The first round of security updates released in 2018 for OpenSSL patch a total of three vulnerabilities, but none of them appears to be serious. OpenSSL versions 1.1.0h and 1.0.2o patch CVE-2018-0739, a denial-of-service (DoS) vulnerability discovered using Google’s OSS-Fuzz service, which has helped find several flaws in OpenSSL in the past period. The security ..
Tag : Vulnerabilities
A newly discovered Microsoft Office document exploit builder kit has been used for the distribution of a variety of malicious payloads, including banking Trojans and backdoors, Proofpoint reports. The exploit builder kit was initially discovered in October 2017, but Proofpoint’s researchers have linked it to activity dating back to June 2017. The builder kit shows ..
Cybercriminals are shifting their focus from Adobe to Microsoft consumer products, and are now concentrating more on targeted attacks than on web-based exploit kits. Each year, Recorded Future provides an analysis of criminal chatter on the dark web in its Top Ten Vulnerabilities Report. It does this because it perceives a weakness in traditional vulnerability ..
Researchers have discovered a new side-channel attack method that can be launched against devices with Intel processors, and the patches released in response to the Spectre and Meltdown vulnerabilities might not prevent these types of attacks. The new attack, dubbed BranchScope, has been identified and demonstrated by a team of researchers from the College of ..
An attack leveraging the compromised website of a Hong Kong telecommunications company is using a recently patched Flash vulnerability that has been exploited by North Korea since mid-November 2017, Morphisec warns. The targeted vulnerability, CVE-2018-4878, first became public in early February, after South Korea’s Internet & Security Agency (KISA) issued an alert on it being ..
One year after researchers saw the first attempts to exploit a critical remote code execution flaw affecting the Apache Struts 2 framework, hackers continue to scan the Web for vulnerable servers. The vulnerability in question, tracked as CVE-2017-5638, affects Struts 2.3.5 through 2.3.31 and Struts 2.5 through 2.5.10. The security hole was addressed on March ..
The energy sector was targeted by cyberattacks more than any other industry, and many of the vulnerabilities disclosed last year impacted products used in this sector, according to a report published on Monday by Kaspersky Lab. The security firm has analyzed a total of 322 flaws disclosed in 2017 by ICS-CERT, vendors and its own ..
Drupal announced plans to release a security update for Drupal 7.x, 8.3.x, 8.4.x, and 8.5.x on March 28, 2018, aimed at addressing a highly critical vulnerability. The Drupal security team hasn’t provided information on the vulnerability and says it won’t release any details on it until the patch arrives. An advisory containing all the necessary ..
GitHub says the introduction of security alerts last year has led to a significantly smaller number of vulnerable code libraries on the platform. The code hosting service announced in mid-November 2017 the introduction of a new security feature designed to warn developers if the software libraries used by their projects contain any known vulnerabilities. The ..
The latest stable channel update for Google’s Chrome OS operating system includes mitigations for devices with Intel processors affected by the Spectre and Meltdown vulnerabilities. Meltdown and Spectre attacks exploit design flaws in Intel, AMD, ARM and other processors. They allow malicious applications to bypass memory isolation mechanisms and gain access to sensitive data. Meltdown ..