Google Project Zero – Page 8

Google 0-Day Hunters Find ‘Crazy Bad’ Windows RCE Flaw

Posted on May 8, 2017 by Swati Khandelwal

Update (Monday, May 08, 2017): Microsoft has released an emergency security update to patch below-reported crazy bad remote code execution vulnerability in its Microsoft Malware Protection Engine (MMPE) that affects Windows 7, 8.1, RT and 10 computers, as well as Windows Server 2016 operating systems.

Google Project Zero’s security researchers have discovered another critical remote code

Continue reading Google 0-Day Hunters Find ‘Crazy Bad’ Windows RCE Flaw→

LastPass steps up quickly to fix vulnerabilities spotted by researchers

Posted on March 27, 2017 by John E Dunn

LastPass’s response to being alerted to security flaws in its products is an example of the right attitude to fixing problems Continue reading LastPass steps up quickly to fix vulnerabilities spotted by researchers→

LastPass Leaking Passwords Via Chrome Extension

Posted on March 22, 2017 by Darknet

LastPass Leaking Passwords is not new, last week its Firefox extension was picked apart – now this week it’s Chrome extension is giving up its goodies. I’ve always found LastPass a bit suspect, even though they are super easy to use, and have a nice UI they’ve had TOO many serious security issues for a […]

The post LastPass Leaking…

Read the full post at darknet.org.uk

Continue reading LastPass Leaking Passwords Via Chrome Extension→

LastPass Fixes Ormandy RCE Bug; Two Outstanding Vulnerabilities Remain

Posted on March 22, 2017 by Chris Brook

LastPass has reportedly fixed one of three bugs in the password manager discovered by Google research Tavis Ormandy in the last week. Continue reading LastPass Fixes Ormandy RCE Bug; Two Outstanding Vulnerabilities Remain→

Patch Tuesday Returns; Microsoft Quiet on Postponement

Posted on March 14, 2017 by Michael Mimoso

Microsoft released 18 security bulletins, eight rated critical. The company also patched publicly disclosed vulnerabilities that surfaced since last month’s postponement of Patch Tuesday. Continue reading Patch Tuesday Returns; Microsoft Quiet on Postponement→

Cloudbleed Triggered 1.2M Times, Damage Kept to Minimum

Posted on March 2, 2017 by Michael Mimoso

Cloudflare said it could not find evidence of malicious exploitation of the Cloudbleed vulnerability, even though the bug was triggered 1.2 million times. Continue reading Cloudbleed Triggered 1.2M Times, Damage Kept to Minimum→

Google publishes remote code vulnerability in Microsoft browsers

Posted on February 27, 2017 by Shaun Waterman

Google’s Project Zero published an unpatched and very severe vulnerability in the Microsoft Edge and Internet Explorer version 11 browsers Monday, after a 90-day deadline expired without a fix from Microsoft’s engineers. The publication, which means hackers will be able to write exploits for the affected software, appears to be the latest result of Microsoft’s shocking and still mysterious decision […]

The post Google publishes remote code vulnerability in Microsoft browsers appeared first on Cyberscoop.

Continue reading Google publishes remote code vulnerability in Microsoft browsers→

Google Discloses Another ‘High Severity’ Microsoft Bug

Posted on February 27, 2017 by Tom Spring

Google’s security researchers disclosed details of an unpatched Microsoft vulnerability in its Edge and Internet Explorer browsers. Continue reading Google Discloses Another ‘High Severity’ Microsoft Bug→

Google Does It Again: Discloses Unpatched Microsoft Edge and IE Vulnerability

Posted on February 25, 2017 by Swati Khandelwal

This month has yet been kind of interesting for cyber security researchers, with Google successfully cracked SHA1 and the discovery of Cloudbleed bug in Cloudflare that caused the leakage of sensitive information across sites hosted behind Cloudflare.
… Continue reading Google Does It Again: Discloses Unpatched Microsoft Edge and IE Vulnerability→

Threatpost News Wrap, February 24, 2017

Posted on February 24, 2017 by Chris Brook

Mike Mimoso and Chris Brook recap RSA and discuss the news of the week including the impact of Cloudflare’s “Cloudbleed” bug, Google breaking SHA-1, and more. Continue reading Threatpost News Wrap, February 24, 2017→