Vulnerabilities News, Articles and Updates

Cisco issues patches for flaws stockpiled by CIA, exposed by WikiLeaks

Cisco has issued a critical advisory on a number of security updates to address vulnerabilities in more than 300 of its switch models, some of which were detailed in Vault7, a recent dump from WikiLeaks.

Libpurple vulnerability leads to remote code execution

Kaspersky Labs has disclosed a vulnerability in libpurple that if exploited could allow remote code execution.

Website hacks up by a third in 2016, Google

Looking at the State of Website Security in 2016, researchers at Google have detected a sharp rise in the number of hacked sites.

Flaw in McDonald's mobile app in India delivers not so tasty options

A flaw in a mobile app is leading to some unappetizing offerings for McDonald's customers in India.

Adobe patches Flash Player, Shockwave vulnerabilities

Although Adobe has not observed exploitation of the vulnerabilities in the wild, the Flash Player update is considered priority one.

Cisco patches several tools

Cisco released patches to address vulnerabilities impacting several of its products.

Association of British Travel Agents web server breach impacts 43,000 individuals

The Association of British Travel Agents has suffered a data breach affecting approximately 43,000 individuals after an unauthorized intruder exploited a vulnerability in a third-party web server, the trade organization acknowledged.

Apache Struts vulnerability being exploited by attackers

Starting last Thursday (9 March 2017), AlienVault has seen a high number of attackers trying to exploit this vulnerability and recommends patching as soon as possible.

Researchers hack Fitbits and other IoT devices using sound

A group of researchers from the University of Michigan and the University of South Carolina were able to develop a series of attacks that manipulate devices using sound

Old iOS vulnerability spotted in Nintendo Switch browser

A researcher has already found an old vulnerability in the Nintendo Switch which could allow remote attackers to execute arbitrary code.

FBI, CIA launch probe into WikiLeaks; Apple, Google assure zero-day fixes

The information released has yet to be verified but revealed multiple zero days that Apple and Google said are being fixed.

To disclose or not to disclose, RAND study weighs 0-day options

One premise of a RAND study into zero-day vulnerabilities, is that they are useful in cyber operations - whether by criminals, militaries or governments.

Vulnerability in Apache Struts active in the wild

A new vulnerability has been spotted in Apache's Struts open-source project that has been spotted active in the wild allowing remote code execution.

Flash Seats ticketing app users could get scalped by a MITM attack

The Flash Seats Mobile App for iOS, a sports and entertainment ticket management app, is vulnerable to man-in-the-middle attacks due to improper validation of SSL certificates provided by HTTPS connections.

Nearly two-thirds of polled organizations hit by ransomware, CyberEdge report

Sixty-one percent of organizations polled in a survey from CyberEdge Group responded that they'd been hit by a ransomware demand, a third of those paid the ransom demand.

Upgrade to v4.7.3, WordPress users advised

Six bugs in WordPress were patched that could have opened the platform to exploitation by bad actors.

vBulletin exploited to display malvertising, Sucuri report

"A troublesome situation" has arisen for users of vBulletin.

The retail industry steps up the fight against cyber-threats

The British Retail Consortium releases practical guidance for British retail businesses to ensure they have the appropriate preventative and response measures in place to reduce their vulnerabilities and to protect both themselves and their customers.

Office 365 bug bounty maximum prize $30,000 until May 1

The Microsoft Online Services Bug Bounty program has doubled the maximum payment for vulnerabilities found on the company's Microsoft Office 365 Portal and Microsoft Exchange Online.

HackerOne offering free bug bounty coordination

HackerOne will provide its HackerOne Pro platform as a free service to foster open source projects for vulnerability submission and coordination and bug bounties.

Third party develops temporary patch for Microsoft flaw that Google disclosed

Security research firm ACROS Security has issued a third-party patch for a Microsoft vulnerability that Google disclosed last month after Microsoft failed to issue a patch within Google's imposed 90-day deadline.

Proton RAT malware not a positive development for Mac users

Questions continue to swirl surround a mysterious Mac-based remote-access trojan (RAT) malware program called Proton, which Apple addressed in a recent update to its anti-malware program XProtect.

DNS-based malware detected, Cisco report

Researchers at Talos released findings of their investigation into a curious piece of malware that went to great lengths to disguise its origins.

Google pumps up Chrome security for macOS

Users of Apple's macOS system will soon begin to see more warnings as they browse or attempt to download files.

Talos flags flaw in Cisco's Smart Install clients

Cisco Talos issued a warning that attackers are using a publicly available tool to scan customer systems searching for Cisco Smart Install clients to leverage a known flaw to remove files or enable remote code execution.

Iceni Argus patches six remote code execution bugs

Cisco Talos research team has spotted multiple remote code execution vulnerabilities in the Iceni Argus PDF content extraction product.

Bugs detected in Siemens RUGGEDCOM NMS line

Two flaws have been detected in Siemens RUGGEDCOM NMS line of network management tools that could open the equipment up to remote exploitation.

Zscaler fixes XSS vulnerability in admin portal affecting co-workers

Cloud security vendor fixes cross-site-scripting bug, downplays the threat, says it would only affect co-workers.