Tag: vulnerability

Microsoft patches actively exploited Windows kernel flaw

February 11, 2021

This month’s relatively humble bundle of security updates fixes 56 vulnerabilities, including a zero-day bug and 11 flaws rated as critical. Yesterday was the second Tuesday of the month, which means that Microsoft is rolling out patches for security vulnerabilities found in Windows and its other products. This year’s second batch of security updates brings … More Microsoft patches actively exploited Windows kernel flaw

Google: Better patching could have prevented 1 in 4 zero‑days last year

February 9, 2021

Vendors should fix the root cause of a vulnerability, rather than block just one path to triggering it, says Google. Google’s Project Zero team revealed that a quarter of zero-day exploits detected in 2020 could have been prevented had the vendors issued proper patches for the underlying security flaws. In its Year in Review bloggpost, the … More Google: Better patching could have prevented 1 in 4 zero‑days last year

DNSpooq bugs expose millions of devices to DNS cache poisoning

January 21, 2021

Security flaws in a widely used DNS software package could allow attackers to send users to malicious websites or to remotely hijack their devices. Millions of devices could be vulnerable to Domain Name System (DNS) cache poisoning and remote code execution attacks due to seven security flaws in dnsmasq, DNS forwarding and caching software commonly found in smartphones, … More DNSpooq bugs expose millions of devices to DNS cache poisoning

Bumble bugs could have exposed personal data of all users

November 19, 2020

The information at risk of theft due to API flaws included people’s pictures, locations, dating preferences and Facebook data. Security vulnerabilities in Bumble, one of today’s most popular dating apps, could have exposed the personal information of its entire, almost 100 million-strong user-base. The bugs – which affected Bumble’s application programming interface (API) and stemmed … More Bumble bugs could have exposed personal data of all users

Google squashes two more Chrome bugs under active attacks

November 5, 2020

The updates come on the heels of news of attacks exploiting another zero-day in Chrome in tandem with a previously-unknown Windows flaw. Two weeks after patching an actively-exploited vulnerability affecting Chrome for desktop, Google is squashing another zero-day bug in the browser’s version for Windows, macOS, and Linux, as well as pushing out an update for Chrome … More Google squashes two more Chrome bugs under active attacks