Securezoo Cybersecurity Threat Center blog posts of new vulnerabilities and exploits.
A popular WordPress plugin ‘Email Subscribers & Newsletters’ was found to have a vulnerability that could allow an unauthenticated attacker to download subscriber lists on over 100,000 WordPress websites.
WordPress plugin vulnerability fixed Read More »
Security researchers discovered 14 vulnerabilities in Gemalto Sentinel LDK tool that can expose Industrial Control Systems (ICS) and corporate systems to remote attacks if unpatched.
Gemalto vulnerabilities could expose industrial control systems Read More »
Intel made an update yesterday to previously issued security advisory on the Spectre/Meltdown ‘speculation execution’ vulnerabilities that could cause information disclosure on systems running Intel processors.
Intel issues updated security guidance on Spectre/Meltdown Read More »
Oracle has released its Critical Patch Update Advisory for January 2018. The update includes 237 new security fixes for multiple Oracle products to include Spectre (CVE-2017-5753, CVE-2017-5715) and Meltdown (CVE-2017-5754) Intel processor vulnerabilities.
Oracle Critical Patch Update Advisory for January 2018 Read More »
On the heels of recent Spectre and Meltdown vulnerabilities, the F-Secure security team has discovered a security issue in Intel’s Active Management Technology (AMT).
Issue in Intel’s AMT Read More »
Microsoft issued January 2018 Security Updates that includes patches to fix 16 critical bugs in Microsoft products Office, Word and SharePoint.
Microsoft January 2018 Patch Updates Read More »
Apple released macOS High Sierra 10.13.2 Supplemental Update that includes security improvements to Safari and WebKit to mitigate the effects of Spectre vulnerability (CVE-2017-5753 and CVE-2017-5715). Apple also provided a security update for Safari 11.0.2 for OS X El Capitan 10.11.6 and macOS Sierra 10.12.6, with fixes for the same Spectre vulnerabilities. The MacOS High Sierra update will already upgrade Safari to version 11.0.2 (13604.4.7.1.6) or version 11.0.2
Apple releases new security updates to address Spectre Read More »
US-CERT issued a security update regarding the latest Intel processor design flaws. According to the vulnerability note, the CPU hardware implementations are vulnerable to side-channel attacks. The two vulnerabilities are referred to as Meltdown and Spectre. An excerpt from the advisory: “CPU hardware implementations are vulnerable to side-channel attacks referred to as Meltdown and Spectre. These attacks are described in detail by Google Project
Meltdown and Spectre vulnerabilities Read More »
Vulnerabilities dubbed “Trackmageddon” were discovered in online services of (GPS) location tracking devices. The vulnerabilities could allow third parties unauthorized access to location data of all location tracking devices managed by a vulnerable online service. Other types of data impacted include, serial number (i.e., IMEI), assigned phone number, model/type name and custom assigned names. The latter two
Trackmageddon exposes millions of GPS tracking devices Read More »
Researchers at Trustwave performed a deep dive analysis of BrickerBot malware code to discover potential 0day vulnerabilities or lessons learned to help improve Internet of Things (IoT) security.
BrickerBot IoT malware lessons learned Read More »
