Vulnerabilities

Patched Flaw in Bosch Diagnostic Dongle Allowed Researchers to Shut Off...

Two vulnerabilities were identified in Bosch’s Drivelog Connect OBD-II dongle and smartphone app that allowed researchers to shut off the engine of a vehicle.

Record Oracle Patch Update Addresses ShadowBrokers, Struts 2 Vulnerabilities

Oracle released a record 299 patches, including a fix for a Solaris vulnerability disclosed by the ShadowBrokers, and another for the recently disclosed Apache Struts 2 flaw.

IHG Confirms Second Credit Card Breach Impacting 1,000-Plus Hotels

InterContinental Hotels Group said on Friday that it found malware designed to access payment card data at more than 1,000 of its hotels.

Facebook Delegated Account Recovery SDKs Published for Java, Ruby Apps

At F8 today, Facebook released SDKs and documentation for the integration of Delegated Account Recovery into Java, NodeJS and Ruby applications.

Low-Cost Ransomware Service Discovered

A new ransomware-as-a-service called Karmen appeals to ransomware newbies with a low price, easy setup and developer updates.

VU#676632: IBM Lotus Domino server mailbox name stack buffer overflow

The IBM Lotus Domino server IMAP service contains a stack-based buffer overflow vulnerability in IMAP commands that refer to a mailbox name.

This can allow a remote,authenticated attacker to execute arbitrary code with the privileges of the Domino server

Wave of Java-Based RATs Target Tax Filers

A rash of Java-based remote access Trojans is targeting tax filers with bogus IRS attachments.

ShadowBrokers’ Windows Zero-Days Already Patched

Microsoft eased some anxiety over the latest ShadowBrokers dump of Windows zero days with news most of the vulnerabilities had already been patched.

VMWare Fixes Critical RCE in vCenter Server

VMware patched a critical vulnerability in its vCenter Server platform late last week that could have let an attacker execute arbitrary code in some scenarios.

ShadowBrokers Expose NSA Access to SWIFT Service Bureaus

The latest ShadowBrokers dump includes exploits that allowed the NSA to target SWIFT data managed by outsourced service bureaus in the Middle East.

Google Making Life Difficult for Ransomware to Thrive on Android

At the Kaspersky Lab Security Analyst Summit, Android Security Team malware analyst Elena Kovakina explained Google’s strategy for countering ransomware on Android.

Threatpost News Wrap, April 14, 2017

Mike Mimoso, Tom Spring, and Chris Brook recap Infiltrate Con in Miami last week, and Kaspersky Lab's Security Analyst Summit in St. Maarten