Collaborate Disseminate
Mobile app developers need to be aware of improper OAuth 2.0 implementations that have put one billion mobile apps at risk to takeover. Continue reading OAuth 2.0 Hack Exposes 1 Billion Mobile Apps to Account Hijacking
An issue in iOS WebView that is trivial to exploit can give an attacker the ability to trigger phone calls from a targeted device, researcher Collin Mulliner said. Continue reading iOS WebView Problem Allows Attackers to Initiate Phone Calls
Microsoft released 14 security bulletins today, six rated critical. Among the fixes is a patch for a Windows kernel zero-day vulnerability disclosed by Google that was being used in attacks by the Sofacy APT gang. Continue reading Microsoft Patches Zero Day Disclosed by Google
Adobe again released a security update for Flash Player, patching nine remote code execution vulnerabilities. Adobe Connect for Windows was also updated. Continue reading Adobe Patches Nine Code Execution Flaws in Flash Player
Tesco Bank, a U.K. retail bank, today put a halt to online transactions from current accounts after some customers reported over the weekend money missing from their accounts. Continue reading Tesco Bank Stops Online Transactions After Money Missing from 20K Accounts
Microsoft extended the end of life deadline on EMET to July 2018, but experts say its usefulness as a mitigation toolkit has been limited for some time. Continue reading Microsoft Tears off the Band-Aid with EMET
Google said that more than half of pageloads on Chrome across platforms are encrypted; Android as the lone laggard, but trending upward. Continue reading Half of Chrome Pageloads are HTTPS
Intermittent DDoS attacks affecting Internet connectivity nationwide in West African nation Liberia have ceased. One researcher says it’s a test for something else. Continue reading Test-Run DDoS Attacks Against Liberia Cease
Two-factor authentication protecting Outlook Web Access and Office 365 portals can be bypassed-and the situation likely cannot be fixed, a researcher has disclosed. Continue reading Outlook Web Access Two-Factor Authentication Bypass Exists
Schneider Electric has recommended a number of mitigations to ward off two critical vulnerabilities in its Magelis HMI products. Continue reading Mitigations Available for PanelShock Vulnerabilities in Schneider Electric Magelis HMIs