Mike Mimoso and Chris Brook discuss the news of the week, including Pwn2Own 2017, Microsoft’s silence around February’s Patch Tuesday, and a nasty SAP bug.
Tag Archives: Web Security
Hackers Take Down Reader, Safari, Edge, Ubuntu Linux at Pwn2Own 2017
On the first day of Pwn2Own 2017 hackers poked holes in Adobe Reader, Apple Safari, Microsoft Edge, and Ubuntu Linux.
WhatsApp, Telegram Vulnerabilities Exposed Users to Account Takeover
WhatsApp and Telegram patched vulnerabilities in the last week that could have let an attacker take over a user’s account.
Where Have All The Exploit Kits Gone?
For a long time, exploit kits were the most prolific malware distribution vehicle available to attackers. Where did they go and what’s replaced them?
Adobe Fixes Six Code Execution Bugs in Flash
Adobe fixed seven vulnerabilities, six that could lead to code execution, in Flash Player on Tuesday.
WordPress REST API Bug Could Be Used in Stored XSS Attacks
The recently patched REST API Endpoint vulnerability in WordPress could be leveraged to pull off stored cross-site scripting attacks.
Google Chrome 57 Browser Update Patches ‘High’ Severity Flaws
Google paid out $38,000 in bounty rewards tied to flaws it fixed with a Chrome 57 browser update.
Apache Attack Traffic Dropping, Limited to Few Sources
While probes looking for vulnerable Apache Struts 2 deployments continue, malicious traffic has tapered off, researchers at Rapid7 said.
Zero Days Have Staying Power
A look at 200 zero day vulnerabilities reveals key details on longevity, value and how long it takes to create one after a software vulnerability has been identified.
Attacks Heating Up Against Apache Struts 2 Vulnerability
Apache administrators are urged to immediately upgrade the Struts 2 web application framework to address a remote code execution flaw under public attack.