Vulnerabilities

SMSVova Spyware Hiding in ‘System Update’ App Ejected From Google Play...

An Android app that falsely claimed to be a tool for keeping smartphones up-to-date with the latest version of the OS was found surreptitiously tracking the physical location of it users using spyware called SMSVova.

Skype Fixes ‘SPYKE’ Credential Phishing Remote Execution Bug

Microsoft fixed a bug in Skype last month that could have allowed an attacker to execute code on the system it was running on, phish Skype credentials and crash the application.

Threatpost News Wrap, April 21, 2017

Last Friday's ShadowBrokers dump, Microsoft ditching passwords, and a new car dongle hack are all discussed.

Google Pleads for Better Cross-Border Exchange of Digital Evidence

Google asked for MLAT reform, and released its biannual Transparency Report revealing it received a record number of government requests for user data.

Mirai and Hajime Locked Into IoT Botnet Battle

A white hat hacker is believed responsible for the Hajime IoT botnet because its main objective appears to be to secure IoT devices vulnerable to the notorious Mirai malware.

Google Fixes Unicode Phishing Vulnerability in Chrome 58, Firefox Standing Pat

Google fixed a vulnerability that could've let an attacker carry out phishing attacks with Unicode domains in Chrome but Mozilla is holding off - for now.

20 Linksys Router Models Vulnerable To Attack

Researchers say more than 100,000 Linksys routers in use today could be vulnerable to 10 flaws found in 20 separate router models made by the company.

Stuxnet LNK Exploits Still Widely Circulated

Endpoints are still encountering exploits for the LNK vulnerability, one of the principal infection mechanisms used by the Stuxnet worm.

Drupal Closes Access Bypass Vulnerability in Core Engine

Drupal released a point update for its core engine to patch a critical access bypass vulnerability.

Cisco Unified Communications Manager Denial of Service Vulnerability

A vulnerability in the Session Initiation Protocol (SIP) UDP throttling process of Cisco Unified Communications Manager (Cisco Unified CM) could allow an unauthenticated, remote attacker to cause a denial of service (DoS) cond...

Cisco Integrated Management Controller Cross-Site Scripting Vulnerability

A vulnerability in the web-based GUI of Cisco Integrated Management Controller (IMC) could allow an authenticated, remote attacker to perform a persistent cross-site scripting (XSS) attack. The vulnerability is due to insufficient...

Microsoft Touts New Phone-Based Login Mechanism

Microsoft announced this week its giving users a new way to sign into their accounts without long and complicated passwords.