Wednesday, December 13, 2017
           (757) 873-6707                     Monday - Friday, 9 am - 5:30pm
Debugging Tool Left on OnePlus Phones, Enables Root Access Phone maker OnePlus is being blasted for leaving a developer debugging app on its handsets allowing phones to be rooted by an attacker with physical access to the device.
Adobe Patches Flash Player, 56 Bugs in Reader and Acrobat Adobe released a monster update for Acrobat and Reader patching dozens of remote code execution vulnerabilities, along with a Flash Player update addressing a handful of critical flaws.
AutoIt Scripting Used By Overlay Malware to Bypass AV Detection IBM’s X-Force Research team reports hackers attacking Brazilian banks are using the Windows scripting tool called AutoIt to reduces the likelihood of antivirus software detection.
Microsoft Provides Guidance on Mitigating DDE Attacks Microsoft published guidance for Windows admins on how to safely disable Dynamic Data Exchange (DDE) fields in Office that are being used to spread malware in email-based attacks.

Latest News

19-Year-Old TLS Vulnerability Weakens Modern Website Crypto

New research shows how an old vulnerability called ROBOT can be exploited using an adaptive chosen-ciphertext attack to reveal the plaintext for a given TLS session.

Microsoft December Patch Tuesday Update Fixes 34 Bugs

Microsoft patched 34 vulnerabilities in all on Tuesday with most of the bugs impacting Microsoft Edge, Microsoft Office and Microsoft’s Scripting Engine.

New Spider Ransomware Comes With 96-Hour Deadline

A ransomware campaign targeting the Balkans comes with a 96-hour deadline and includes a link to a video that assures victims payments can be made easily.

Vulnerability Found in Two Keyless Entry Locks

Researchers are warning of a default-configuration vulnerability in the enterprise-class keyless entry products made by AMAG Technology.

Leftover Debugger Doubles as a Keylogger on Hundreds of HP Laptop Models

HP released an update that fixes debugger code that could allow an attacker to use a Synaptics Touchpad driver as a keylogger.

Android Flaw Allows Attackers to Poison Signed Apps with Malicious Code

An Android vulnerability called Janus allows attackers to inject malicious code into signed Android apps.

Apple Fixes Flaw Impacting HomeKit Devices

Apple said it has fixed an undisclosed vulnerability in its HomeKit framework that could have allowed unauthorized remote control of HomeKit devices such as smart locks and connected garage door openers.

Banking Apps Found Vulnerable to MITM Attacks

Using a free tool called Spinner, researchers identified certificate pinning vulnerabilities in mobile banking apps that left customers vulnerable to man-in-the-middle attacks.

Google Patches Critical Encryption Bug Impacting Pixel, Nexus Phones

As part of its December Android and Pixel/Nexus security updates, Google has issued patches addressing a bevy of flaws, 11 of which are rated critical.

TeamViewer Rushes Fix for Permissions Bug

TeamViewer says it has issued a hotfix to address a bug that allows users sharing a desktop session to gain control of the other’s computer without permission.