Collaborate Disseminate
Processor manufacturers and operating system vendors have released patches for or have outlined plans to address a new variant of the Spectre vulnerability that is as serious as the ones disclosed in January. The new flaw also stems from the speculati… Continue reading CPU, OS Makers Coordinate to Fix New Spectre Vulnerability
Browsers historically have used certain visual indicators in the address bar to mark encrypted connections, such as the green padlock and the word “Secure.” However, as HTTPS is becoming the norm on the web, Google plans to phase out these… Continue reading Chrome Will Drop the ‘Secure’ Connection Indicator Later This Year
A common programming error exposes almost 10 percent of iOS apps to attacks that can result in their data being wiped or malicious code being executed in their sandbox. The vulnerability was discovered by researchers from a team of Chinese iOS jailbre… Continue reading 10 Percent of iOS Apps Have a Data Compromising Vulnerability
Hackers have started to abuse routers and other internet-of-things devices that expose their UPnP interfaces to the internet to launch distributed denial-of-service (DDoS) attacks that are hard to block, even by DDoS mitigation providers. Researchers … Continue reading Hackers Using Hard-to-Block DDoS Amplification Technique
Adobe Systems has released new security patches for critical vulnerabilities in its Acrobat and Reader products, including one zero-day vulnerability found in the wild. The updates fix 47 vulnerabilities, 24 of which are rated critical and can lead to… Continue reading Adobe Patches Zero-Day Vulnerability in Acrobat, Reader
A team of security researchers has found serious flaws in how email clients handle PGP and S/MIME encrypted emails that could allow attackers to steal the contents of sensitive communications. On May 13, the Electronic Frontier Foundation (EFF) publis… Continue reading Researchers Warn of Serious Flaws in PGP and S/MIME Email Encryption
The source code for a malware program called TreasureHunter, which has been used to steal payment card information from point-of-sale (PoS) systems for years, is now available to cybercriminals for free. As with similar incidents in the past, research… Continue reading Leaked Point-of-Sale Malware Source Code Could Fuel New Variants
Microsoft fixed 67 vulnerabilities across its products May 8, including two vulnerabilities that were already being exploited in the wild. The most serious and urgent issue was a remote code execution vulnerability in the Windows VBScript engine track… Continue reading Microsoft Patches Two Actively Exploited Zero-Day Vulnerabilities
A ransomware program called SynAck uses a sophisticated process hiding technique that was first documented last year as a proof-of-concept to evade detection. Dubbed Process Doppelgänging, the method was presented at the Black Hat security conference … Continue reading Ransomware Uses Process Hiding Technique to Evade Antivirus
Hackers have started exploiting two recently disclosed vulnerabilities that potentially affect a large number of internet gateway devices used for residential gigabit-capable passive optical networks (GPON). The vulnerabilities were found by a company… Continue reading Hackers Start Exploiting Recently Found Flaws in GPON Routers