Zero-Day Flash Exploit Targeting Middle East

Adobe patched the Flash Player vulnerability (CVE-2018-5002) earlier on Thursday.

Adobe Patches Critical Flash Player Bug With Active Exploit

A critical Adobe flaw is being exploited in targeted attacks against Windows users.

Zip Slip Flaw Affects Thousands of Open-Source Projects

An exploit allows attackers to remotely overwrite archive files with their own content, and from there pivot to achieving remote command execution on the machine.

VPNFilter Malware Impact Larger Than Previously Thought

Researchers said they now believe the malware has infected twice the number of router brands than previously stated and that the malware packs a much deadlier punch.

Google Patches 11 Critical Android Bugs in June Update

Remote code execution vulnerabilities dominate this month’s critical Android patches.

Drupalgeddon 2.0 Still Haunting 115K+ Sites

More than 115,000 sites are still vulnerable to a highly critical Drupal bug – even though a patch was released three months ago.

WARDroid Uncovers Mobile Threats to Millions of Users Worldwide

An analysis of 10,000 mobile apps has found that a significant portion of them are open to web API hijacking – thanks to inconsistencies between app and server logic in web APIs.

Facebook Defends Against Device-Integrated APIs Policy, But Concerns Remain

Facebook is again in hot water after an article alleged it struck deals with device-makers to access users’ data.

SB18-155: Vulnerability Summary for the Week of May 28, 2018

Original release date: June 04, 2018 The US-CERT Cyber Security Bulletin provides a summary of new vulnerabilities that have been recorded by the National Institute of Standards and Technology (NIST) National Vulnerability Database (NVD) in the past week. The NVD is sponsored by the Department of Homeland Security (DHS) National Cybersecurity and Communications Integration Center (NCCIC) / United States Computer Emergency Readiness Team (US-CERT). For modified or updated entries, please visit the NVD, which contains historical vulnerability information. The vulnerabilities …
Read More »

Browser Side-Channel Flaw De-Anonymizes Facebook Data

An attacker can pick up the profile picture, username and the “likes” of unsuspecting visitors who find themselves landing on a malicious website.