Security Alerts & News
by Tymoteusz A. Góral

History
#995 Patched libarchive vulnerabilities have big reach
The libarchive programming library was recently patched against three critical memory-related vulnerabilities that could be abused to execute code on computers running the vulnerable software.

As is the case with most open source software packages, patching the core library is only half the battle; admins must now ensure that third-party software running the library is also fixed, and that’s not an easy task.

“When vulnerabilities are discovered in a piece of software such as libarchive, many third-party programs that rely on, and bundle libarchive are affected,” said Cisco Talos researcher Marcin Noga in a report published Tuesday. “These are what are known as common mode failures, which enable attackers to use a single attack to compromise many different programs/systems. Users are encouraged to patch all relevant programs as quickly as possible.”
Read more
#1007 Google launches Android programming course for absolute beginners
#1006 Apple’s official statement on why the iOS 10 kernel is not encrypted
#1005 WordPress security update patches two dozen flaws
#1004 Unpatched remote code execution flaw exists in Swagger
#1003 Let’s Encrypt celebrates big HTTPS milestone
#1002 Hackers would like to join your LinkedIn network - and you'd probably accept them
#1001 McAfee Labs: Threats Report (PDF)
#1000 ‘GODLESS’ mobile malware uses multiple exploits to root devices
#999 Firm pays $950,000 penalty for using WiFi signals to secretly track phone users
#998 Advantech patches WebAccess remote code execution flaws
#997 Ransomware a two-year nightmare in the making
#996 Nuclear, Angler exploit kit activity has disappeared
#995 Patched libarchive vulnerabilities have big reach
#994 154 million voter records exposed, revealing gun ownership, Facebook profiles, and more
History
2017: 01 02 03 04 05
2016: 01 02 03 04 05 06 07 08 09 10 11 12