Vulnerabilities

Drupal Patches Three Vulnerabilities in Core Engine

Developers with Drupal patched three vulnerabilities, one critical, one being exploited in the wild, in Drupalrsquo;s core engine on Wednesday.

GhostHook Attack Bypasses Windows 10 PatchGuard

Researchers at CyberArk have developed a bypass for Windows PatchGuard that leverages Intel's Processor Trace (Intel PT) technology to execute code at the kernel.

NSA-Backed OpenC2.org Aims to Defend Systems at Machine Speed

Security experts, vendors, business and the NSA are developing a standardized language that rather than autonomously understands threats, acts on them.

Microsoft Extends Edge Bug Bounty Program Indefinitely

Microsoft said Wednesday it would extend its Edge bug bounty program indefinitely.

Trump’s Cybersecurity Executive Order Under Fire

Former ATT CSO, Ed Amoroso, says government needs to shift from talk to action when it comes to cybersecurity.

Honda Shut Down Plant Impacted by WannaCry

Carmaker Honda announced Wednesday that it was forced to shut down production at one of its Japanese plants earlier this week after it was hit by the WannaCry ransomware.

OpenVPN Patches Critical Remote Code Execution Vulnerability

OpenVPN patched four vulnerabilities privately disclosed by Dutch researcher Guido Vranken, including a critical issue that could lead to remote code execution.

Avaya Patches Remote Code Execution Flaw in Aura

Avaya released a patch last week for a remote code execution vulnerability in its Avaya Aura Application Enablement Services software.

TP-Link Fixes Code Execution Vulnerability in End-of-Life Routers

Router manufacturer TP-Link recently fixed a vulnerability in a discontinued line of routers that if exploited could have been used to execute code on the device.

Internet-Enabled Drill Demonstrates IoT Security Done Right

Researchers find flaws in an internet-connected drill, but say minimal, hard-to-find bugs indicate there is hope for IoT security.

University College London Ransomware Linked to AdGholas Malvertising Group

Proofpoint has connected the University College London ransomware to Mole, spread by AdGholas malvertising campaigns and the Astrum Exploit Kit.

ProtonMail Launches Free VPN Service

Encrypted email service ProtonMail announced it was launching its own VPN, ProtonVPN, on Tuesday.