Vulnerabilities News, Articles and Updates

Oath rolls out unified bug bounty program

The unified program's kick-off at a live nine-hour hacking event with 40 researchers last weekend in San Francisco resulted in more than $400,000 being paid out.

AMD Processors address Spectre vulnerabilities

AMD announced the release of processor security updates for vulnerabilities concerning the Spectre Variant 2 vulnerability or Microsoft Windows users.

SirenJack flaw exposes problems in emergency alert system

Security researchers have found a flaw in the emergency alert warning siren system used by many local authorities - could be sounded by hackers, research finds.

Adobe Patch Tuesday includes ColdFusion updates

Adobe's April 10, 2018 Patch Tuesday addressed 14 security issues including 6 in Flash Player.

GAO report recommends stronger security controls for third parties that receive Medicare beneficiary data

The U.S. Government Accountability Office (GAO) last week publicly released a report warning that the Centers for Medicare and Medicaid Services (CMS) has failed to provide specific security controls guidance to research organizations with whom it shares Medicare beneficiary data.

Microsoft adds ransomware protection, recovery tools to Office 365

Microsoft has rolled out a series of new tools to protect its Office 365 Home and 365 Personal customers from a variety of cyberthreats, including ransomware.

Intel urges users to delete remote keyboard app, halts Spectre fixes on older chips

Intel is instructing users of its remote keyboard to delete the app after a critical flaw was found and that the firm is halting Spectre fixes on older chips.

Natus reportedly updates EEG device software to squash RCE, DoS bugs

Health care device manufacturer Natus Medical Incorporated has reportedly updated the software used in its Xltek EEG products, which monitor brain activity, after a researcher discovered five vulnerabilities that a remote, unauthenticated attacker could exploit to trigger code execution of a denial of service condition.

Microsoft pushes update for critical RCE bug in Malware Protection Engine

Microsoft Corporation on Tuesday announced an emergency patch for a memory corruption vulnerability in its Microsoft Malware Protection Engine (MMPE) that remote attackers can exploit to execute arbitrary code in the security context of the highly privileged LocalSystem account.

Newest Apple releases squash bugs in iOS, macOS, Safari, various apps

Apple addressed a bevy of security bugs late last week, after issuing updated versions of its current operating systems, Safari browser and other core products, as well as security enhancements for two older OS offerings.

7 common flaws that keep security managers up at night

With all the focus on high-profile malware cases, it's vulnerabilities in Word docs, PostScript printers and IoT devices that can really drive you crazy.

Drupal issues patches for highly critical vulnerability

Drupal has issued an alert for users to patch a highly critical remote code execution vulnerability within multiple subsystems of Drupal 7.x and 8.x.

7 points CEOs need to know about Spectre and Meltdown

Use these talking points to get your top management up-to-speed on the disturbing chip design flaw.

Github announces 4 million vulnerabilities patched in half a million repositories

Github announced the discovery of more than 4 million vulnerabilities in more than half a million repositories.

Drupal advises be on lookout for highly critical release

Drupal is calling its users to be on standby for the announcement of a highly critical release on March 28 that will address issues in Drupal 7 and 8.

Hackers exploit old flaw to turn Linux servers into cryptocurrency miners

The malicious actors who installed and ran a cryptocurrency mining operation on hacked Tesla ASW servers and Jenkins servers is now targeting servers running Linux and has so far generated more than $74,000 in Monero.

Citrix doles out hotfixes for host compromise and DoS bugs in XenServer

Citrix Systems on Wednesday issued hotfixes for its XenServer hypervisor product, fixing vulnerabilities that attackers could exploit to remotely compromise a host compromise or cause a denial of service condition.

Binge watching and bug watching: Netflix launches public bug bounty program

Digital entertainment powerhouse Netflix officially launched a public bug bounty program on Wednesday, offering vulnerability hunters anywhere from $100 to $15,000 per discovery.

AMD addresses critical vulnerabilities with pending update, says flaws not as severe

Advanced Micro Devices (AMD) will release firmware patches and a BIOS update in the coming weeks to fix chipset vulnerabilities.

15-year-old finds vulnerability in Ledger cryptowallets

A 15-year-old security researcher discovered a serious flaw in Ledger cryptocurrency wallets

Microsoft launches $250,000 bug bounty for Spectre/Meltdown-like flaws

Microsoft has kicked off a bug bounty program that could bring in between $25,000 and $250,000 to anyone able to find vulnerabilities similar to the now infamous Spectre and Meltdown.

Deflating news: Bouncy Castle BKS-V1 keystore files not adequately protected

The BKS version 1 keystore files for Bouncy Castle, a collection of cryptographic APIs for C# and Java applications, reportedly contain a weak hash-based message authentication code (HMAC) that can be cracked by hackers in seconds using hash collision attacks.

Pwn2Own competition flushes out five Apple bugs, four Microsoft flaws

Independent researchers collected $267,000 in bug purchases this week at the annual Pwn2Own contest at CanSecWest in Vancouver, after demonstrating vulnerability exploits in Apple (5 bugs), Microsoft (4), Oracle (2), and Mozilla software (1).

Intel redesigns chips to address Spectre and Meltdown vulnerabilities

Intel is redesigning its chips in order to combat Spectre and Meltdown attacks, also known as Project Zero Variant 1, 2, and 3.

Patch Tuesday: Microsoft patches Remote Desktop Protocol exploit

This month's Microsoft patch Tuesday included more than 70 patches 15 of which were marked as critical.