Security News

Office 365 Vulnerability Identified Bogus Microsoft.com Email as Valid (Threatpost)
2016-11-21 19:07

An email scam tricked Yandex email recipients into thinking phishing emails were certified legit and from the Microsoft.com domain.

Cryptsetup Vulnerability Grants Root Shell Access on Some Linux Systems (Threatpost)
2016-11-15 20:28

A vulnerability in cryptsetup, a utility used to set up encrypted filesystems on Linux distributions, could allow an attacker to retrieve a root rescue shell on some systems.

VMware Patches VM Escape Vulnerability (Threatpost)
2016-11-15 15:54

VMware patched a vulnerability in Workstation and Fusion that could allow an attacker to run code on a host machine.

Google Releases Supplemental Patch for Dirty Cow Vulnerability (Threatpost)
2016-11-08 18:38

Google’s November Android Security Bulletin patched 15 critical vulnerabilities, but only a supplemental patch for the Dirty Cow Linux vulnerability.

OAuth 2.0 Vulnerability Leads to Account Takeover (SecurityWeek)
2016-11-08 14:13

GitLab Patches Command Execution Vulnerability (Threatpost)
2016-11-03 18:50

Developers with GitLab fixed a critical vulnerability in the open source repository manager that could have allowed the theft of application files, tokens, or secrets.

Unpatched Vulnerability on Wix.com Puts Millions of Sites at Risk (Threatpost)
2016-11-02 21:36

Wix websites are vulnerable to reflective DOM cross-site scripting attack that could give attackers control of user’s websites.

Containers Can't Fence Dirty COW Vulnerability (SecurityWeek)
2016-11-02 17:12

Vulnerability Impacts Web-Exposed SAP Systems (SecurityWeek)
2016-11-01 17:27

Google Discloses Windows Zero-Day Vulnerability (SecurityWeek)
2016-11-01 08:42