Vulnerabilities

Malware That Targets Both Microsoft, Apple Operating Systems Found

A new strain of malware is designed to spread malware on either Mac OS X or Microsoft Windows, depending on where it’s opened.

Half of Android Devices Unpatched Last Year

Google said half of Android devices are unpatched and that percentage of potentially harmful apps on phones installed from all sources rose in 2016.

Paper Spells Out Tech, Legal Options for Encryption Workarounds

Bruce Schneier and Orin Kerr have written a paper that explains the technological and legal issues associated with six encryption workarounds available to law...

Google, Jigsaw Partner on Free Tools to Secure Elections

Jigsaw and Google said they would offer a free suite of security tools aimed at securing political elections.

Blank Slate Spam Campaign Spreads Cerber Ransomware

A spam campaign called Blank Slate is spreading Cerber ransomware and abusing hosting providers to register new domains as soon as they're taken down....

SAP Vulnerability Puts Business Data at Risk for Thousands of Companies

Researchers at ERPScan today disclosed details and a proof-of-concept exploit for a SAP GUI remote code execution vulnerability patched last week.

LastPass Fixes Ormandy RCE Bug; Two Outstanding Vulnerabilities Remain

LastPass has reportedly fixed one of three bugs in the password manager discovered by Google research Tavis Ormandy in the last week.

VU#600671: PCAUSA Rawether for Windows local privilege escalation

Vulnerability Note VU#600671 PCAUSA Rawether for Windows local privilege escalation Original Release date: 21 Mar 2017 | Last revised: 21 Mar 2017

Critical Moodle Vulnerability Could Lead to Server Compromise

A critical vulnerability in Moodle, an open source system deployed across hundreds of thousands of universities, could expose the server to compromise.

Locky, Cerber Ransomware Skilled at Hiding

Since January, a number of ransomware families are sharing a common infrastructure with different techniques allowing the malware to hide from detection systems.

Latest Tax Scams Include Phishing Lures, Malware

Microsoft warns this year’s crop of tax scams use social engineering attacks based on fear to spread banking Trojans and collect personal info. ...

Local Windows Admins Can Hijack Sessions Without Credentials

A researcher has published a method by which a local admin can hijack any other Windows sessions without the need for credentials.