a media channel used by the Islamic State, was hacked and was distributing malware via a Flash Installer.

Five security issues addressed with Chrome update

Google issued an update to address five bugs in its Chrome browser that, if exploited, could enable remote attackers to gain control of an affected system.

Google researcher spots second critical bug in LastPass

For the second time in two weeks, Google researcher Tavis Ormandy has discovered a critical vulnerability in LastPass.

Apple patches bugs, reportedly reconfigures iOS to stifle pop-up scam

Apple on Monday released security updates for multiple products, and in the process also reconfigured iOS to address a pop-up issue that scammers were abusing to lock users out of their Safari mobile browsers in an attempt to extort money.

iTunes 12.6 addresses 17 vulnerabilities apiece in macOS and Windows devices

Apple last week updated its iTunes software to version 12.6 for its macOS products as well as Windows devices, in both cases fixing the same 17 vulnerabilities.

Teenage Israeli cybercriminals close to indictment, report

Police in several countries are wrapping up investigations of two 18-year-old Israelis suspected of causing $1.6 million in damages from hawking software intended to crash websites.

FBI Director Comey advocates for weakening of security

FBI director James Comey advocated for an easing of security mechanisms so that law enforcement worldwide would have an easier time snooping on encrypted communications.

Microsoft tool exploit DoubleAgent can turn antivirus software into your worst enemy

Researchers from Cybellum have discovered a 15-year-old code injection vulnerability and exploit technique that could allow attackers to maliciously take over antivirus programs and other software by abusing Microsoft's Windows Application Verifier debugging tool.

Hack of ABC's Twitter account hails Trump

The Twitter accounts of Good Morning America, GMA Pop News and ABC News were hacked on Thursday with a series of posts being added, including two praising Donald Trump.

Cisco issues patches for flaws stockpiled by CIA, exposed by WikiLeaks

Cisco has issued a critical advisory on a number of security updates to address vulnerabilities in more than 300 of its switch models, some of which were detailed in Vault7, a recent dump from WikiLeaks.

Libpurple vulnerability leads to remote code execution

Kaspersky Labs has disclosed a vulnerability in libpurple that if exploited could allow remote code execution.