May 28, Softpedia – (International) Apache Cordova glitch allows tampering with mobile app behavior. A security researcher at Trend Micro discovered a high-severity security flaw in Android apps built with Apache Cordova which could allow an attacker to use locally compromised apps or remote web servers to inject malicious intent bundles by taking advantage of default behavior preferences in the Cordova framework. Source
May 27, Softpedia – (International) Flash Player vulnerability exploited 2 weeks after Adobe’s patch release. Security researchers at FireEye discovered that cybercriminals are targeting outdated versions of Adobe’s Flash player with drive-by attacks that leverage a memory corruption vulnerability to deliver the Bedep trojan, which initiates click-fraud activities and an infection cycle that funnels in additional malware through redirects. Source
May 27, Threatpost – (International) Rockwell addresses weak password protections in its HMI software. Rockwell Automation patched a vulnerability in its RSView32 human machine interface (HMI) software in which an attacker with local access could exploit weak, outdated user-defined password encryption algorithms to reveal passwords and gain access to the automation environment. Source