Vulnerabilities News, Articles and Updates

Samba patches remote code execution bug that researchers warn could have worldwide impact

The developers of the Samba suite of SMB/CFIS-based interoperability applications for *NIX machines issued an important patch on Wednesday, following the discovery of a remote code execution vulnerability.

Twitter flaw would have let users post tweets to any account

A researcher going by the moniker Kedrisch spotted a Twitter vulnerability which would've allowed a user to post tweets from any user's account.

Patched Verizon Messaging XSS bug allows for complete takeover of service

In a personal blog post published on Sunday, a security researcher provided details into a cross-site scripting vulnerability he discovered in the Verizon Messages SMS texting service, which was patched late in 2016.

Orgs overwhelmed by vulnerabilities, alerts, report says

Some of the pressure came from having smaller budgets and teams, though the research found that "having a lot of money is not always a good thing."

Pair of Artifex MuPDF memory corruption vulnerabilities patched

If exploited, both could lead to arbitrary code executive, the company reported.

40 Asus routers affected by five vulnerabilities

Researchers at Nightwatch Cybersecurity spotted nearly 40 Asus RT routers with five vulnerabilities.

Flaw in S. Korean word processor Hangul enabling arbitrary code attacks, Talos

A flaw in a popular word processing program in South Korea is opening the door for malicious attackers to deliver arbitrary code to victims' computers.

OSS-Fuzz uncovered more 1K bugs, 264 could be security vulnerabities

Google also announced that its Patch Rewards program going forward would "include rewards for the integration of fuzz targets into OSS-Fuzz."

Intel posts security bulletins, Cisco examines PowerISO flaw

Intel issued a critical firmware update that impacts several of its product families and Cisco Talos dug into a pair of vulnerabilities impacting Power Software Power ISO disk managing software.

Intel AMT chip bug suspected backdoor, but likely coding error

Some researchers accused the vulnerability of being a backdoor, others are less skeptical.

Joomla! patches XSS vulnerabilities

Joomla! recently patched two cross-site scripting vulnerabilities that if left unrepaired could give a malicious actor higher permissions possibly allowing the targeted site to be taken over.

Hackers plunder bank accounts via SS7 TFA flaw - risk known 'for years'

O2 has admitted that thieves exploited flaws in SS7 to steal money from victim's bank accounts.

Google issues May Android security bulletin

Google has released its May security updates for Android including a laundry list of critically rated issues along with updates for its Nexus and Pixel smartphones.

UPDATE: Intel warns of longstanding critical vulnerability in firmware

Intel issued an advisory on Monday warning of a critical escalation of privilege vulnerability in its firmware that can enable attackers to seize control of its products' manageability features.

Yahoo awards $7K for Flickr account takeover flaw

Yahoo awarded a $7,000 bug bounty to a researcher who spotted three bugs that could be leveraged to takeover a Flickr account.

Flaw detected in Randombit Botan library, Talos

Security researchers at Talos have uncovered a flaw in the Randombit Botan library.

IrfanView plug-in updated to fix arbitrary code execution flaw

The jpeg2000 (JP2) plug-in for the Windows-based image viewing and editing application IrfanView has been updated to address a vulnerability that can lead to arbitrary code execution, Cisco's Talos division has reported.

Hack the Air Force revs up May 15

While details on the bounties have not been released yet, the initiative will start May 15 and run from May 30 until June 23.

Microsoft bug linked to spy campaigns, bank thefts reportedly took 6 months to fix

A zero-day bug in Microsoft Office and WordPad that hackers exploited to spy on targeted users, implant malware, and steal banking credentials took nine months to fix, according to news reports.

Hot & Cold: Adobe apples hotfixes to ColdFusion to help prevent XSS exploit

Adobe Systems on Tuesday issued a series of hotfixes that addresses an input validation flaw in multiple versions of its ColdFusion web application development platform.

Flaw in Portrait Displays SDK apps enable RCE

A bug in applications developed using Portrait Display SDK default to insecure configurations enabling arbitrary code execution.

Researcher pwns Charles Darwin to demonstrate Microsoft Edge exploit

Even Charles Darwin couldn't protect his Twitter account from being hijacked after a researcher stole his cookies and passwords by exploiting a reported universal cross-site scripting vulnerability in the Microsoft Edge browser.