Vulnerability

In computer security, a vulnerability is a weakness which allows an attacker to reduce a system’s information assurance. Vulnerability is the intersection of three elements: a system susceptibility or flaw, attacker access to the flaw, and attacker capability to exploit the flaw.


A new variant of the Petya ransomware (also called Petrwrap) began spreading internationally on Tuesday, June 27. The initial attack vector is unclear, but aggressive worm-like behaviour helps spread the ransomware. How does the Petya variant work? The ransomware exploits the vulnerability CVE-2017-0144 in Microsoft’s implementation of the Server Message […]

McAfee Threat Update – Petya Ransomware Variants


Valve fixes Steam community site vulnerability soon after its discovery
If you’re any kind of PC gamer, then you likely frequent Valve’s Steam service to procure at least some of your games. And if you’re a Steam customer, then you likely spend some time on Steam’s community site — and until just recently, that might not have been the safest […]

Valve fixes Steam community site vulnerability soon after its discovery


Windows 10 Anniversary Update protected users against two pre-patched exploits
Matt Oh and Elia Florio of the Windows Defender ATP Research Team said on Friday that Windows 10 Anniversary Update not only neutralized zero-day kernel exploits used by two recent attack campaigns, but revealed how they were used. The exploits were based on the CVE-2016-7255 and CVE-2016-7256 vulnerabilities, which were […]

Windows 10 Anniversary Update protected users against two pre-patched exploits



All the major browsers are calling time on the SHA-1 hashing algorithm
The most popular web browsers are calling time on SHA-1, the hashing algorithm for securing data, and will soon begin blocking sites that use it. In a blog post, Microsoft stated that the algorithm was no longer secure and allowed attackers to carry out spoofs, phishing attacks, or man-in-the-middle attacks. […]

All the major browsers are calling time on the SHA-1 ...


Microsoft patches nasty Windows 10 security flaw outed by Google
On October 31, Google publicly outed Microsoft for a critical zero-day security flaw in Windows 10 just 10 days after reporting the vulnerability to the firm. Today, as promised in a subsequent (and angry) blog post, Microsoft has patched up the hole and more in a round of updates. The […]

Microsoft patches nasty Windows 10 security flaw outed by Google


Microsoft warns of fake MSE installer Hicurdismos
Microsoft has issued a warning to Windows users to be on alert for Hicurdismos. Hicurdismos is a fake Microsoft Security Essentials (MSE) installer that tricks users into thinking their PC has died. When Hicurdismos is launched it creates a fake Blue Screen of Death along with an error message telling […]

Microsoft warns of fake MSE installer Hicurdismos



Two-step verification through texts might go the way of the dodo sooner or later
Even though the number of websites and services that use two-step verification as a way to secure accounts has increased over the years, the National Institute of Standards and Technology’s latest proposal might put a halt to the verification method. In its mainstream incarnation, two-step verification, also known as multi-factor […]

Two-step verification through texts might go the way of the ...


Update your iPhone to iOS 9.3.3 now: New Stagefright hack threatens Apple devices
Remember Stagefright, that vulnerability in Google’s Android operating system that had security experts up in arms? Turns out Apple devices running older versions of iOS, WatchOS, tvOS, and OS X aren’t immune. According to researcher Tyler Bohan at cybersecurity firm Cisco Talos, older versions of iOS and OS X contain […]

Update your iPhone to iOS 9.3.3 now: New Stagefright hack ...