March 19, Softpedia – (International) Zero-days for Firefox, IE 11, Adobe’s Flash and Reader exploited at Pwn2Own 2015. Security researchers leveraged multiple zero-day vulnerabilities to exploit 13 undisclosed bugs in Adobe’s Flash and Reader, Mozilla’s Firefox, and Microsoft’s Internet Explorer 11 to take control of compromised systems through various methods, which included heap overflow remote code execution, a cross-origin vulnerability, and a use-after-free (UAF) remote code execution, among others at Hewlett Packard and Google Project Zero’s Pwn2Own hacking competition. Source
March 19, Softpedia – (International) OpenSSL’s undisclosed high-severity issue is far from FREAK, POODLE, or Heartbleed. OpenSSL released an update for its cryptographic library addressing one high severity denial-of-service (DoS) vulnerability affecting version 1.0.2 that could allow a NULL pointer dereference to occur. The update also addressed a number of other moderate vulnerabilities affecting several OpenSSL versions, including segmentation faults and an issue with processing Base64 encoded data. Source
March 19, IDG News Service – (International) At least 700,000 routers given to customers by ISPs are vulnerable to hacking. A security researcher discovered that over 700,000 ADSL routers, mostly running firmware from the China-based Shenzhen Gongjin Electronics, doing business as T&W trademark, and distributed to customers from internet service providers (ISPs) worldwide, contain directory transversal flaws in their firmware that could allow attackers to extract sensitive data and change router configuration settings. The researcher notified the firmware developer, affected device vendors, and the U.S. Computer Emergency Readiness Team (US-CERT). Source