Last week, Google Project Zero disclosed two Microsoft vulnerabilities without waiting for Microsoft to patch. Luckily, neither vulnerability poses a major risk, but you should definitely get Microsoft's updates for them when available. Watch the Daily Byte below to learn more about these Windows 10 and Edge Browser issues. Episode Runtime: 2:11 Direct YouTube … [Read more...]
Nation-State Flash 0day – Daily Security Byte
In February, Adobe released an emergency, out-of-cycle update to fix two zero day vulnerabilities in their popular web browser plug-in; Flash Player. According to researchers, North Korean threat actors have used one of these exploits in attacks against South Korean targets. If you use Flash, or have a browser that ships with it, download and install Adobe's patch if you … [Read more...]
XSS: Is God an Onion – Daily Security Byte
Last week, a security research found a pretty serious web application vulnerability on the new Vatican web site. He tried to inform them, but they didn't respond, so he leveraged the vulnerability to post a story saying the Pope claimed God was an onion. Watch the video for more details about this incident, and to learn a bit more about cross-site scripting (XSS) flaws and what … [Read more...]
Meltdown and Spectre – Daily Security Byte
As I mentioned in our video yesterday, on Wednesday the world learned about some critical local vulnerabilities that affect almost every modern computing platform that uses Intel, AMD, or ARM chips. In today's video, I share the most important details about these interesting, though dangerous new vulnerabilities. I also discuss why they pose less risk to WatchGuard Firebox … [Read more...]
IOHIDeous – Daily Security Byte
Last week, a security researcher rang in the New Year with a new macOS zero day vulnerability. For my first video of 2018, I cover an unpatched, local privilege escalation vulnerability that affects the latest version of macOS. A researcher going by Siguza tweeted about this new flaw on December 31st, without first letting Apple know about it. The vulnerability involves a … [Read more...]