The unpatched flaw would allow a bad actor to execute information-exfiltrating malware, backdoors, ransomware or any other kind of bad code he or she chose.
Link: https://threatpost.com/philips-vulnerability-exposes-sensitive-cardiac-patient-information/136669/
The issue impacts several content management systems, including Typo3 and WordPress, as well as widely-used PDF generation library TCPDF.
An analysis of the world’s most-visited websites shows that vulnerable software, too much active content and large amounts of code execution open visitors to a raft of potential dangers.
Link: https://threatpost.com/threatlist-almost-half-of-the-worlds-top-websites-deemed-risky/136636/
The Cosmos Bank incident is only the latest, not the last, thanks to lagging security practices.
Link: https://threatpost.com/atm-heists-only-set-to-accelerate-after-13m-break-in/136629/
The program focuses on potential abuse methods across Google’s product-specific channels like Google+, Youtube, Gmail and Blogger.
Link: https://threatpost.com/google-expands-bug-bounty-program-to-battle-abuse-methods/136590/
The method could be used to deduce the age, sex, likes or the location history of a user – essentially, the attacker can play “20 questions” to profile the victim.
Link: https://threatpost.com/google-chrome-bug-opens-access-to-private-facebook-information/136573/
Microsoft rolled out 60 patches for its Patch Tuesday release, impacting 19 critical flaws and 39 important flaws.
Link: https://threatpost.com/patch-tuesday-microsoft-addresses-two-zero-days-in-60-flaw-roundup/135103/
Three new vulnerabilities in Intel processors can be exploited to steal sensitive information stored inside personal computers or personal clouds.
Link: https://threatpost.com/intel-cpus-afflicted-with-fresh-speculative-execution-flaws/135096/
This is similar to taking a room key for a building and turning it into a skeleton key that works on every door in the building.
Link: https://threatpost.com/microsoft-flaw-allows-full-multi-factor-authentication-bypass/135086/
The attack targets IKE’s handshake implementation used for IPsec-based VPN connections, opening the door for MiTM attacks or for bad actors to access data carried in VPN sessions.
