Today Apple released updates for their core products that includes iCloud, Safari, iTunes, macOS Mojave, High Sierra, Sierra, Shortcuts for iOS 2.1.2, tvOS 12.1.1, and of course iOS 12.1.1.
When the United Kingdom's National Cyber Security Center (NCSC) performs operational tasks, they may find technology vulnerabilities. When they find these vulnerabilities, they go through a decision making process called the "Equities Process" that determines what they will do with the vulnerability.
The authentication process via German ID cards with RFID chips to certain web services can be manipulated to allow identity spoofing and changing the date of birth.
Adobe released a security update yesterday that resolves a critical vulnerability in Flash Player that could allow malicious sites to execute code on your computer.
Vulnerabilities were recently discovered in the popular AMP for WP plugin that allows any registered user to perform administrative actions on a WordPress site. It has now been discovered that an active XSS attack is underway that targets these same vulnerabilities to install backdoors and create rogue admin accounts.
A vulnerability for the very popular AMP for WP WordPress plugin with a 100 thousand active installations was discovered that allows any registered users to escalate their privileges to gain administrative access to the site.
A zero-day vulnerability in certain editions of Windows operating system helped at least one advanced threat group increase their privileges on compromised machines until Microsoft patched it with this month's release of security updates.
Adobe has published their monthly Patch Tuesday updates for the month of November 2018. These updates are for Flash Player, Adobe Acrobat and Reader, and Photoshop CC.
Today is Microsoft's November 2018 Patch Tuesday, which means we get a ton of security updates to install for Windows and other Microsoft products. As these updates are commonly exploited by attackers, malware, and exploit kits, it is strongly advised that all users install these updates as soon as possible.
A Russian vulnerability researcher and exploit developer has published detailed information about a zero-day vulnerability in VirtualBox. His explanations include step-by-step instructions for exploiting the bug.
A design flaw in the WordPress permission system used by plugins and a file deletion vulnerability in a very popular eCommerce plugin called WooCommerce could allow attackers to gain full control over a WordPress site.
In an advisory yesterday, the Apache Software Foundation reiterates its recommendation for users of Struts to make sure their installations run a version of the Commons FileUpload library newer than 1.3.2, lest they expose their projects to possible remote code execution attacks.
A new side-channel vulnerability has been discovered called PortSmash that uses a timing attack that to steal information from other processes running on the same SMT/hyper-threading enabled CPU core. Utilizing this attack, researchers were able to steal the private decryption key from an OpenSSL thread running in the same core.
While remote code execution vulnerabilities are pretty common, a new one discovered in Cisco's WebEx online and video collaboration software is definitely different. That is because users can remotely execute commands through a component of the WebEx client even when WebEx does not listen for remote connections.
Last week a vulnerability was disclosed regarding a ridiculously easy authentication bypass vulnerability in libssh. Since then, multiple tools and scripts have been released that allow attackers to remotely exploit this vulnerability in order to remotely execute commands on vulnerable devices.
A bug in Tumblr's "Recommended Blogs" feature was fixed that disclosed private and personal information about the owner of the recommended blogs.
Remember that bug Facebook revealed two weeks ago that may have affected 50 million users if not more? Well Facebook has stated that 30 million of those user had their access tokens stolen by attackers according to a new updated posted by Facebook today.
A critical vulnerability in the WhatsApp messaging app for Android and iOS was fixed today that could have been activated simply by a user answering a call.
Today is the October 2018 Patch Tuesday, which means a boatload of security updates are out for Microsoft products including Windows, Office, and Exchange Server. These updates fix known bugs and security vulnerabilities found within Microsoft's products.
Adobe published its October 2018 Patch Tuesday updates today and it came with a big surprise. Not one security fix for Adobe Flash Player! Unfortunately, there are 11 vulnerabilities being patched, with two being critical, in Adobe Framemaker, Digital Editions, and Technical Communications Suite.