Select Page
Adobe Releases Critical Security Updates for Acrobat, Reader and Photoshop CC

Adobe Releases Critical Security Updates for Acrobat, Reader and Photoshop CC

Adobe has just released new versions of its Acrobat DC, Reader and Photoshop CC for Windows and macOS users that patch 48 vulnerabilities in its software.

A total of 47 vulnerabilities affect Adobe Acrobat and Reader applications, and one critical remote code execution flaw has been patched in Adobe Photoshop CC.

Out of 47, Adobe Acrobat and Reader affect with 24 critical vulnerabilities—categorised as Double Free, Heap Overflow, Use-after-free, Out-of-bounds write, Type Confusion, and Untrusted pointer dereference—which if exploited, could allow arbitrary code execution in the context of the targeted user.

images from Hacker News

Another Severe Flaw in Signal Desktop App Lets Hackers Steal Your Chats in Plain Text

Another Severe Flaw in Signal Desktop App Lets Hackers Steal Your Chats in Plain Text

For the second time in less than a week, users of the popular end-to-end encrypted Signal messaging app have to update their desktop applications once again to patch another severe code injection vulnerability.

Discovered Monday by the same team of security researchers, the newly discovered vulnerability poses the same threat as the previous one, allowing remote attackers to inject malicious code on the recipients’ Signal desktop app just by sending them a message—without requiring any user interaction.

images from Hacker News

Android P to Block Apps From Monitoring Device Network Activity

Android P to Block Apps From Monitoring Device Network Activity

Do you know that any app you have installed on your Android phone can monitor the network activities—even without asking for any sensitive permission—to detect when other apps on your phone are connecting to the Internet?

Obviously, they cant see the content of the network traffic, but can easily find to which server you are connecting to, all without your knowledge. Knowing what apps you often use, which could be a competing or a financial app, “shady” or “malicious” app can abuse this information in various ways to breach your privacy.

images from Hacker News

First-Ever Ransomware Found Using ‘Process Doppelgänging’ Attack to Evade Detection

First-Ever Ransomware Found Using ‘Process Doppelgänging’ Attack to Evade Detection

Security researchers have spotted the first-ever ransomware exploiting Process Doppelgänging, a new fileless code injection technique that could help malware evade detection.

The Process Doppelgänging attack takes advantage of a built-in Windows function, i.e., NTFS Transactions, and an outdated implementation of Windows process loader, and works on all modern versions of Microsoft Windows OS, including Windows 10.

Process Doppelgänging attack works by using NTFS transactions to launch a malicious process by replacing the memory of a legitimate process, tricking process monitoring tools and antivirus into believing that the legitimate process is running.

images from Hacker News

Microsoft Patches Two Zero-Day Flaws Under Active Attack

Microsoft Patches Two Zero-Day Flaws Under Active Attack

It’s time to gear up for the latest May 2018 Patch Tuesday.

Microsoft has today released security patches for a total of 67 vulnerabilities, including two zero-days that have actively been exploited in the wild by cybercriminals, and two publicly disclosed bugs.

In brief, Microsoft is addressing 21 vulnerabilities that are rated as critical, 42 rated important, and 4 rated as low severity.

These patch updates address security flaws in Microsoft Windows, Internet Explorer, Microsoft Edge, Microsoft Office, Microsoft Office Exchange Server, Outlook, .NET Framework, Microsoft Hyper-V, ChakraCore, Azure IoT SDK, and more.

images from Hacker News