Microsoft Outlook for Android Open to XSS Attacks
A spoofing bug (CVE-2019-1105) can open the door to an email attack chain.
A spoofing bug (CVE-2019-1105) can open the door to an email attack chain.
Jessica spends 12 hours a day on the internet managing security for web assets and loves her macha tea
Pink Camera apps secretly signed users up for premium subscription services.
Jessica spends 12 hours a day on the internet managing security for web assets and loves her macha tea
In recent years, several groups of cybersecurity researchers have disclosed dozens of memory side-channel vulnerabilities in modern processors and DRAMs, like Rowhammer, RAMBleed, Spectre, and Meltdown. Have you ever noticed they all had at least one thing in common? That’s OpenSSH. As a proof-of-concept, many researchers demonstrated their side-channel attacks against OpenSSH application installed on…
As we reported two days ago, Microsoft this week released an updated version of its Outlook app for Android that patches a severe remote code execution vulnerability (CVE-2019-1105) that impacted over 100 million users. However, at that time, very few details of the flaw were available in the advisory, which just revealed that the earlier…
Dell’s SupportAssist utility that comes pre-installed on millions of Dell laptops and PCs contains a security vulnerability that could allow malicious software or rogue logged-in users to escalate their privileges to administrator-level and access sensitive information. Discovered by security researchers at SafeBreach Labs, the vulnerability, identified as CVE-2019-12280, is a privilege-escalation issue and affects Dell’s…
If you use VLC media player on your computer and haven’t updated it recently, don’t you even dare to play any untrusted, randomly downloaded video file on it. Doing so could allow hackers to remotely take full control over your computer system. That’s because VLC media player software versions prior to 3.0.7 contain two high-risk…
Cybersecurity researchers from at least two firms today unveiled details of a new strain of malware that targets Windows and macOS systems with a Linux-based cryptocurrency mining malware. It may sound strange, but it’s true. Dubbed “LoudMiner” and also “Bird Miner,” the attack leverages command-line based virtualization software on targeted systems to silently boot an…
Okay, folks, it’s time to update your Firefox web browser once again—yes, for the second time this week. After patching a critical actively-exploited vulnerability in Firefox 67.0.3 earlier this week, Mozilla is now warning millions of its users about a second zero-day vulnerability that attackers have been found exploiting in the wild. The newly patched…
The administrator of your personal data will be Threatpost, Inc., 500 Unicorn Park, Woburn, MA 01801. Detailed information on the processing of personal data can be found in the privacy policy. In addition, you will find them in the message confirming the subscription to the newsletter. Source link Jessica VenkatJessica spends 12 hours a day…
Microsoft today released an updated version of its “Outlook for Android” that patches an important security vulnerability in the popular email app that is currently being used over 100 million users. According to an advisory, Outlook app with versions before 3.0.88 for Android contains a stored cross-site scripting vulnerability (CVE-2019-1105) in the way the app…