A case study in industry collaboration: Poisoned RDP vulnerability disclosure and response

Credit to Author: Eric Avena| Date: Wed, 07 Aug 2019 23:50:25 +0000

Through a cross-company, cross-continent collaboration, we discovered a vulnerability, secured customers, and developed fix, all while learning important lessons that we can share with the industry.

The post A case study in industry collaboration: Poisoned RDP vulnerability disclosure and response appeared first on Microsoft Security.

Read more

Big password hole in iOS 13 beta spotted by testers

Credit to Author: John E Dunn| Date: Tue, 23 Jul 2019 10:18:52 +0000

A security clanger has been spotted in the current beta version of iOS 13 which allows anyone to access a user’s stored web and app passwords without having to authenticate.<img src=”http://feeds.feedburner.com/~r/nakedsecurity/~4/aZwDCfTPAro” height=”1″ width=”1″ alt=””/>

Read more

Your Android’s accelerometer could be used to eavesdrop on your calls

Credit to Author: Danny Bradbury| Date: Tue, 23 Jul 2019 10:13:08 +0000

Researchers have created an attack called Spearphone that uses the motion sensors in Android phones to listen to phone calls, interactions with your voice assistant, and more.<img src=”http://feeds.feedburner.com/~r/nakedsecurity/~4/XizfSFAizIQ” height=”1″ width=”1″ alt=””/>

Read more

CVE-2019-0888: Use-After-Free in Windows ActiveX Data Objects (ADO)

Credit to Author: SophosLabs Offensive Security| Date: Tue, 09 Jul 2019 14:00:58 +0000

Details of the vulnerability we reported to Microsoft and was fixed in last month’s Patch Tuesday<img src=”http://feeds.feedburner.com/~r/sophos/dgdY/~4/-BE2g_tELic” height=”1″ width=”1″ alt=””/>

Read more

Patch Tuesday squashes 89 bugs-including a SophosLabs find

Credit to Author: SophosLabs Offensive Security| Date: Tue, 11 Jun 2019 21:20:51 +0000

No bugs known to be exploited in the wild, but plenty of serious flaws that need updates<img src=”http://feeds.feedburner.com/~r/sophos/dgdY/~4/l4pze2u2S-k” height=”1″ width=”1″ alt=””/>

Read more

A week in security (June 3 – 9)

Credit to Author: Malwarebytes Labs| Date: Mon, 10 Jun 2019 17:30:58 +0000

A weekly roundup of security news from June 3–9, including Magecart, breaches, hyperlink auditing, Bluekeep, FTC, and facial recognition.

Categories:

Tags:

(Read more…)

The post A week in security (June 3 – 9) appeared first on Malwarebytes Labs.

Read more

CVE-2019-11815: Experts discovered a privilege escalation vulnerability in the Linux Kernel

Credit to Author: Ganesh Lakariya| Date: Mon, 27 May 2019 07:02:35 +0000

Red Hat engineers and experts discovered a memory corruption vulnerability in Linux kernel, which is basically a flaw while implementation of RDS (Remote desktop Protocol) over TCP. This flaw has affected Red Hat, Ubuntu, Debian and SUSE and security advisories have been issued for all. This flaw could enable an…

Read more

Microsoft pushes patch to prevent ‘WannaCry level’ vulnerability

Credit to Author: Malwarebytes Labs| Date: Wed, 15 May 2019 16:57:16 +0000

This month marks two years since the infamous WannaCry attack. Now a Remote Desktop Protocol (RDP) vulnerability has been discovered that could be used in a similar large-scale attack—though Microsoft has released a patch. Have you updated yet?

Categories:

Tags:

(Read more…)

The post Microsoft pushes patch to prevent ‘WannaCry level’ vulnerability appeared first on Malwarebytes Labs.

Read more

4 Lessons to be learned from the DOE’s DDoS attack

Credit to Author: Kayla Matthews| Date: Fri, 17 May 2019 15:59:32 +0000

The Department of Energy was subject to a DDoS attack that caused major disruptions in their operations. Is the smart grid ready for such an attack? Here are the lessons we can take away from the event.

Categories:

Tags:

(Read more…)

The post 4 Lessons to be learned from the DOE’s DDoS attack appeared first on Malwarebytes Labs.

Read more