Microsoft has issued a security advisory for vulnerability CVE-2017-15361 that impacts certain Trusted Platform Module (TPM) chipsets. The company issued steps to detect and mitigate the issue on multiple Microsoft products.
Researchers at FireEye have spotted an uptick in active exploits of CVE-2017-11774, an Outlook security feature bypass vulnerability. Attackers are also actively reversing Outlook vulnerability patch functionality. To help protect against such exploits, FireEye has provided Outlook hardening guidelines.
Security researchers have discovered a dangerous Android vulnerability dubbed “StrandHogg” under active attack by dozens of malicious apps. To add, 500 of the most popular apps may also be vulnerable to the StrandHogg vulnerability.
The National Institute of Standards and Technology (NIST) has issued new Security-Focused Configuration Management of Information Systems guidelines (SP 800-128).
A new Windows trojan dubbed CStealer attempts to steal passwords from Chrome browser. The malware also uses a remote MongoDB server to store the stolen passwords.
Security experts from Kaspersky have discovered 37 vulnerabilities in four VNC implementations, some that have gone undetected since 1999.
A security researcher has published proof of concept (PoC) for exploit code of an Apache Solr remote code execution vulnerability CVE-2019-12409.
T-Mobile disclosed a data breach that impacts a small number of customers of its prepaid service.
The Internet Systems Consortium (ISC) has released a security update that fixes a vulnerability in multiple versions of ISC Berkeley Internet Name Domain (BIND).
Google has released a new security update for Chrome browser 78.0.3904.108 for Windows, Mac and Linux, as well as a Chrome OS update.