Security Intelligence (blog) |
Risk Reduction: Zeroing In on the Zero–Day Vulnerability
Security Intelligence (blog) All it takes is one zero–day vulnerability to ruin the release of software that is otherwise secure or put devices at risk after a critical update. Despite a growing focus on defeating zero-days, they remain popular among cybercriminals. As noted by SC … |
Anyone who uses the popular Cisco WebEx extension for Chrome should update to the latest version pronto. Google security researcher Tavis Ormandy recently discovered a serious vulnerability in the Chrome extension that leaves PCs wide open to attack.
In older versions of the extension (before version 1.0.3) malicious actors could add a “magic string” to a web address or file hosted on a website. The magic string was designed to remotely activate the WebEx browser extension. Once the extension was activated the bad guys could execute malicious code on the target machine.
To read this article in full or to leave a comment, please click here
|
Google shuts off Chrome Sync API for third-party browsers on Android, citing a security vulnerability
Android Police If you aren't familiar, Chrome has two versions: the open-source Chromium project, and Google's proprietary Chrome builds with added functionality (like a built-in Flash player). Numerous browsers on Android are based on Chromium, including the popular … |
A security issue could allow Facebook and other parties to intercept and read the messages you send via WhatsApp.
David Bisson reports.