Microsoft patched a vulnerability in its graphics component present in Windows, Office and Lync that has been publicly attacked,
Tag Archives: Web Security
TLS Implementations Vulnerable to RSA Key Leaks
A number of TLS software implementations contain vulnerabilities that allow hackers with minimal computational expense to learn RSA keys.
Adobe Patches Two Shockwave Player Vulnerabilities
A new version of Adobe Shockwave Player patches two memory corruption vulnerabilities that could lead to remote code execution.
eBay Fixes XSS Flaw in Subdomain
There was a cross-site scripting vulnerability in an eBay domain that could have allowed an attacker to steal users’ session cookies and take over their accounts. The company has removed the vulnerable page, according to the researcher who discovered the bug and disclosed it to eBay, Aditya Sood. The vulnerability existed on an eBay subdomain, […]
Government Releases Policy on Vulnerability Discovery and Disclosure
After more than a year of legal wrangling, the federal government has agreed to hand over its policy on vulnerability use and disclosure. The government had said that the policy was classified and too sensitive to release, but relented late last week and sent the document to the EFF, albeit a heavily redacted version. Know as […]
Threatpost News Wrap, September 4, 2015
Dennis Fisher and Mike Mimoso talk about the potential US sanctions against China over cyberespionage, the browser vendors dumping RC4, the trouble at Mobile Pwn2Own and more security news of the week.
Cisco Patches File Overwrite Bug in IMC Supervisor and UCS Director
Cisco has patched a remote file-overwrite vulnerability in a couple of its products that could allow an attacker to replace arbitrary files and cause target systems to become unstable. The vulnerability affects the Cisco Integrated Management Controlled Supervisor and UCS Director software. The company has fixed the bug in new versions of the software, 1.0.0.1 […]
New Versions of Carbanak Banking Malware Seen Hitting Targets in U.S. and Europe
New variants of the notorious Carbanak Trojan have surfaced in Europe and the United States, and researchers say that the malware now has its own proprietary communications protocol and the samples seen so far have been digitally signed. Carbanak has been in use for several years, and researchers at Kaspersky Lab earlier this year revealed the […]
Netflix Sleepy Puppy Awakens XSS Vulnerabilities in Secondary Applications
Netflix released Sleepy Puppy, a cross-site scripting payload management framework, to open source. The tool finds XSS vulnerabilities in secondary applications.
Google Patches Critical Vulnerabilities in Chrome 45
Google promoted Chrome 45 to a stable release, patching 29 security vulnerabilities. It has also started pausing ads running Flash.