Vulnerabilities

FSB Officers, Criminal Hackers Indicted in Yahoo Breach

The Department of Justice indicted four individuals, including two Russian FSB officers, for their roles in the Yahoo breach.

JSON Libraries Patched Against Invalid Curve Crypto Attack

JSON libraries using the JWE specification to create, sign and encrypt access tokens have been patched against an attack that allows for the recovery...

VU#553503: D-Link DIR-130 and DIR-330 are vulnerable to authentication bypass and...

Vulnerability Note VU#553503 D-Link DIR-130 and DIR-330 are vulnerable to authentication bypass and do not protect credentials Original Release date: 15 Mar 2017 |...

Where Have All The Exploit Kits Gone?

For a long time, exploit kits were the most prolific malware distribution vehicle available to attackers. Where did they go and what’s replaced them?...

VU#834067: Apache Struts 2 is vulnerable to remote code execution

Vulnerability Note VU#834067 Apache Struts 2 is vulnerable to remote code execution Original Release date: 14 Mar 2017 | Last revised: 14 Mar 2017

Google Eliminates Android Adfraud Botnet Chamois

Google removed a family of malicious apps, Chamois, from its Play marketplace recently that were found manipulating ad traffic.

Patch Tuesday Returns; Microsoft Quiet on Postponement

Microsoft released 18 security bulletins, eight rated critical.The company also patched publicly disclosed vulnerabilities that surfaced since last month’s postponement of Patch Tuesday.

Adobe Fixes Six Code Execution Bugs in Flash

Adobe fixed seven vulnerabilities, six that could lead to code execution, in Flash Player on Tuesday.

WordPress REST API Bug Could Be Used in Stored XSS Attacks

The recently patched REST API Endpoint vulnerability in WordPress could be leveraged to pull off stored cross-site scripting attacks.

SAP Patches Critical HANA Vulnerability That Allowed Full Access

SAP patched a critical vulnerability in its cloud-based business platform HANA today that if exploited, could allow for a full system compromise, without authentication.

38 Android Devices Infected with Malware Preinstalled in Supply Chain

Researchers at Check Point found and remediated malware on 38 Android devices that were infected somewhere along the supply chain.

Credit Card Scrapers Continue to Target Magento

Researchers said last week they came across a malicious function that was snuck into a module in Magento in order to steal credit card...