Google is rolling out a critical patch for their Chrome browser in order to fix four serious vulnerabilities including one which enables arbitrary code execution on the system simply by visiting a specially crafted webpage – with no other user interaction required. Google is not releasing details of the vulnerabilities, other than to say theyRead more
Blog
Microsoft’s December 2018 patch Tuesday release includes fixes for several critical vulnerabilities including one in PowerPoint which affects all versions since PowerPoint 2010. The PowerPoint bug (CVE-2018-8628) would allow an attacker to create a specially-crafted file, which when opened by PowerPoint, would enable the attacker to run arbitrary code as the logged-in user. According toRead more
A recent vulnerability in Sennheiser’s headphone management utility illustrates the risk of unexpected additions to the Microsoft windows certificate store. During installation, the Sennheiser software installed a self-signed root certificate into the computer’s trusted root CA certificate store. A copy of the certificates’ private key was also copied into application’s installation directory. Security research firmRead more
Browser cookies play an important role in nearly all modern websites and applications. From tracking user-interaction through services like Google Analytics, through to maintaining the state of customer shopping carts in eCommerce applications. Cookies can also contain session tokens for web applications to ensure that user sessions are maintained between browser page refreshes. Although securityRead more
