The results of two audits of the open source software OpenVPN were shared late last week. One found two legitimate vulnerabilities, the other said the service is cryptographically “solid.”
The news of the week is discussed, including this week’s Microsoft Malware Protection Engine bug, Handbrake OS X malware, the HP keylogger, Trump’s Cybersecurity EO, and more.
Vanilla Forums software suffers from vulnerabilities that could let an attacker gain access to user accounts, carry out web-cache poisoning attacks, and in some instances, execute arbitrary code.
Researchers say an audio driver that comes installed on some HP-manufactured computers can record users keystrokes and store them in a world-readable plaintext file.
Google said a permissions flaw that puts Android users at heightened risk of malware, ransomware and adware attacks will not be fixed until the release of its next mobile OS, Android O.
Cisco released an update that patches a vulnerability in the CMP processing code running in its IOS and IOS XE software in more than 300 of its switches.
Adobe fixed eight vulnerabilities, seven critical, in Flash Player and Adobe Experience Manager (AEM) Forms product as part of its regularly scheduled updates Tuesday morning.