Vulnerabilities

Cisco Warns of Critical Vulnerability Revealed in ‘Vault 7’ Data Dump

Cisco said an unpatched critical vulnerability exposed by WikiLeaks' Vault 7 release of CIA documents could give an attacker full control of the targeted...

Jon Oberheide on Perimeter Security

Mike Mimoso talks to Duo Security co-founder and CTO Jon Oberheide at RSA Conference about Google's BeyondCorp security model, enforcing perimeter security, how endpoint...

VM Escape Earns Hackers $105K at Pwn2Own

Hackers pulled off a VM escape and took down Adobe Flash, Microsoft Windows and Edge, Apple Safari and macOS, and Mozilla Firefox at Pwn2Own...

Vulnerability Disclosed in Ubquiti Networks Admin Interface

Researchers at SEC Consult disclosed a command injection vulnerability in Ubiquiti Networks gear for ISPs after a private disclosure to the vendor in November...

Threatpost News Wrap, March 17, 2017

Mike Mimoso and Chris Brook discuss the news of the week, including Pwn2Own 2017, Microsoft's silence around February's Patch Tuesday, and a nasty SAP...

GitHub Code Execution Bug Fetches $18,000 Bounty

GitHub awarded $18,000 to a researcher after he came across a remote code execution bug in the company’s enterprise management console.

US-CERT Warns HTTPS Inspection May Degrade TLS Security

Security tools that proxy and inspect HTTPS traffic create a blindspot for network administrators trying to determine whether communication between clients and servers is...

Fileless Malware Campaigns Tied to Same Attacker

Two recent fileless malware campaigns targeting financial institutions, government agencies and other enterprises have been linked to the same attack group.

Hackers Take Down Reader, Safari, Edge, Ubuntu Linux at Pwn2Own 2017

On the first day of Pwn2Own 2017 hackers poked holes in Adobe Reader, Apple Safari, Microsoft Edge, and Ubuntu Linux.

VU#214283: Commvault Edge contains a buffer overflow vulnerability

Vulnerability Note VU#214283 Commvault Edge contains a buffer overflow vulnerability Original Release date: 16 Mar 2017 | Last revised: 16 Mar 2017

Intel, Microsoft Announce New Bug Bounties

Intel and Microsoft announced bug bounties, paying $30,000 and $15,000 respectively for critical vulnerabilities.

WhatsApp, Telegram Vulnerabilities Exposed Users to Account Takeover

WhatsApp and Telegram patched vulnerabilities in the last week that could have let an attacker take over a user's account.