August 12, Securityweek – (International) Firefox 40 patches vulnerabilities, expands malware protection. Mozilla released version 40 of its Firefox web browser patching about 20 issues and listing four critical advisories including, buffer overflow, integer overflow, use-after-free, and memory safety vulnerabilities which can result in exploitable crashes, among others. Source
August 12, The Register – (International) Blacklists miss 90% of malware blogged IP love. RecordedFuture released findings from a report revealing that over 90 percent of 1,521 recorded malicious Internet Protocol (IP) addresses linked to 2 pieces of malware and 67,563 addresses associated with a malicious executable are not identified by current popular Web blacklists, among other findings. Source
August 12, Securityweek – (International) Microsoft, Adobe patch dozens of security vulnerabilities. Microsoft released 14 security bulletins addressing about 60 vulnerabilities affecting Windows, Internet Explorer, .NET, Office, Lync, Silverlight, and its Edge Web browser, including a privilege escalation vulnerability affecting Windows’ Mount Manager that could be leveraged via a Universal Serial Bus (USB) device, and a memory corruption flaw in Office. In a separate release, Adobe addressed 35 use-after free, integer overflow, buffer overflow, and type confusion vulnerabilities for its Flash Player that could be exploited for arbitrary code execution. Source
August 11, Securityweek – (International) OpenSSH 7.0 fixes authentication vulnerability, other security bugs. The OpenBSD Project released version 7.0 of its Secure Shell (SSH) OpenSSH project addressing four vulnerabilities, including a keyboard-interactive authentication mechanism flaw that exposed servers to brute-force attacks, a use-after-free flaw that could allow for arbitrary code execution, and two vulnerabilities in the portable version of OpenSSH. Source
August 12, IDG News Service – (International) How texting a Corvette could stop it in its tracks. Researchers from the University of California revealed that security vulnerabilities in telematics control units (TCU) could be leveraged to hack into a vehicle’s Controller Area Network (CAN) bus through a demonstration in which they used a text message to remotely cause a vehicle to brake, and activated its windshield wipers. Source