Security Alerts & News
by Tymoteusz A. Góral

History
#1911 Cisco patches critical flaw in WebEx Chrome plugin
A vulnerability in the Cisco WebEx Chrome Plugin, used by tens of millions for web conferencing in business environments, exposed computers to remote code execution.

Cisco has patched the flaw, details of which were disclosed Monday by Google Project Zero researcher Tavis Ormandy, who has made a number of high-profile discoveries and disclosures in popular enterprise and security software.

The core issue is what Ormandy calls a “magic URL” used by the extension during WebEx sessions. The researcher said attacks could be carried out so long as a URL request contains the string cwcsf-nativemsg-iframe-43c85c0d-d633-af5e-c056-32dc7efc570b.html; attackers could use this in an iframe, leaving users unaware of an active exploit.
Read more
#1913 Firefox 51 arrives with warning for HTTP websites that collect passwords, WebGL 2 and FLAC support
#1912 Don't use Android pattern lock to protect secrets, researchers warn
#1911 Cisco patches critical flaw in WebEx Chrome plugin
#1910 Online security 101: Tips for protecting your privacy from hackers and spies
#1909 Apple patches critical kernel vulnerabilities
#1908 Virulent Android malware returns, gets >2 million downloads on Google Play
#1907 Widely used WebEx plugin for Chrome will execute attack code—patch now!
History
2017: 01 02 03 04 05
2016: 01 02 03 04 05 06 07 08 09 10 11 12