Collaborate Disseminate
Researchers say a whopping 62 percent of AWS environments may be exposed to the newly documented AMD ‘Zenbleed’ information leak flaw.
The post Wiz Says 62% of AWS Environments Exposed to Zenbleed Exploitation appeared first on SecurityWeek.
Continue reading Wiz Says 62% of AWS Environments Exposed to Zenbleed Exploitation
The company has patched a vulnerability that could allow malicious sites unauthorized access to usernames and passwords. Continue reading LastPass Fixes Bug That Leaks Credentials
A BitTorrent client with more than 100 million users suffered numerous critical vulnerabilities including remote code execution and copying downloaded files, according to new information from Google’s Project Zero. Users were left exposed for several hours on Tuesday when the bug was public and a new security patch didn’t quite work. A new and effective patch was delivered Tuesday night. Google security researcher Tavis Ormandy informed BitTorrent Inc. of the issues with the uTorrent client in December 2017. A patch was made public early Tuesday but Ormandy says that, after a small tweak, his exploits continued to work in the default configuration. “This issue is still exploitable,” Ormandy explained. “The vulnerability is now public because a patch is available, and BitTorrent have already exhausted their 90 days anyway. I see no other option for affected users but to stop using uTorrent Web and contact BitTorrent and request a comprehensive patch.” On late Tuesday night, BitTorrent Inc.’s […]
The post uTorrent vulnerabilities allow information disclosure and remote code execution appeared first on Cyberscoop.
Continue reading uTorrent vulnerabilities allow information disclosure and remote code execution
The Grammarly browser extension, which has about 22 million users, exposes its authentication tokens to all websites, allowing any to access all the user’s data without permission, according to a bug report from Google Project Zero’s Tavis Ormandy. The high-severity bug was discovered on Friday and fixed early Monday morning, “a really impressive response time,” Ormandy wrote. Grammarly, launched in 2009 by Ukrainian developers, looks at all messages, documents and social media posts and attempts to clean up errors so the user is left with the clearest English possible. The browser extension has access to virtually everything a user types, and therefore an attacker could access a huge trove of private data. Exploitation is as simple as a couple of console commands granting full access to everything, as Ormandy explained. It’s not clear if the vulnerability was ever exploited. Grammarly has not responded to a request for comment. The vulnerability affected Chrome and Firefox. Updates are now available for […]
The post Bug in Grammarly browser extension exposes virtually everything a user ever writes appeared first on Cyberscoop.
Continue reading Bug in Grammarly browser extension exposes virtually everything a user ever writes
Peer a bit harder through the gloom of the Keeper flaw and you’ll find a good news story Continue reading Windows 10 password manager bug is hiding good news
Cloudflare’s chief technology officer was frank and apologetic about February’s Cloudbleed bug during today’s Virus Bulletin 2017 keynote. Continue reading Cloudflare CTO Goes Inside the Cloudbleed Bug
Researchers Tavis Ormandy and Cris Neckar privately disclosed a critical vulnerability in Cisco’s WebEx extension for Chrome and Firefox that allows for remote code execution. Continue reading Cisco Patches Another Critical Ormandy Bug in WebEx Extension
Google Project Zero’s Tavis Ormandy found another remote code execution vulnerability in the Microsoft Malware Protection Engine, the third since early May. Continue reading Another RCE Vulnerability Patched in Microsoft Malware Protection Engine
The news of the week is discussed, including this week’s Microsoft Malware Protection Engine bug, Handbrake OS X malware, the HP keylogger, Trump’s Cybersecurity EO, and more.
Adobe and Microsoft both issued updates today to fix critical security vulnerabilities in their software. Microsoft actually issued an emergency update on Monday just hours ahead of today’s regularly scheduled “Patch Tuesday” (the 2nd Tuesday of each month) to fix a dangerous flaw present in most of Microsoft’s anti-malware technology that’s being called the worst Windows bug in recent memory. Separately, Adobe has a new version of its Flash Player software available that squashes at least seven nasty bugs.
Last week, Google security researcher Tavis Ormandy reported to Microsoft a flaw in its Malware Protection Engine, a technology that exists in most of Redmond’s malware protection offerings — including Microsoft Forefront, Microsoft Security Essentials and Windows Defender. Rather than worry about their malicious software making it past Microsoft’s anti-malware technology, attackers could simply exploit this flaw to run their malware automatically once their suspicious file is scanned. Continue reading Emergency Fix for Windows Anti-Malware Flaw Leads May’s Patch Tuesday