Microsoft Windows Bluetooth Driver CVE-2017-8628 Man in the Middle Spoofing Vulnerability
Type: Vulnerability. Microsoft Windows is prone to a security vulnerability that may allow attackers to conduct spoofing attacks; fixes are available. more…Microsoft Windows PDF CVE-2017-8728 Remote Code Execution Vulnerability
Type: Vulnerability. Microsoft Windows is prone to a remote code-execution vulnerability; fixes are available. more…"Toast" Vulnerability in Android Allowed for New Overlay Attacks
One of the 81 vulnerabilities addressed in the September 2017 Android security bulletin was a High risk issue that could be exploited to launch a new type of overlay attacks, Palo Alto Networks reveals. read more more…Equifax says website vulnerability exposed 143 million US consumers
Equifax, one of the largest credit bureaus in the U.S., said on Thursday that an application vulnerability on one of their websites led to a data breach that exposed about 143 million consumers. The breach was discovered on July 29, but the company says that it likely started in mid-May. “Criminals exploited a U.S. website […] more…CVE-2017-0780: Denial-of-Service Vulnerability can Crash Android Messages App
by Jason Gu and Seven Shen Just about anyone can appreciate a good old meme GIF every now and then, but what if one caused your Android Messages to crash? A denial-of-service vulnerability we recently disclosed to Google can do exactly that and more. Designated as CVE-2017-0780, we’ve confirmed it to be in the latest […] more…Apache Struts “serialisation” vulnerability – what you need to know
A bug in Apache Struts, a popular software toolkit for building web services, could let crooks take control of your server. more…Voting vulnerability
Online attackers may be able to purchase — for as little as a few thousand dollars — enough personal information to potentially alter voter registration information in as many as 36 states and the District of Columbia. Dubbed ‘voter identity theft,’ the vulnerability could be exploited by attackers to disenfranchise many voters where voter registration […] more…Exploit Available for Critical Apache Struts Vulnerability
The latest version of Apache Struts 2 addresses several vulnerabilities, including a critical remote code execution flaw for which an exploit was created within hours after the release of a patch. read more more…Unpatched Code Execution Vulnerability Affects LabVIEW
Cisco Talos security researchers have discovered a code execution vulnerability in National Instruments’ LabVIEW system design and development platform. The LabVIEW engineering software is used in applications that require test, measurement, and control functions. read more more…Researcher Releases Fully Working Exploit Code for iOS Kernel Vulnerability
Adam Donenfeld, a researcher with mobile security firm Zimperium, has published today proof-of-concept code for zIVA — a kernel exploit that affects iOS 10.3.1 and previous versions. The zIVA exploit code allows an attacker to gain arbitrary RW (Read Write) and root access. Apple has addressed the eight vulnerabilities at the heart of this exploit […] more…Patching Against the Next WannaCry Vulnerability (CVE-2017-8620)
This month’s Microsoft patch updates include one particular vulnerability that is raising concerns: CVE-2017-8620, which affects all versions of Windows from 7 onwards. Microsoft explained, “in an enterprise scenario, a remote unauthenticated attacker could remotely trigger the vulnerability through an SMB connection and then take control of a target computer.” read more more…DJI scrambles to fix drone ‘cyber vulnerability,’ adds offline data mode for security
Chinese drone maker DJI is rolling out a new “local data mode” in an effort to bulk up the security of its hardware in the wake of a US Army memo that claims DJI’s products contain unspecified vulnerabilities. In the memo, officials from the US Navy and US Army Research Lab advised the discontinuation of […] more…VMware Patches ‘Hard-to-Exploit’ DoS Vulnerability
An update released by VMware for its NSX-V network virtualization solution patches an important denial-of-service (DoS) vulnerability. The security hole, tracked as CVE-2017-4920, exists in the OSPF protocol implementation in NSX-V due to it not handling link-state advertisement (LSA) correctly. read more more…Vulnerability in F2FS File System Leads To Memory Corruption on Android, Linux
August’s Android Security Bulletin includes three file system vulnerabilities (CVE-2017-10663, CVE-2017-10662, and CVE-2017-0750) that were discovered by Trend Micro researchers. These vulnerabilities could cause memory corruption on the affected devices, leading to code execution in the kernel context. This would allow for more data to be accessed and controlled by the malware. A malicious app could be used […] more…Microsoft Windows Hyper-V CVE-2017-8664 Remote Code Execution Vulnerability
Type: Vulnerability. Microsoft Windows is prone to a remote code-execution vulnerability; fixes are available. more…Microsoft Edge CVE-2017-8652 Information Disclosure Vulnerability
Type: Vulnerability. Microsoft Edge is prone to an information disclosure vulnerability; fixes are available. more…More information
- How a cryptocurrency-destroying bug almost didn’t get reported
- State-Affiliated Hackers Responsible for Nearly 1 in 5 External Data Breaches: Verizon DBIR
- Are You Still on the Fence About a Family VPN?
- FBI’s Shawn Henry says US is outgunned in hacker war
- U.S. House votes to extend surveillance under FISA
- Kim Dotcom’s New Domain Me.ga Seized before its launch
- Want a good tech job? Report says open-source skills are hotter than ever
- Resolved: Network maintenance to impact VM Hosting Service on 8/17/16
- Update: TSM Server Upgrade of saverestore.its.psu.edu Scheduled for April 12, 2017
- UK, US, Canada Accuse Russia of Hacking Virus Vaccine Trials