Here are the exploit kits to watch for over the next three to six months.
Tag Archives: Web Security
‘High Risk’ Zero Day Leaves 200,000 Magento Merchants Vulnerable
A popular version of the Magento ecommerce platform is vulnerable to a remote code execution bug, putting as many as 200,000 online retailers at risk.
Phone Hack Uses Sensors To Steal PINs
University researchers created a browser-based JavaScript that leverages a phone’s smart device sensor data to steal PINs.
Microsoft Patches Three Vulnerabilities Under Attack
Microsoft Patch Tuesday fixes 45 vulnerabilities, one being an active zero-day bug used to spread the Dridex banking Trojan.
Adobe Patches 59 Vulnerabilities Across Flash, Reader, Photoshop
Adobe patched 59 vulnerabilities across five different products, including Flash Player, Acrobat/Reader, Photoshop, Adobe Campaign, and its Adobe Creative Cloud App on Tuesday.
Microsoft Patches Word Zero-Day Spreading Dridex Malware
A Microsoft Word zero-day vulnerability is being used to spread the Dridex banking Trojan in attacks that have bypassed mitigation efforts.
Researcher Warns SIEMs Are Weak Link In Network Security Chain
Security information and event management solutions are supposed to boost security, but researchers say the network analysis tools are ripe attack targets.
Chrome Security Team Tackles ‘Friendly Fire’ To Keep Browser Safe
Justin Schuh, lead engineer of Chrome Security, said ensuring browser security for Chrome users is a balancing act juggling OEM pressures, questionable certificate authorities and quashing third-party software incompatibility issues.
Malware Scanning Services Containers for Sensitive Business Information
At the Kaspersky Lab Security Analyst Summit, one researcher shared how he was able to find corporate emails, confidential business plans and classified FBI flash alerts.
Android Variant of Notorious Pegasus Spyware Found
Researchers say a variant of the notorious surveillance software called Pegasus has been targeting Android users allowing third parties to take screenshots, capture audio, read email and exfiltrate data from targeted phones.