Unofficial patches have been released for two unfixed Oracle Java Runtime Environment (RE) vulnerabilities discovered by Google Project Zero researcher Mateusz Jurczyk. On February 18, Google Project Zero made public the details of four Java RE vulnerabilities caused by heap-based out-of-bounds read bugs. The security holes were discovered during fuzz testing aimed at the processing …
Microsoft is extending the protection capabilities of Windows Defender Application Guard with the release of browser extensions for Chrome and Firefox. The new extensions were designed to automatically redirect untrusted navigations to Windows Defender Application Guard for Microsoft Edge. The extensions check site URLs against a list of trusted domains (defined by enterprise admins) and …
Released in Beta 1 last week, the latest Android iteration (Android Q) arrived with new privacy protection improvements and other security enhancements. Building on previously introduced features such as file-based encryption, lockdown mode, encrypted backups, Google Play Protect, and more, Android Q brings more control over location access, improved transparency, and better data security (many …
Europol on Monday announced the adoption of a new protocol for how law enforcement authorities in the European Union and beyond will respond to major cross-border cyberattacks. The new EU Law Enforcement Emergency Response Protocol should prove useful in case of major attacks such as the ones involving WannaCry and NotPetya malware, which in 2017 …
Apple reported on Friday that the FaceTime spying bug that has been making headlines in the past days has been partially fixed, but users will have to wait until next week for a software update. According to Apple, a server-side patch has been implemented, but the application update that re-enables the Group FaceTime feature will …
Nearly half a million Ubiquity devices may be affected by a vulnerability that has already been exploited in the wild, security experts warned last week. Jim Troutman, consultant and director of the Northern New England Neutral Internet Exchange (NNENIX), revealed last week on Twitter that hackers had been remotely targeting Ubiquity networking devices exposed via …
Attackers recently started abusing the Constrained Application Protocol (CoAP) for the reflection/amplification of distributed denial of service (DDoS) attacks, NETSCOUT warns. CoAP is a simple UDP protocol designed for low-power computers on unreliable networks that appears similar to HTTP, but which operates over UDP (User Datagram Protocol) port 5683. The protocol is mainly used by …
A vulnerability in Skype for Android allows an unauthenticated attacker to view photos and contacts, and even open links in the browser, a security researcher has discovered. Found by Florian Kunushevci, a 19-year-old researcher from Kosovo, the vulnerability requires for the attacker to have physical access to the target device. Next, they would need to …
Dataresolution.net, a cloud hosting provider headquartered in San Juan Capistrano, CA and with data centers in Los Angeles CA, Reston VA, London UK, Hamilton Bermuda, and Canada, was infected with ransomware on Christmas Eve, 2018. It appears that the firm declined to pay any ransom, and is reconstituting the files manually and from backups. According …
A serious denial-of-service (DoS) vulnerability impacts several industrial automation products from Japanese electrical engineering and software company Yokogawa Electric. The flaw exists in the Open Communication Driver for Vnet/IP, a real-time plant network system for process automation. The problematic driver is present in several Yokogawa products, including CENTUM CS 3000 and CENTUM VP distributed control …