Collaborate Disseminate
A WhatsApp buffer overflow that crashed your phone due to audio data sent by a caller meant that just answering a call could spell trouble. Continue reading How a WhatsApp call could have taken over your phone
Despite the advent to bug bounty programs and enlightened vendors, researchers still complain of abuse, threats and lawsuits. Continue reading The Vulnerability Disclosure Process: Still Broken
Project Zero researcher highlights stubborn iOS bugs as an example of why Apple and the rest of the industry needs to take a fresh approach to securing systems. Continue reading Google Bug Hunter Urges Apple to Change its iOS Security Culture
Google Project Zero call Windows 10 Edge Defense ACG flawed, Wapiti Web Application vulnerability scanner 3.0.1 packet storm, CIA’s “Vault 7” Mega-Leak, and Trump eliminates national cyber-coordinator! Paul’s Stories Google Proj… Continue reading Project Zero, Securus, and CIA’s “Vault 7” Mega-Leak – Paul’s Security Weekly #560
Google Project Zero researchers are warning of two critical remote code vulnerabilities in popular versions of uTorrent’s web-based BitTorrent client and its uTorrent Classic desktop client. Continue reading uTorrent Users Warned of Remote Code Execution Vulnerability
Microsoft wasn’t able to come up with a patch within Google’s non-negotiable “you have 90 days” period, so the flaw is now public. Continue reading Google drops new Edge zero-day as Microsoft misses 90-day deadline
The grammar-checking web service fixed the problem with “impressive” speed, a Google researcher says. Continue reading Grammarly Patches Chrome Extension Bug That Exposed Users’ Docs
Google’s Project Zero team dubs a new WPAD-related attack as an “aPAColypse Now” that allows a local attacker to compromise a targeted and fully patched Windows 10 PC. Continue reading Project Zero Chains Bugs for ‘aPAColypse Now’ Attack on Windows 10
Microsoft has rushed out a self-installing patch for a zero-day vulnerability in a Windows security program that allows hackers to take over a computer just by sending an email. “The update addresses a vulnerability that could allow remote code execution if the Microsoft Malware Protection Engine scans a specially crafted file,” reads the advisory about the patch Microsoft issued Monday. That means hackers can exploit the flaw simply by sending an email with a specially designed attachment. As soon as the malware engine scans the attachment, the code opens the vulnerability and the attacker can take control. Remote code execution bugs are considered the most severe kind of security vulnerability, and flaws in security software are often especially bad because of its trusted status on the machine. The Microsoft security advisory said there was no evidence the vulnerability— designated CVE-2017-0920 — “had been publicly used to attack customers” at the time of publication. The company added […]
The post Microsoft hurries to patch ‘worst’ Windows vulnerability appeared first on Cyberscoop.
Continue reading Microsoft hurries to patch ‘worst’ Windows vulnerability
Your daily round-up of some of the other stories in the news Continue reading News in brief: Macron shrugs off email dump; warning on new ‘crazy bad’ flaw; Facebook tips on fake news