Vulnerabilities News, Articles and Updates

Oracle issues emergency patch for JoltandBleed bug in Tuxedo middleware

Oracle Corporation issued an emergency patch on Tuesday, fixing critical vulnerabilities affecting the Jolt server within Oracle Tuxedo that could be exploited over a network with no valid username or password credentials.

Disclose or exploit? White House reveals process for flaw disclosure

The process is intended to improve transparency, represent the interests of a multitude of stakeholders, and establish accountability both of the process and its operators.

Microsoft Patch Tuesday: 20 critical issues addressed

Microsoft's November Patch Tuesday rollout included patches 53 flaws, 20 rated critical, spread across a variety of products, including Edge, Internet Explorer, Windows and Office.

Adobe Patch Tuesday: 62 vulnerabilities for Reader/Acrobat, 5 critical for Flash Player

Adobe's November Patch Tuesday offering included 83 patches, including fixes for five critical-rated issues in Flash Player. Reader and Acrobat, by themselves, generated more than five dozen CVEs.

Researchers create mask that defeats iPhone Face ID feature

Barely one week after the highly anticipated launch of Apple's new iPhone X, security researchers are claiming they were able to defeat its Face ID facial recognition security feature using a carefully crafted mask worth approximately $150.

TERA video game patched after report of RCE bug in chat feature

Game developer Bluehole, Inc. issued a hotfix for its popular title TERA this weekend, following the circulation of a report revealing that the MMORPG's HTML-based chat function could be abused to spread malware.

Estonia suspends national 760,000 ID cards found prone to encryption vulnerability

Estonia on Friday blocked the certificates of 760,000 national ID cards in response to a cryptographic vulnerability that researchers have discovered is even more dangerous than originally reported.

Researchers find multiple malware families leveraging InPage exploit

An exploit in the InPage word processor program was used as an attack vector by three malware families.

Developers skeptical of app security, survey

Just under a third, or 31 percent, of respondents in a survey by NodeSource and Sqreen are confident that their code is free of vulnerabilities.

Cisco patches 16 vulnerabilities to kick off November

Cisco Systems on Wednesday issued patches for 16 different product vulnerabilities, half of which are considered high impact in nature.

Hack-It Ralph? Circle with Disney parental filter filled with exploitable flaws

A Disney-branded internet filter underwent automatic patching after researchers discovered multiple vulnerabilities that could have exposed users to cyberattacks, researchers from Talos have reported.

Google fixes three flaws that could have compromised its bug tracker service

A private website Google used to track bugs in its own products was discovered to have its own set of flaws that could have exposed sensitive vulnerability reports.

RIG EK used to spread Matrix ransomware via malvertising

Matrix ransomware is now being distributed via the RIG exploit kit on various sites displaying malvertising.

Apache OpenOffice patches four vulnerabilities in 4.1.4 update

Apache OpenOffice patched four medium vulnerabilities in the suites word processing and graphics apps.

Kaspersky transparency initiative to share code, updates to build trust

In the first phase of the transparency initiative, Kaspersky Lab plans to start an independent review of its source code and an assessment of its secure development lifecycle processes.

Study finds 25 percent of financial service employee mobile devices unpatched

A recent Symantec report found 25 percent of financial service employee mobile devices have unpatched vulnerabilities.

Research: U.S. slower than China at recording bugs in national vulnerability database

China's National Vulnerability Database (CCNVD) is much faster than its U.S. counterpart when it comes to reporting the latest confirmed product vulnerabilities, according to newly published research from Recorded Future.

#WatchOut for your kids! Smartwatches plagued with flaws

The Norwegian Consumer Council and Mnemonic researchers are warning consumers about the dangers of poorly secured smartwatches marketed to children.

Google Play bug bounty program aims to make Android apps safer

The program represents the first time top Android app developers are being asked establish public-facing vulnerability disclosure programs on the HackerOne platform...with Google Play picking up the tab for bonus bounties.

Cisco remedies critical unauthorized access bug in Cloud Services Platform

Cisco on Wednesday issued a security update to repair a critical unauthorized access vulnerability in its Cloud Services Platform (CSP) 2100.

Oracle patches 252 bugs, as researchers note increase in E-Business Suite and PeopleSoft flaws

Oracle Corporation released its quarterly Critical Patch Update on Tuesday, issuing fixes for 252 vulnerabilities, including extremely severe bugs found in the company's Hospitality Applications, Siebel CRM solution, and PeopleSoft HR software.

Microsoft secret vulnerabilities database breached in 2013

The database was populated with information on critical flaws, many of those unfixed, in the company's software that were of great value to hackers.

APT group's active exploit of Flash bug prompts emergency Adobe patch

Adobe Systems on Monday issued an emergency patch for a zero-day Flash Player vulnerability, after an APT group was discovered actively exploiting the bug as a means to infect machines with FinSpy surveillance malware.

Campaign leverages two malicious docs and RCE vulnerability to spread Orcus Rat

A malicious Microsoft Word document, discovered making the rounds via email, infects victims with the Orcus Rat remote administrative tool by automatically downloading a secondary doc capable of executing an RCE exploit.

Equifax takes down consumer webpage to probe possible second breach

Security Analyst Randy Abrams discovered evidence of a second breach, just a month after the company said the data on 145.5 million U.S. consumers had been exposed when attackers exploited a vulnerability in Apache Struts.

Mozilla patches three critical issues in Thunderbird and Firefox

Mozilla issued a security update stating that the newly released Thunderbird 52.4 , Firefox 56 and Firefox ESR 52.4 patch 10 vulnerabilities, two rated critical, five high and three moderate found in earlier iterations of the software.