White hat hacker discovered some Windows 10 versions come with a pre-installed version of Keeper Password Manager that exposes systems to passwords stealing. I was reading Tweets when I noticed the following post: I don't want to hear about how even a password manager with a trivial remote root that shares all your passwords with […]
The US President Donald Trump signed a bill that bans the use of Kaspersky Lab products and services in federal agencies. Section 1634 of the bill prohibits the use of security software and services provided by security giant Kaspersky Lab, the ban will start from October 1, 2018. Below the details of the ban included in the section […]
ROBOT ATTACK – Security experts have discovered a 19-year-old flaw in the TLS network security protocol that affects many software worldwide. The security researchers Hanno Böck and Juraj Somorovsky of Ruhr-UniversitĂ€t Bochum/Hackmanit, and Craig Young of Tripwire VERT, have discovered a 19-year-old vulnerability in the TLS network security protocol in the software several tech giants […]
Microsoft released Patch Tuesday updates for December 2017 that address more than 30 vulnerabilities, including 19 Critical browser issues. Microsoft has released its Patch Tuesday updates for December 2017 that address more than 30 vulnerabilities, including 19 critical flaws affecting the Internet Explorer and Edge web browsers. Microsoft addressed several memory corruption flaws that can be exploited […]
Adobe released the Patch Tuesday, this month it only addressed a moderate severity regression issue affecting Flash Player tracked as CVE-2017-11305. It was a poor Patch Tuesday this month for Adobe that only addressed a moderate severity regression issue affecting Flash Player tracked as CVE-2017-11305. The vulnerability was described as a âbusiness logic error,â that can cause the unintended reset of […]
Security expert discovered severe flaws in most popular programming languages that could expose to hack any secure application built on top of them. Last week, IOActive Senior Security Consultant Fernando Arnaboldi presented at the Black Hat Europe 2017 security conference the results of an interesting research about vulnerabilities in several popular interpreted programming languages. Arnaboldi […]
The National Institute of Standards and Technology (NIST) has published a second draft of a proposed update to the NIST Cybersecurity Framework. “On December 5, 2017 NIST published the second draft of the proposed update to the Framework for Improving Critical Infrastructure Cybersecurity (a.k.a., draft 2 of Cybersecurity Framework version 1.1).” states the NIST. “This second […]
A security researcher discovered that hundreds of notebook models contain a debugging code that could be abused by attackers as a keylogger component. Hundreds of notebook models contain a debugging code that could be abused by attackers as a keylogger component. The code was discovered by a security researcher that goes online with the moniker ZwClose, the list of affected models […]
Microsoft issued an emergency Windows Security Update to address a critical flaw, tracked as CVE-2017-11937, that affects the Malware Protection Engine. Microsoft issued an emergency Windows Security Update to address a critical vulnerability, tracked as CVE-2017-11937, that affects the Malware Protection Engine (MPE). The emergency fix comes a few days before Microsoft is scheduled to roll out […]
The OpenSSL Project released the OpenSSL 1.0.2n version that addresses two vulnerabilities discovered by the Google researcher David Benjamin. Benjamin discovered the vulnerabilities using the OSS-Fuzz fuzzing service. The first âmoderate severityâ issue, tracked as CVE-2017-3737, is related to an âerror stateâ mechanism implemented since OpenSSL 1.0.2b. “OpenSSL 1.0.2 (starting from version 1.0.2b) introduced an “error state” […]