After skipping their normal monthly patch day for the first time in years, Adobe was forced to release an emergency update to fix a zero day Flash vulnerability that attackers are exploiting in the wild. According to Kaspersky, criminals are leveraging this flaw in spear phishing emails that contain malicious, Flash-embedded Office documents. If you open one of these … [Read more...]
Krack WPA2 Attacks – Daily Security Byte
In the early 2000s, you probably remember when researchers discovered some vulnerabilities that put the nail in the coffin of Wired Equivalent Privacy (WEP), a security protocol used to protect Wi-Fi communications. Essentially, this WEP vulnerability meant that attackers could quickly crack WEP encryption, and see all your wireless traffic. At the time, this flaw caused a … [Read more...]
“Leaky X” iOS 0day – Daily Security Byte
If you check your Exchange email from an iPhone, on an open Wi-Fi network, you may be offering your Exchange credentials to everyone else on that network. A researcher named James Litwin has disclosed a new iOS vulnerability he calls Leaky X. According to Litwin, the iOS mail app sends unencrypted credentials to Exchange servers during the TCP/IP handshake (before SSL … [Read more...]
D-Link 850L 0Day Vulnerabilities – Daily Security Byte
A researcher has disclosed ten vulnerabilities in the popular D-link 850L consumer router. Summed up, attackers could leverage the combined vulnerabilities to potential gain complete remote control of vulnerable routers. Unfortunately, this researcher disclosed this flaws without first informing D-Link, so their is little you can do to avoid some these flaws until they make a … [Read more...]
Samsung Tizen Fail – Daily Security Byte
If you haven't heard of Tizen, it's a Linux or Android-like operating system (OS) that Samsung uses on their TVs, phones, and other smart devices. In a media interview, an Israeli researcher claims Tizen is horribly coded, allowing him to find forty zero day vulnerabilities in Samsung's OS. He plans on sharing his research at Kaspersky Lab's Security Analyst Summit. Until then, … [Read more...]