Salesforce.com patched a cross-site scripting vulnerability on one of its domains that could have led to phishing attacks.
Tag Archives: Vulnerabilities
Zero Day in Android’s Google Admin App Can Bypass Sandbox
The Android security team at Google is having a busy month. First the Stagefright vulnerabilities surfaced last month just before Black Hat and now researchers at MWR Labs have released information on an unpatched vulnerability that allows an attacker to bypass the Android sandbox. The vulnerability lies in the way that the Google Admin application […]
OpenSSH 7.0 Fixes Four Flaws
A new version of OpenSSH has been released, fixing four security vulnerabilities and a number of non-security related bugs. OpenSSH 7.0 includes patches for a use-after-free vulnerability and three other flaws, two of which only affect Portable OpenSSH. The maintainers of the software also gave users notice that the next version of the software would […]
Facebook Awards $100,000 for New Class of Vulnerabilities and Detection Tool
Facebook doubles the payout of its Internet Defense Prize with a $100,000 award to a team of Georgia Tech researchers for a new class of browser-based memory-corruption vulnerabilities and a corresponding detection technique.
Vulnerabilities Identified in Several WordPress Plugins
Researchers have identified a handful of vulnerabilities present in three different plugins used by the content management system WordPress.
Cisco Warns Customers About Attacks Installing Malicious IOS Bootstrap Images
Cisco is warning enterprise customers about a spike in attacks in which hackers use valid credentials on IOS devices to log in as administrators and then upload malicious ROMMON images to take control of the devices. The ROM Monitor is the program that initializes the hardware and software on IOS devices, and an attacker who […]
Microsoft Patches Critical Vulnerabilities in New Edge Browser
Microsoft released a security bulletin for its new Edge browser, patching four critical vulnerabilities.
Oracle CSO: You ‘Must Not Reverse Engineer Our Code’
UPDATE–Oracle, never the most researcher-friendly software vendor, has taken its antagonism to another level after publishing a blog post by CSO Mary Ann Davidson that rails against reverse engineering and saying that the company has no need for researchers to look at Oracle’s code for vulnerabilities because “it’s our job to do that, we are […]
Huge Flash Update Patches More Than 30 Vulnerabilities
Adobe has released a massive update for Flash, the application that has become the Internet’s problem child. The update contains patches for more than 30 vulnerabilities in Flash on Windows, OS X, and Linux. Adobe pushed out the fixes on Tuesday afternoon, the latest in a long series of fixes for Flash in the last […]
Darkhotel APT Latest to Use Hacking Team Zero Day
The Darkhotel APT gang has extended its geographic reach to victims in a host of additional countries, and has added to its cache of zero days with its use of a HackingTeam exploit for a Flash zero-day vulnerability.