Security News

SAP Patches High-Risk Flaws in SAP POS, Host Agent (Threatpost)
2017-07-12 16:25

SAP fixed 23 vulnerabilities across roughly a dozen products on Tuesday, including a series of high-risk flaws in SAP POS and SAP Host Agent.

Vulnerabilities Expose Oracle OAM 10g to Remote Session Hijacking (Threatpost)
2017-07-12 12:18

Version 10g of Oracle Access Manager suffers from vulnerabilities that could allow an attacker to hijack sessions.

Telegram-Controlled Hacking Tool Targets SQL Injection at Scale (Threatpost)
2017-07-11 20:55

The Katyusha Scanner can find SQL injection bugs at scale, and is managed via the Telegram messenger on any smartphone.

Microsoft Patch Tuesday Update Fixes 19 Critical Vulnerabilities (Threatpost)
2017-07-11 20:36

Microsoft releases a total of 57 security patches, part of its July Patch Tuesday, with 20 rated critical.

Microsoft Addresses NTLM Bugs That Facilitate Credential Relay Attacks (Threatpost)
2017-07-11 17:43

Microsoft today addressed two NTLM-related vulnerabilities privately disclosed by Preempt Security. The flaws allow for credential relay attacks.

Adobe Fixes Six Vulnerabilities in Flash, Connect with July Update (Threatpost)
2017-07-11 16:33

Adobe only fixed six vulnerabilities in two products, making it the company's smallest security bulletin of the year.

Micro Market Vendor Warns of Bankcard And Biometric Data Breach (Threatpost)
2017-07-10 21:59

Avanti Markets notified customers of a possible breach of personal and payment card data as well as biometric user information that likely occurred July 4.

Telcos Singled Out for Prioritizing Government Requests for Data Over Privacy (Threatpost)
2017-07-10 20:30

The EFF's annual Who Has Your Back report singles out giant telecommunications providers for their prioritization of government requests for data over privacy.

Energy, Nuclear Targeted with Template Injection Attacks (Threatpost)
2017-07-10 18:34

Adversaries are using the SMB communications channel to launch template injection attacks against the energy sector, including nuclear facilities.

Google to Fully Distrust WoSign/StartCom SSL Certs in Chrome 61 (Threatpost)
2017-07-10 18:28

Google has put websites signed with WoSign/StartCom SSL certificates on notice that it will no longer trust certs from the Chinese CA starting in Chrome 61.