Duo Labs has found SAML protocol vulnerabilities that impact multiple vendor single sign-on (SSO) systems.
Trend Micro security researchers have spotted an Oracle vulnerability that is being abused to deliver dual Monero miner malware. The Oracle WebLogic WLS-WSAT vulnerability (CVE-2017-10271) allows remote code execution and was patched by Oracle back in October.
Apple is rushing to fix a another 'Text Bomb' bug that crashes a number of iOS and Mac apps.
Security researchers from Trend Micro have spotted two vulnerabilities that are being exploited on popular CouchDB open source database management systems.
Microsoft issued February 2018 Security Updates that includes more than 50 fixes, 14 of them critical. The updates address multiple Microsoft products to include Windows, Internet Explorer, Edge, Office, Office Services and Web Apps, ChakraCore and Adobe Flash.
Trend Micro researchers detected a new variant of Android Remote Access Tool (AndroRAT) that targets an older publicly disclosed vulnerability (CVE-2015-1805) that allows an attacker to compromise older Android devices to perform privilege escalation.
Lenovo warned its customers about two critical Broadcom WiFi vulnerabilities that affect 25 ThinkPad models. The firmware vulnerabilities impact Broadcom’s BCM4356 Wireless LAN Driver for Windows 10 and contain buffer overflow flaws.
Trend Micro researchers discovered attackers are exploiting a previously patched Windows vulnerability (CVE-2017-11882) by abusing the Windows Installer service, msiexec.exe, to deliver LokiBot malware.
Adobe has released security updates that fix critical vulnerabilities, to include one zero-day, in its Flash Player for Windows, Macintosh, Linux and Chrome OS.
Researchers at Proofpoint have been tracking a massive distributed botnet dubbed Smominru, a Monero cryptocurrency miner, that spreads using the EternalBlue Exploit (CVE-2017-0144).