LastPass Hacked – Leaking Passwords is not new, last week its Firefox extension was picked apart – now this week it’s Chrome extension is giving up its goodies. I’ve always found LastPass a bit suspect, even though they are super easy to use, and have a nice UI they’ve had TOO many serious security issues […]
So Malwarebytes bug bounty program is live, the official name is actually Malwarebytes Coordinated Vulnerability Disclosure Program – what a mouthful (guidelines here). It’s good to see, bug bounty programs typically tend to have a nett positive effect and end in win-win situations for researchers and software vendors alike. In an effort to encourage researchers […]
So FireEye doesn’t have a particularly good reputation in the security community, it’s generally not handled responsible disclosure well and it’s even taken a security firm (ERNW) to court over a vulnerability disclosure. And now there’s another critical remote root zero-day in FireEye appliances – which is scary, as these are high end devices protecting […]
So the other big news this week apart from the AT&T iPad/iPhone 4 screw-up is that a recently announced critical vulnerability in Windows XP is being exploited in the wild. It was disclosed fairly recently and is a vulnerability in the Windows XP help system disclosed by Tavis Ormandy, a Google researcher who has appeared […]
After informing a researcher just a few days ago that “they do not consider this vulnerability to be of high enough priority to break their quarterly patch cycle” they have made a 180 turn on the issue and pushed out an emergency patch to mitigate against the Serious Java Bug That Exposes Users To Code […]
Once again a different attack vector, seems to the creative season for discovering bugs. I guess it’s partially due to the fact this time of year tends to be pretty quiet business wise so researchers have plenty of downtime to look at nifty ways to break things. This might be a tough one to solve […]
