Security Alerts & News
by Tymoteusz A. Góral

History
#1907 Widely used WebEx plugin for Chrome will execute attack code—patch now!
The Chrome browser extension for Cisco Systems WebEx communications and collaboration service was just updated to fix a vulnerability that leaves all 20 million users susceptible to drive-by attacks that can be carried out by just about any website they visit.

A combination of factors makes the vulnerabilities among the most severe in recent memory. First, WebEx is largely used in enterprise environments, which typically have the most to lose. Second, once a vulnerable user visits a site, it's trivial for anyone with control of it to execute malicious code with little sign anything is amiss. The vulnerability and the resulting patch were disclosed in a blog post published Monday by Tavis Ormandy, a researcher with Google's Project Zero security disclosure service.

Martijn Grooten, a security researcher for Virus Bulletin, told Ars:

"If someone with malicious intentions (Tavis, as per Google's policy, disclosed this responsibly) had discovered this, it could have been a goldmine for exploit kits. Not only is 20 million users a large enough number to make it worthwhile in opportunistic attacks, I assume people running WebEx are more likely to be corporate users. Imagine combining this with ransomware!"
Read more
#1913 Firefox 51 arrives with warning for HTTP websites that collect passwords, WebGL 2 and FLAC support
#1912 Don't use Android pattern lock to protect secrets, researchers warn
#1911 Cisco patches critical flaw in WebEx Chrome plugin
#1910 Online security 101: Tips for protecting your privacy from hackers and spies
#1909 Apple patches critical kernel vulnerabilities
#1908 Virulent Android malware returns, gets >2 million downloads on Google Play
#1907 Widely used WebEx plugin for Chrome will execute attack code—patch now!
History
2017: 01 02 03 04 05
2016: 01 02 03 04 05 06 07 08 09 10 11 12