Microsoft Outlook for Android Open to XSS Attacks
A spoofing bug (CVE-2019-1105) can open the door to an email attack chain.
Jessica spends 12 hours a day on the internet managing security for web assets and loves her macha tea
MobOk Malware Hides in Photo Editors on Google Play, Siphons Cash
Pink Camera apps secretly signed users up for premium subscription services.
Jessica spends 12 hours a day on the internet managing security for web assets and loves her macha tea
OpenSSH Now Encrypts Secret Keys in Memory Against Side-Channel Attacks
In recent years, several groups of cybersecurity researchers have disclosed dozens of memory side-channel vulnerabilities in modern processors and DRAMs, like Rowhammer, RAMBleed, Spectre, and Meltdown. Have you ever noticed they all had at least one thing in common? That’s OpenSSH. As a proof-of-concept, many researchers demonstrated their side-channel attacks against OpenSSH application installed on…
PoC Released for Outlook Flaw that Microsoft Patched 6 Month After Discovery
As we reported two days ago, Microsoft this week released an updated version of its Outlook app for Android that patches a severe remote code execution vulnerability (CVE-2019-1105) that impacted over 100 million users. However, at that time, very few details of the flaw were available in the advisory, which just revealed that the earlier…
Security Flaw in Pre-Installed Dell Support Software Affects Million of Computers
Dell’s SupportAssist utility that comes pre-installed on millions of Dell laptops and PCs contains a security vulnerability that could allow malicious software or rogue logged-in users to escalate their privileges to administrator-level and access sensitive information. Discovered by security researchers at SafeBreach Labs, the vulnerability, identified as CVE-2019-12280, is a privilege-escalation issue and affects Dell’s…
Beware! Playing Untrusted Videos On VLC Player Could Hack Your Computer
If you use VLC media player on your computer and haven’t updated it recently, don’t you even dare to play any untrusted, randomly downloaded video file on it. Doing so could allow hackers to remotely take full control over your computer system. That’s because VLC media player software versions prior to 3.0.7 contain two high-risk…
This Cryptomining Malware Launches Linux VMs On Windows and macOS
Cybersecurity researchers from at least two firms today unveiled details of a new strain of malware that targets Windows and macOS systems with a Linux-based cryptocurrency mining malware. It may sound strange, but it’s true. Dubbed “LoudMiner” and also “Bird Miner,” the attack leverages command-line based virtualization software on targeted systems to silently boot an…
Firefox 67.0.4 Released — Mozilla Patches Second 0-Day Flaw This Week
Okay, folks, it’s time to update your Firefox web browser once again—yes, for the second time this week. After patching a critical actively-exploited vulnerability in Firefox 67.0.3 earlier this week, Mozilla is now warning millions of its users about a second zero-day vulnerability that attackers have been found exploiting in the wild. The newly patched…
Match, Tinder Swipe Right For Privacy Red Flags, Say Experts
The administrator of your personal data will be Threatpost, Inc., 500 Unicorn Park, Woburn, MA 01801. Detailed information on the processing of personal data can be found in the privacy policy. In addition, you will find them in the message confirming the subscription to the newsletter. Source link Jessica VenkatJessica spends 12 hours a day…
Important Flaw in Outlook App for Android Affects Over 100 Millions Users
Microsoft today released an updated version of its “Outlook for Android” that patches an important security vulnerability in the popular email app that is currently being used over 100 million users. According to an advisory, Outlook app with versions before 3.0.88 for Android contains a stored cross-site scripting vulnerability (CVE-2019-1105) in the way the app…
