Description: Mozilla has released security updates to address multiple vulnerabilities in Firefox and Firefox ESR. The Developer Tools feature suffers from a XUL injection vulnerability due to improper sanitization of the web page source code. In the worst case, this could allow arbitrary code execution when opening a malicious page...
Read more
Description: Adobe has released security updates to address vulnerabilities in Adobe Flash Player, Acrobat, Reader, Experience Manager, and Digital Editions. Impact: An attacker who successfully exploited the vulnerability could take control of an affected system. Mitigation: Updates are available. Please check specific vendor advisory for more information. Reference URL’s: https://helpx.adobe.com/security/products/flash-player/apsb17-23.html...
Read more
Description: Microsoft releases security updates for August 17. This release consists of security updates for the following software: Internet Explorer Microsoft Edge Microsoft Windows Microsoft SharePoint Adobe Flash Player Microsoft SQL Server Impact: An attacker who successfully exploited the vulnerability could take control of an affected system. Mitigation: Updates are available....
Read more
The Department for Transport and the Centre for Protection of National Infrastructure (CPNI) created the recommendations so that organizations can use them to build safer, more secure cars as smart technology continues to evolve. Known collectively as “the key principles of vehicle cyber security for connected and automated vehicles,” the...
Read more
Throughout the years, banks have expanded their services by offering an ever-evolving set of online capabilities. As a result, financial institutions have become an obvious target for cybercrime and have been quick to deploy various layers of protection to keep their customers safe. Many cybercriminals operate like startup companies, consistently...
Read more
The developer of a very popular Google Chrome extension has regained access over his tool after an unknown hacker had managed to hijack his developer account and push a malicious version that contained adware. The extension’s name is Web Developer, a tool developed by Chris Pederick, Director of Engineering at...
Read more
Cerber ransomware has acquired the reputation of being one of the most rapidly evolving ransomware families to date. Just in May, we pointed out how it had gone through six separate versions with various differences in its routines. Several months later and it seems to have evolved again, this time...
Read more
On August 1, npm Inc. — the company that runs the biggest JavaScript package repository — removed 38 JavaScript npm packages that were caught stealing environment variables from infected projects. According to a subsequent investigation by npm’s team, on July 19, a person named HackTask uploaded 38 JavaScript libraries on...
Read more
Proofpoint researchers have uncovered that the threat actor commonly referred to as FIN7 has added a new JScript backdoor called Bateleur and updated macros to its toolkit. We have observed these new tools being used to target U.S.-based chain restaurants, although FIN7 has previously targeted hospitality organizations, retailers, merchant services,...
Read more
A team of three security researchers has found and disclosed two security flaws in the TCU (telematics control unit) components that ship with various luxury car models. TCUs are 2G modems that receive or send data from a car’s internal system and are used as an interface between the car...
Read more
