What you need to know for Patch Tuesday, August 2018

Credit to Author: Andrew ODonnell| Date: Fri, 17 Aug 2018 19:16:44 +0000

With 23 critical vulnerabilities addressed in patches from Microsoft and Adobe, August is turning out to be a good month for updates — but don’t delay installing them.<img src=”http://feeds.feedburner.com/~r/sophos/dgdY/~4/_Fw-RIvgU1s” height=”1″ width=”1″ alt=””/>

Read more

TippingPoint Threat Intelligence and Zero-Day Coverage – Week of June 25, 2018

Credit to Author: Elisa Lippincott (TippingPoint Global Product Marketing)| Date: Fri, 29 Jun 2018 14:18:45 +0000

I have never reverse engineered anything, but I did dismantle a Betamax VCR and put it back together without an instruction manual. My little brother liked to use the tape slot as a garage for his Hot Wheels® toy cars. We were usually able to take out the cars without any issues, but one day,…

The post TippingPoint Threat Intelligence and Zero-Day Coverage – Week of June 25, 2018 appeared first on .

Read more

TippingPoint Threat Intelligence and Zero-Day Coverage – Week of June 18, 2018

Credit to Author: Elisa Lippincott (TippingPoint Global Product Marketing)| Date: Fri, 22 Jun 2018 13:51:39 +0000

As I pull together the list of zero-day filters for this blog, I see all types of vulnerabilities from various vendors. My interest is always piqued when I see a vulnerability affecting a security company. The Zero Day Initiative’s (ZDI) interest was also piqued when the researcher Pagefault submitted a Bitdefender vulnerability to the ZDI…

The post TippingPoint Threat Intelligence and Zero-Day Coverage – Week of June 18, 2018 appeared first on .

Read more

CVE-2018-5002 – Adobe Flash Player Stack Buffer Overflow Vulnerability Alert!

Credit to Author: Sameer Patil| Date: Fri, 08 Jun 2018 09:59:53 +0000

The recent zero-day vulnerability CVE-2018-5002 in Adobe Flash Player enables attackers to perform a Remote Code Execution on targeted machines. Adobe has released a security advisory APSB18-19 on June 7, 2018 to address this issue. According to Adobe, the in-wild exploit is being used in limited, targeted attacks and it…

Read more

TippingPoint Threat Intelligence and Zero-Day Coverage – Week of May 28, 2018

Credit to Author: Elisa Lippincott (TippingPoint Global Product Marketing)| Date: Fri, 01 Jun 2018 14:08:40 +0000

I ended up at an urgent care clinic earlier this week and found out I have strep throat. The doctor who examined me asked me what medicine I had taken prior to my visit to help alleviate my throat pain, to which I replied, “I took a multi-symptom liquid medicine because the pain was keeping…

The post TippingPoint Threat Intelligence and Zero-Day Coverage – Week of May 28, 2018 appeared first on .

Read more

CVE-2018-4990 – Adobe Reader Double Free (Zero Day) vulnerability alert!

Credit to Author: Prashant Kadam| Date: Wed, 16 May 2018 13:10:48 +0000

The recent zero-day vulnerability CVE-2018-4990 in Adobe Reader enables attackers to perform a Remote Code Execution on targeted machines. Adobe has released a security advisory APSB18-09 on May 14, 2018 to address this issue. According to Adobe, the in-wild attack is targeted and it impacts limited Windows users. Vulnerable versions…

Read more

Adobe Reader zero-day discovered alongside Windows vulnerability

Credit to Author: Jérôme Segura| Date: Tue, 15 May 2018 18:44:14 +0000

A new Adobe Reader zero-day exploit has been discovered, including a full sandbox escape.

Categories:

Tags:

(Read more…)

The post Adobe Reader zero-day discovered alongside Windows vulnerability appeared first on Malwarebytes Labs.

Read more

Microsoft Patch Tuesday, May 2018 Edition

Credit to Author: BrianKrebs| Date: Tue, 08 May 2018 20:38:16 +0000

Microsoft today released a bundle of security updates to fix at least 67 holes in its various Windows operating systems and related software, including one dangerous flaw that Microsoft warns is actively being exploited. Meanwhile, as it usually does on Microsoft’s Patch Tuesday — the second Tuesday of each month — Adobe has a new Flash Player update that addresses a single but critical security weakness. First, the Flash Tuesday update, which brings Flash Player to v. 29.0.0.171. Some (present company included) would argue that Flash Player is in itself “a single but critical security weakness.” Nevertheless, Google Chrome and Internet Explorer/Edge ship with their own versions of Flash, which get updated automatically when new versions of these browsers are made available.

Read more

A massive security flaw discovered in Skype. Fix not coming anytime soon.

Credit to Author: Shriram Munde| Date: Wed, 14 Feb 2018 09:10:30 +0000

Quick Heal Security Labs has recently learned about a serious vulnerability in Skype’s update installer – that’s the bad news. The worse news is, Microsoft is not going to patch the vulnerability anytime soon as this would require the updater to go through a ‘large code revision’. What is this…

Read more

Vulnerabilities found in Broadcom Wi-Fi adapter of Lenovo laptop chipsets

Credit to Author: Shriram Munde| Date: Tue, 13 Feb 2018 12:07:22 +0000

Vulnerabilities found in Broadcom Wi-Fi adapter of Lenovo laptop chipsets Lenovo recently released an advisory, warning customers about two critical Broadcom vulnerabilities which impact 25 models of its popular ThinkPad lineup. The Broadcom Wi-Fi chipsets used by Lenovo ThinkPad devices are affected by the CVE-2017-11120 & CVE-2017-11121 vulnerabilities. Both these issues…

Read more

An analysis of an MS office document exploiting a zero-day flash player vulnerability (CVE-2018-4878)

Credit to Author: Quick Heal Security Labs| Date: Wed, 07 Feb 2018 13:59:42 +0000

Important update! Adobe Systems released a critical security update on 6.02.2017 to fix the vulnerability discussed in this post. We recommend you to apply the update immediately. Summary of the vulnerability CVE-2018-4878 is a use-after-free vulnerability present in Adobe Flash Player 28.0.0.137 and its earlier versions are being exploited in…

Read more