unCAPTCHA AI Cracks Google reCAPTCHAs with 90% Accuracy

A proof-of-concept from the University of Maryland can defeat the audio challenges that are offered as an option for people with disabilities.

Skype Glitch Allowed Android Authentication Bypass

A glitch allowed hackers to access contacts, photos and more on Android devices – simply by answering a Skype call.

SB19-007: Vulnerability Summary for the Week of December 31, 2018

Original release date: January 07, 2019 The US-CERT Cyber Security Bulletin provides a summary of new vulnerabilities that have been recorded by the National Institute of Standards and Technology (NIST) National Vulnerability Database (NVD) in the past week. The NVD is sponsored by the Department of Homeland Security (DHS) National Cybersecurity and Communications Integration Center (NCCIC) / United States Computer Emergency Readiness Team (US-CERT). For modified or updated entries, please visit the NVD, which contains historical vulnerability information. The vulnerabilities …
Read More »

CERT/CC Reports Critical Vulnerabilities in Microsoft Windows, Server

Original release date: January 04, 2019 The CERT Coordination Center (CERT/CC) has released information on vulnerabilities affecting versions of Microsoft Windows and Windows Server. A remote attacker could exploit these vulnerabilities to take control of an affected system. The National Cybersecurity and Communications Integration Center (NCCIC), part of the Cybersecurity and Infrastructure Security Agency (CISA), encourages users and administrators to review CERT/CC’s Vulnerability Notes VU#289907 and VU#531281 and Microsoft’s security advisories for CVE-2018-8611 and CVE-2018-8626 and apply the necessary updates. This …
Read More »

A Dozen Flaws in Popular Mac Clean-Up Software Allow Local Root Access

All of the vulnerabilities arise from improper input validations.

Adobe Fixes Two Critical Acrobat and Reader Flaws

An unscheduled patch fixed two critical flaws that could enable arbitrary code execution.

Dual Data Leaks of Blur, Town of Salem Impact Millions

Password-manager Blur and role-playing game Town of Salem both disclosed data breaches this week that impacted a combined 10 million.

EU Offers Bug Bounties For 14 Open Source Projects

As the bug bounty programs begin to roll out in January, security experts worry that the programs miss the mark on truly securing open source projects.

Chrome in Android Leaks Device Fingerprinting Info

Attackers could craft a campaign that makes use of the device profile in order to exploit any vulnerabilities in a targeted fashion.

Threatlist: Dark Web Markets See an Evolution in Q3

Vulnerabilities, stolen credentials and an evolution of marketplaces mark the Dark Web in Q3.