Critical Vulnerabilities Found in LastPass Extensions
For the second time in a few months, LastPass had to address serious security flaws in its password manager browser extensions, this time in both Google Chrome and Mozilla Firefox. The two new vulnerabilities, one involving a website connector bug and the other being a Firefox based message hijacking bug, were discovered by Tavis Ormandy, […]
Critical Vulnerability Haunts Popular PHP Library
There’s a critical security vulnerability in the PHPMailer library, a flaw that could allow an attacker to execute arbitrary code. The bug can be exploited remotely and a researcher already has released proof-of-concept exploit code for it. The PHPMailer library is used in a large number of web applications and open source projects, including WordPress and […]
Pair of Bugs Can Disconnect Schneider HMI Gear From SCADA Networks
Researchers have discovered a pair of serious vulnerabilities in several ICS products made by Schneider Electric that can allow an attacker to freeze the control panel of vulnerable devices and force them to disconnect from a SCADA network. The vulnerabilities affect seven different Magelis products from Schneider, which are used for remote management and monitoring […]
OpenSSL Fixes Critical Bug Introduced in Patch Last Week
Four days after releasing a new version that fixed several security problems, the OpenSSL maintainers have rushed out another version that patches a vulnerability introduced in version 1.1.0a on Sept. 22. Last week, OpenSSL patched 14 security flaws in various versions of the software, which is the most widely used toolkit for implementing TLS. One of […]
ASN.1 Flaw Threatens Mobile Networks
UPDATED–Researchers have identified a serious flaw that could allow an attacker to compromise a number of different devices and networks, including telecommunications networks and mobile phones, as well as a number of other embedded devices. The vulnerability is in a specific compiler that’s used for software in several programming languages in a number of industries, including aviation, […]