vulnerabilities

Vulnerabilities

Issued by: Security Week

Microsoft Releases Security Update for Flash Player Libraries

While most of this month’s security updates have been postponed to March 14, Microsoft has decided to release one bulletin to address the Flash Player vulnerabilities fixed by Adobe on Patch Tuesday. The critical bulletin, MS17-005, resolves 13 vulnerabilities in the Flash Player libraries used by Internet Explorer 10, Internet Explorer 11 and Edge.

Vulnerabilities

Issued by: Security Week

Google Discloses Unpatched Windows GDI Vulnerability

An unpatched vulnerability affecting the Windows Graphics Device Interface (Windows GDI) was publicly disclosed last week after Microsoft failed to address it within 90 days after being notified. The issue was disclosed by Mateusz Jurczyk, an engineer with Google’s Project Zero team, who initially discovered it along with other bugs in the user-mode Windows GDI…

Network Security

Issued by: Security Week

High Severity Flaw Patched in OpenSSL 1.1.0

A high severity denial-of-service (DoS) vulnerability was patched on Thursday in OpenSSL with the release of version 1.1.0e. The flaw, tracked as CVE-2017-3733, has been described as an “Encrypt-Then-Mac renegotiation crash.” The security hole, reported by Joe Orton of Red Hat on January 31, does not affect OpenSSL 1.0.2.

Vulnerabilities

Issued by: Security Week

Over a Dozen Code Execution Flaws Patched in Flash Player

Adobe on Tuesday released security updates that address two dozen vulnerabilities in Flash Player, Digital Editions and the Campaigns marketing tool, but none of the flaws have been exploited in the wild. Flash Player 24.0.0.221 patches 13 critical vulnerabilities that can be exploited for arbitrary code execution, including type confusion, integer overflow, use-after-free, heap buffer…

Malware & Threats

Issued by: Security Week

Simulation Shows Threat of Ransomware Attacks on ICS

Researchers at the Georgia Institute of Technology have demonstrated the potential impact of ransomware on industrial control systems (ICS) by simulating an attack aimed at a water treatment plant. David Formby, a Ph.D. student in the Georgia Tech School of Electrical and Computer Engineering, and his faculty advisor, Raheem Beyah, identified several commonly used programmable…

Network Security

Issued by: CSO

Are companies doing enough on the IoT security front?

We continue to hear dire warnings about the inherent security risks of the Internet of Things (IoT), and indeed IoT-related incidents are happening. With many companies beginning to capture IoT data from connected devices, a key question is are they doing enough to ensure that data and networks are secure? If security executives thought they…

Malware & Threats

Issued by: Security Week

Google Paid Out $9 Million in Bug Bounties Since 2010

Google has awarded researchers more than $9 million since the launch of its bug bounty program in 2010, including over $3 million paid out last year. According to the company, more than 1,000 payments were made last year to roughly 350 researchers from 59 countries. The biggest single reward was $100,000 and over $130,000 were…

Vulnerabilities

Issued by: Dark Reading

Why You’re Doing Cybersecurity Risk Measurement Wrong

Measuring risk isn’t as simple as some make it out to be, but there are best practices to help you embrace the complexity in a productive way. Here are five. Broadly speaking, cybersecurity is risk identification and risk mitigation in the cyber domain. Measuring risk quantitatively is good because it helps security teams measure their…

Vulnerabilities

Issued by: Dark Reading

The 4 Top Barriers To Effective Incident Response

Responding to cyberattacks is straightforward in some ways, difficult in others. Here are four ways that the process can get tripped up. Cyberattacks are getting worse, growing in frequency and impact. This probably isn’t a surprising statement for anyone reading Dark Reading. Most organizations understand this and are taking measures to prevent and detect threats….

Vulnerabilities

Issued by: Security Week

Facebook Awards $40,000 Bounty for ImageTragick Hack

A researcher claims to have received a $40,000 bounty from Facebook for finding a remote code execution vulnerability introduced by the ImageMagick image processing suite. The said ImageMagick flaw, tracked as CVE-2016-3714 and dubbed “ImageTragick,” was disclosed in May 2016. The security hole had already been exploited in the wild and security firms soon started…