LastPass Leaking Passwords is not new, last week its Firefox extension was picked apart – now this week it’s Chrome extension is giving up its goodies. I’ve always found LastPass a bit suspect, even though they are super easy to use, and have a nice UI they’ve had TOO many serious security issues for a […]
So Malwarebytes bug bounty program is live, the official name is actually Malwarebytes Coordinated Vulnerability Disclosure Program – what a mouthful (guidelines here). It’s good to see, bug bounty programs typically tend to have a nett positive effect and end in win-win situations for researchers and software vendors alike. In an effort to encourage researchers […]
So FireEye doesn’t have a particularly good reputation in the security community, it’s generally not handled responsible disclosure well and it’s even taken a security firm (ERNW) to court over a vulnerability disclosure. And now there’s another critical remote root zero-day in FireEye appliances – which is scary, as these are high end devices protecting […]
So the other big news this week apart from the AT&T iPad/iPhone 4 screw-up is that a recently announced critical vulnerability in Windows XP is being exploited in the wild. It was disclosed fairly recently and is a vulnerability in the Windows XP help system disclosed by Tavis Ormandy, a Google researcher who has appeared […]
Tags: full-disclosure, google, hacking xp, hacking-windows-XP, microsoft, microsoft patch tuesday, microsoft security, out of bound patch, patch-tuesday, remote code execution, responsible disclosure, tavis ormandy, vulnerability disclosure, windows xp exploit, windows xp security, windows xp vulnerability, Windows-XP, xp hacking, xp security
Posted in: Exploits/Vulnerabilities, Windows Hacking | Add a CommentAfter informing a researcher just a few days ago that “they do not consider this vulnerability to be of high enough priority to break their quarterly patch cycle” they have made a 180 turn on the issue and pushed out an emergency patch to mitigate against the Serious Java Bug That Exposes Users To Code […]
Tags: critical java bug, critical java exploit, critical java vulnerability, fireeye, google employee, hacking java, java, java bug, java code execution, java emergency patch, java exploit, java patch, java virtual machine, java vm, java vulnerability, JAVA-security, jvm, marc maiffret, oracle java, oracle's sun, sun java, tavis ormandy
Posted in: Countermeasures, Exploits/Vulnerabilities, Programming | Add a CommentOnce again a different attack vector, seems to the creative season for discovering bugs. I guess it’s partially due to the fact this time of year tends to be pretty quiet business wise so researchers have plenty of downtime to look at nifty ways to break things. This might be a tough one to solve […]
Tags: critical java bug, critical java exploit, critical java vulnerability, fireeye, google employee, hacking java, java, java bug, java code execution, java exploit, java virtual machine, java vm, java vulnerability, JAVA-security, jvm, marc maiffret, oracle's sun, sun java, tavis ormandy
Posted in: Exploits/Vulnerabilities, Programming, Web Hacking | Add a Comment
