Archives: August 2016
You are here: Home \ 2016 \ August \ Page 7
A serious vulnerability has been patched in forum software made by vBulletin that could allow attackers to scan servers hosting the package and possibly execute arbitrary code. Researcher Dawid Golunski of Legal Hackers privately disclosed the vulnerability, which was patched Aug. 5 in versions 3.8.9 (and 3.8.10 beta), 4.2.3 (and 4.2.4 beta), and 5.2.3 of...
Juniper Networks announced the availability of hotfixes for a serious vulnerability in the handling of IPv6 packets that is says could leave its Junos OS and JUNOSe routers open to a denial of service (DoS) attack. The hotfixes come more than two months after the vulnerabilities were publicly disclosed. Juniper warned network administrators in June about the flaw, which...
A serious vulnerability in the TCP implementation in Linux systems deployed since 2012 (version 3.6 of the Linux kernel) can be used by attackers to identify hosts communicating over the protocol and ultimately attack that traffic. Researchers from the University of California, Riverside and the U.S. Army Research Laboratory are expected today at the USENIX...
Admittedly, the payouts for Apple’s bug bounty announced last week at Black Hat drew mixed reactions ranging from reasonable to raucously funny. Apple made a big splash at the annual hacker conference, first via a last-minute announcement that well-regarded Ivan Krstic would be giving a talk on some of the inner workings of iOS 10...
Microsoft’s release of Windows Anniversary Update last week included an optional feature called Windows Subsystem for Linux that allows native support for Linux binaries. That has some security experts concerned the Windows 10 attack surface has been expanded. The threat, according to Alex Ionescu, vice president of endpoint detection and response strategy at Crowdstrike, centers...
A tricky vulnerability patched today in the Windows PDF Library could have put Microsoft Edge users on Windows 10 systems at risk for remote code execution attacks. Edge automatically renders PDF content when it’s set as a computer’s default browser, unlike most other browsers; the feature means that exploits would execute by simply viewing a...
Adobe rolled out its monthly patch release today, and the news isn’t necessarily what was patched, but what wasn’t. For the first time since January, Adobe did not release a security update for Flash Player. Given Flash’s legacy of being a target-rich environment for cybercriminals and advanced attackers, a month without Flash patches is quite...
Threatpost Op-Ed is a regular feature where experts contribute essays and commentary on what’s happening in security and privacy. Today’s contributors are Dave Dittrich and Katherine Carpenter. The terms “cyber war” and “cyber weapon” are thrown around casually, often with little thought to their non-“cyber” analogs. Many who use the terms “cyber war” and “cyber...
Oracle is alerting customers it found malicious code in some of its MICROS point-of-sale systems and is requiring they change account passwords. The security measures come on the heels of reports the world’s No. 3 PoS service succumbed to a security breach perpetrated by the Carbanak gang. The breach involves malware placed on a MICROS support portal that gave attackers...
A state-sponsored APT platform on par with Equation, Flame and Duqu has been used since 2011 to spy on government agencies and other critical industries. Known as ProjectSauron, or Strider, the platform has all the earmarks of advanced attackers who covet stealth, and rely on a mix of zero-day exploits and refined coding to exfiltrate...