Apple putties Krack in macOS, iOS

Credit to Author: Gregg Keizer| Date: Tue, 31 Oct 2017 17:06:00 -0700

Apple on Tuesday patched both macOS and iOS against serious vulnerabilities in the Wi-Fi Protected Access II (WPA2) protocol used to secure wireless networks.

Information about the flaws, dubbed “Krack” by their Belgian discoverer, made news earlier in the month when security researcher Mathy Vanhoef announced weaknesses in WPA2 that could allow criminals to read information transmitted over a Wi-Fi network thought to be encrypted.

Krack, said Vanhoef, stood for “Key Reinstallation Attacks.”

The macOS 10.13.1 and iOS 11.1 updates addressed the Krack vulnerabilities, as well as a slew of others. The Mac update fixed a whopping 148 flaws, while the iPhone and iPad update quashed 20 bugs. The bulk of the macOS patches – 90 of the total – plugged holes in “tcpdump,” an open-source network packet analyzer that’s baked into the operating system.

To read this article in full or to leave a comment, please click here

Read more

SSD Advisory – GraphicsMagick Multiple Vulnerabilities

Credit to Author: SSD / Maor Schwartz| Date: Tue, 31 Oct 2017 17:25:29 +0000

Vulnerabilities summary The following advisory describes two (2) vulnerabilities found in GraphicsMagick. GraphicsMagick is “The swiss army knife of image processing. Comprised of 267K physical lines (according to David A. Wheeler’s SLOCCount) of source code in the base package (or 1,225K including 3rd party libraries) it provides a robust and efficient collection of tools and … Continue reading SSD Advisory – GraphicsMagick Multiple Vulnerabilities

Read more

Analyzing malware by API calls

Credit to Author: Pieter Arntz| Date: Tue, 31 Oct 2017 18:59:11 +0000

As an alternative to reverse engineering malware that is protectively packed, we look at the option of analyzing malware by API calls to determine what a file might be up to.



(Read more…)

The post Analyzing malware by API calls appeared first on Malwarebytes Labs.

Read more