Spectre Patches Reach More CPUs as New Attack Variants Appear

Intel has released microcode patches to address the Spectre vulnerability on additional families of CPUs. Meanwhile, researchers have found a new way of implementing the Meltdown and Spectre attacks, but the variants are covered by existing patches. “We have now released production microcode updates to our OEM customers and partners for Kaby Lake- and Coffee..
Read more

Report: Software Vulnerabilities Increased 30 Percent in 2017

The number of software vulnerabilities recorded last year grew by 31 percent compared to 2016 and one-third of them have public exploits, according to a new report. Vulnerability intelligence firm Risk Based Security, which maintains its own vulnerability database called VulnDB, recorded a total of 20,832 security flaws last year. Around 7,900 of those flaws..
Read more

Identity Documents Exposed in FedEx-Owned Amazon S3 Bucket

More than 119,000 scanned identity documents, including passports and drivers’ licenses, belonging to people from the United States and abroad were exposed in an insecure Amazon S3 storage bucket. The storage bucket belonged to a company called Bongo International that provided services for cross-border transactions between U.S.-based online merchants and international customers, complete with anti-fraud..
Read more

Microsoft Fixes 50 Flaws in Windows, Outlook, Office and Browsers

Microsoft released patches for 50 vulnerabilities in Windows, Office, Outlook, Edge and Internet Explorer, 14 of which are rated critical. The company also released additional protections for the Meltdown and Spectre CPU vulnerabilities for older 32-bit versions of Windows 10, including Windows 10 for HoloLens. The most urgent patch is for a critical flaw (CVE-2018-0825)..
Read more

Hackers Exploit Right-to-Left Override Bug in Telegram to Distribute Malware

Hackers have exploited a bug in how Telegram’s Windows messaging client displays file names that contain a right-to-left override (RLO) character, to infect users with malware. The RLO character, represented by “U+202E” in Unicode, indicates that the text following it should be displayed from right to left. This is useful for languages like Arabic, but..
Read more

Destructive Malware Used to Attack Winter Olympics Infrastructure

The Olympic Winter Games in Pyeongchang, South Korea, started off with a cyberattack that disrupted the games’ official website and caused technical problems in the press center at the Olympic Stadium shortly before the opening ceremony Feb. 9. Winter Olympics officials confirmed that the games were hit by a cyberattack, but didn’t provide any other..
Read more

Lenovo Warns ThinkPads Vulnerable to Wi-Fi Flaws

Lenovo has warned customers that 24 models of its ThinkPad laptops, which are popular with business users, are affected by two critical vulnerabilities in Broadcom wireless controllers. The flaws, tracked as CVE-2017-11120 and CVE-2017-11121, were discovered last year by researchers from Google’s Project Zero and were patched in both Android and iOS devices in September...
Read more

Intel Releases Microcode Spectre Patches for Skylake CPUs

Intel continues to release CPU microcode updates that include mitigation for the Spectre vulnerability announced in January. This week the company released fixes for several CPUs on the Skylake platform. The company’s first batch of microcode updates released a month ago, caused reboots and other unexpected behavior for systems running Haswell and Broadwell CPUs. OEMs..
Read more

Unpatched Vulnerability Exposes WordPress Sites to Denial-of-Service Attacks

Attackers can render many WordPress websites unresponsive by exploiting an unpatched vulnerability in core modules that loads JS and CSS files to improve performance. The issue stems from the “load” parameter in the load-styles.php and load-scripts.php modules that can be used to fetch an array of scripts when a page is loaded. Because these modules..
Read more

Adobe Fixes Flash Player Zero-Day Vulnerability

Adobe has released an emergency update for Flash Player to fix a critical zero-day vulnerability that already has been used in targeted attacks by North Korean hackers. News of the vulnerability broke last week with an alert from the South Korean Computer Emergency Response Team (KR-CERT) and follow-up confirmations from security companies that an exploit..
Read more
Page 1 of 1012345...10...Last »