Vulnerabilities

Cisco IOS XR Software Local Command Injection Vulnerability

A vulnerability in the CLI of Cisco IOS XR Software could allow an authenticated, local attacker to execute arbitrary commands on the host operating system with root privileges. The vulnerability is due to insufficient input valid...

Cisco IOS XR Software Privilege Escalation Vulnerability

A vulnerability in the CLI of Cisco IOS XR Software could allow an authenticated, local attacker to elevate privileges to the root level. The vulnerability is due to incorrect permission settings on binary files in the affected so...

Microsoft Extends Edge Bug Bounty Program Indefinitely

Microsoft said Wednesday it would extend its Edge bug bounty program indefinitely.

Trump’s Cybersecurity Executive Order Under Fire

Former ATT CSO, Ed Amoroso, says government needs to shift from talk to action when it comes to cybersecurity.

Honda Shut Down Plant Impacted by WannaCry

Carmaker Honda announced Wednesday that it was forced to shut down production at one of its Japanese plants earlier this week after it was hit by the WannaCry ransomware.

OpenVPN Patches Critical Remote Code Execution Vulnerability

OpenVPN patched four vulnerabilities privately disclosed by Dutch researcher Guido Vranken, including a critical issue that could lead to remote code execution.

Avaya Patches Remote Code Execution Flaw in Aura

Avaya released a patch last week for a remote code execution vulnerability in its Avaya Aura Application Enablement Services software.

TP-Link Fixes Code Execution Vulnerability in End-of-Life Routers

Router manufacturer TP-Link recently fixed a vulnerability in a discontinued line of routers that if exploited could have been used to execute code on the device.

Internet-Enabled Drill Demonstrates IoT Security Done Right

Researchers find flaws in an internet-connected drill, but say minimal, hard-to-find bugs indicate there is hope for IoT security.

University College London Ransomware Linked to AdGholas Malvertising Group

Proofpoint has connected the University College London ransomware to Mole, spread by AdGholas malvertising campaigns and the Astrum Exploit Kit.

ProtonMail Launches Free VPN Service

Encrypted email service ProtonMail announced it was launching its own VPN, ProtonVPN, on Tuesday.

Google Removes Two Ztorg Trojans from Play Marketplace

Google removed two apps, Magic Browser, and Noise Detector, that were vehicles for the Ztorg Trojan, Kaspersky Lab said.