Security News

Multiple software products from Adobe, Apple, Google, Microsoft, Mozilla, and Samsung were successfully pwned with previously unseen exploits in Tianfu Cup 2020, the third edition of the international cybersecurity contest held in the city of Chengdu, China. "Many mature and hard targets have been pwned on this year's contest," the event organizers said.

In this episode: a zero-day bug in Chrome for Android, the imminent death of Adobe Flash, the evolution of "Malware-as-a-service", and the malware risks from image search. WHERE TO FIND THE PODCAST ONLINE. You can listen to us on Soundcloud, Apple Podcasts, Google Podcasts, Spotify, Stitcher, Overcast and anywhere that good podcasts are found.

Patch Google Chrome with the latest updates - if you don't, you're vulnerable to a zero-day that is actively being exploited, the US Cybersecurity and Infrastructure Security Agency has warned. Criminals are targeting users of Chrome with outdated installations, CISA said in an advisory note urging folk to update their browsers immediately.

We advised everyone to look for a Chrome or Chromium version number ending in.111, given that the previous mainstream version turned out to include a buffer overflow bug that was already known to cybercriminals. The ultimate sort of crack - the gold-medal-with-a-laurel-wreath version - was one that came out with a zero-day delay, where the game and its revenue-busting crack appeared on the very same day.

For the third time in two weeks, Google has patched Chrome zero-day vulnerabilities that are being actively exploited in the wild: CVE-2020-16009 is present in the desktop version of the browser, CVE-2020-16010 in the mobile version. The former was found and reported by Clement Lecigne of Google's Threat Analysis Group and Samuel Groß of Google Project Zero, the latter by Maddie Stone, Mark Brand, and Sergei Glazunov of Google Project Zero.

The vulnerability is tied to Google's open source JavaScript and WebAssembly engine called V8. In its disclosure, the flaw is described as an "Inappropriate implementation in V8". Clement Lecigne of Google's Threat Analysis Group and Samuel Gross of Google Project Zero discovered the Chrome desktop bug on Oct. 29, according to a blog post announcing the fixes by Prudhvikumar Bommana of the Google Chrome team. "Today Chrome fixed two more vulnerabilities that were being actively exploited in the wild. CVE-2020-16009 is a v8 bug used for remote code execution, CVE-2020-16010 is a Chrome sandbox escape for Android," he wrote.

Google has released updates to address multiple vulnerabilities in the Chrome browser, including two that are actively exploited in attacks. Less than two weeks ago, Google released patches for other high-severity flaws in Chrome, including CVE-2020-15999, an actively exploited zero-day in FreeType.

Google has patched a second actively exploited zero-day flaw in the Chrome browser in two weeks, along with addressing nine other security vulnerabilities in its latest update. The zero-day flaw, tracked as CVE-2020-16009, was reported by Clement Lecigne of Google's Threat Analysis Group and Samuel Groß of Google Project Zero on October 29.

Google today released Chrome 86.0.4240.183 for Windows, Mac, and Linux to address 10 security vulnerabilities including a remote code execution zero-day exploited in the wild. Today, Google patched another zero-day in Chrome for Android exploited in the wild, a sandbox escape vulnerability tracked as CVE-2020-16010.

NetMarketShare announced on Sunday plans to shut down its public browser share reporting tool, which has been available for more than 14 years. According to Net Applications, the data provided by NetMarketShare is a primary source in "Tens of thousands of articles and publication".