HP Patches High-Risk Vulnerability in Business Printers

HP released security firmware updates this week for dozens of printers, including enterprise models, to fix a high-risk vulnerability that could allow attackers to compromise the devices. The vulnerability, tracked as CVE-2017-2750, stems from a failure to properly validate DLL signatures and can be exploited to execute arbitrary code on the operating system of 54..
Read more

Intel Warns of Serious Processor Flaws

Intel has released firmware updates for many of its processors to fix eight high-risk flaws that can put systems at risk of complete compromise. The flaws are located in low-level technologies found in the Intel Management Engine (ME), the Intel Trusted Execution Engine (TXE) and the Intel Server Platform Services (SPS). By exploiting the vulnerabilities,..
Read more

Capital One Debuts Beta of Critical Stack Container Orchestration Platform

Critical Stack, a division of Capital One, rolled out a beta program for its containerization management software and at least 41 Fortune 500 enterprises have signed up to take part. An application container orchestration platform, Critical Stack is designed to help enterprises manage secure containerized infrastructure at scale in the cloud. Capital One became the first..
Read more

Insecure Storage Buckets Expose 1.8 Billion Online Posts Scraped for U.S. Military

A Pentagon contractor left three storage buckets publicly accessible on Amazon’s S3 service, exposing more than 1.8 billion online posts collected since 2009. The messages, posted by people from around the world, were likely collected as part of an intelligence-gathering operation for the U.S. military. The breach was discovered by researchers from UpGuard, a company..
Read more

Oracle Patches Critical Vulnerabilities in PeopleSoft Applications

Oracle has released out-of-band security patches for a component used by multiple ERP applications from its PeopleSoft suite. The updates fix five vulnerabilities, including two critical ones that can be exploited to access data from or completely compromise those systems. The vulnerabilities are located in the Jolt protocol implementation within Oracle Tuxedo, an application server..
Read more

More Than 120 Malware Detections Triggered on NSA Employee’s Computer

Kaspersky Lab has concluded an internal investigation into an incident that led to the company being accused of using its antivirus program to copy secret files from the personal computer of an NSA employee. The company believes it has identified the incident in its logs, but telemetry data revealed more than 120 malware detections on..
Read more

Adobe Releases Critical Security Patches for 9 Products

Adobe Systems has released security patches for nine of its products to fix 86 vulnerabilities, the majority of which are rated as critical and important. In addition to Flash Player, Reader and Acrobat, which are the usual recipients of Adobe’s security patches, the company has updated Photoshop CC, Adobe Connect, Adobe DNG Converter, InDesign, Digital..
Read more

Quarantine Flaw in Antivirus Products Allows Privilege Escalation

The malware quarantine feature in several antivirus products could have been abused by local attackers to gain administrative privileges on computers. The issue, dubbed AVGater, was discovered by Florian Bogner, a researcher with security firm Kapsch. It exploits a user’s ability to restore suspicious files that antivirus programs have moved to quarantine. Bogner found a..
Read more

Fancy Bear Adopts New DDE Attack Against Microsoft Office

Russian cyberespionage group Fancy Bear is using a recently publicized technique that abuses a legitimate Microsoft Office feature to create documents that can install malware. For the past several years the most common method of embedding malicious code in Microsoft Office documents has been through macros, scripts that automate tasks in Office programs. In response,..
Read more

Sowbug Cyberespionage Group Hits South America, South Asia

Security researchers have identified a cyberespionage group that has been stealing data from policy and diplomatic organizations in South America and South Asia since at least 2015. “While cyberespionage attacks are often seen against targets in the U.S., Europe, and Asia, it is much less common to see South American countries targeted,” researchers from Symantec..
Read more
Page 1 of 612345...Last »