Archives: December 2015
You are here: Home \ 2015 \ December \ Page 3
Cisco is warning users this week that several of its products — routers, gateways, and data center platforms — suffer from vulnerabilities. The company published five advisories across Monday and Tuesday warning of the issues — all which are being marked “medium” severity. While they all sound pressing, the most concerning vulnerability, at least as...
Google yesterday released an update for the Chrome browser that patches seven vulnerabilities and also updates Adobe Flash Player. It also announced that Google Safe Browsing has been extended to Chrome for Android. The Chrome browser update is the second in less than a week; on Dec 1, Chrome 47 was released and 41 vulnerabilities...
Apple has piled on the patches already released by Adobe and Microsoft today, and pushed out updates for iOS, OS X, Apple TV, Safari, and it’s watch-based operating system watchOS this afternoon. Fifty-four vulnerabilities across OS X were patched Tuesday, including fixes for Mavericks v10.9.5, OS X Yosemite v10.10.5, and the most recent builds of OS...
Forgive your local Windows admin if they’re a little shy on holiday cheer in the coming days. Blame instead Microsoft for foisting upon them on Tuesday 71 security patches, including two for vulnerabilities in Office and the Windows kernel currently under attack. Microsoft also issued a separate advisory that warns users of a leaked Xbox...
Adobe may indeed be thinking about phasing out Flash Player, and updates like today’s monster security bulletin will only serve to fuel that movement going forward. Released just an hour before Microsoft’s scheduled Patch Tuesday release, Adobe pushed out a new version of the maligned Flash Player that addressed 79 CVEs. None of the patched...
A coalition of law enforcement agencies worked together recently to disrupt Dorkbot, a botnet that’s managed to infect more than one million machines in 190 countries during the last year. Researchers with Microsoft’s Malware Protection Center announced the news via a post on the MMPC blog. Two divisions within Microsoft, the Malware Protection Center and the Digital Crimes Unit, worked with ESET...
Google has patched another critical Android vulnerability in Mediaserver, which has been maligned since this summer’s barrage of patches for the Stagefright vulnerability, along with a critical rooting vulnerability in the mobile operating system’s kernel. In all, 19 vulnerabilities were patched in Monday’s monthly over-the-air security update for Google Nexus mobile devices, five rated critical,...
Experts believe that the success tied to a recent spate of DDoS-for-hire groups may be because many are copycat collectives operating with a shorter lifespan. Researchers with Recorded Future, a Massachusetts-based firm that tracks real time threat intelligence, said Monday that they’ve noticed an increase in would-be hackers asking for guidance on forums when it comes to...
A group of attackers are behind a strain of payment card malware that has bootkit functionality, something that makes it very difficult to detect, much less remove. “FIN1,” the group behind the malware, appears to be based in Russia, according to researchers at both FireEye and Mandiant who described the group on Monday. The two...
The Let’s Encrypt initiative reached yet another milestone this week when it entered public beta, something it claims should help make it easier for website owners to embrace HTTPS encryption. The latest step comes on the heels of the movement issuing its first certificate back in September and becoming an official Certificate Authority in October. Now, anyone...