SB18-162: Vulnerability Summary for the Week of June 4, 2018

Original release date: June 11, 2018 The US-CERT Cyber Security Bulletin provides a summary of new vulnerabilities that have been recorded by the National Institute of Standards and Technology (NIST) National Vulnerability Database (NVD) in the past week. The NVD is sponsored by the Department of Homeland Security (DHS) National Cybersecurity and Communications Integration Center (NCCIC) / United States Computer Emergency Readiness Team (US-CERT). For modified or updated entries, please visit the NVD, which contains historical vulnerability information. The vulnerabilities …
Read More »

Lenovo Finally Patches Ancient BlueBorne Bugs in Tab and Yoga Tablets

Lenovo patches several popular tablet models to protect against BlueBorne vulnerabilities first identified in September 2017.

Zero-Day Flash Exploit Targeting Middle East

Adobe patched the Flash Player vulnerability (CVE-2018-5002) earlier on Thursday.

Adobe Patches Critical Flash Player Bug With Active Exploit

A critical Adobe flaw is being exploited in targeted attacks against Windows users.

Operation Prowli Profits On Weak IoT Devices, Servers

A new malicious campaign has compromised more than 40,000 machines globally to monetize via traffic hijacking and cryptomining.

Shipping Industry Cybersecurity: A Shipwreck Waiting to Happen

Pen Test Partners demonstrates how to send vessels off-course or even onto a path to collision — fairly easily.

Zip Slip Flaw Affects Thousands of Open-Source Projects

An exploit allows attackers to remotely overwrite archive files with their own content, and from there pivot to achieving remote command execution on the machine.

VPNFilter Malware Impact Larger Than Previously Thought

Researchers said they now believe the malware has infected twice the number of router brands than previously stated and that the malware packs a much deadlier punch.

Google Patches 11 Critical Android Bugs in June Update

Remote code execution vulnerabilities dominate this month’s critical Android patches.

Drupalgeddon 2.0 Still Haunting 115K+ Sites

More than 115,000 sites are still vulnerable to a highly critical Drupal bug – even though a patch was released three months ago.