EOS has tweeted to confirm that it has patched Vulnerability-related.PatchVulnerability “ most ” of the reported bugs and is “ working hard ” on the remainder . It expects the mainnet launch to stay on schedule . Qihoo 360 , a China-based internet security firm , says it has notified Vulnerability-related.DiscoverVulnerability the EOS blockchain project about “ a series of epic vulnerabilities ” discovered Vulnerability-related.DiscoverVulnerability on its platform . The firm said in a Tuesday report Vulnerability-related.DiscoverVulnerability that loopholes found Vulnerability-related.DiscoverVulnerability in the EOS platform could expose nodes on the network to attackers , giving them the ability to execute code remotely and take “ full control ” of transactions . The firm claims that such an attack could potentially “ decimate ” the entire cryptocurrency network . Qihoo 360 went on to explain that bad actors would be able to attack the network by constructing and publishing smart contracts containing malicious code on the EOS mainnet and have EOS supernodes pack them into new blocks . Subsequently the code would affect all nodes on the network , including those of cryptocurrency wallets and exchanges , letting the attackers gain control of private keys to cryptocurrency transactions . While EOS has not yet made any public comment on the issue , Qihoo 360 said in another blog update that the project ’ s lead developer , Daniel Larimer , was notified Vulnerability-related.DiscoverVulnerability of the issues and that he has since said Vulnerability-related.DiscoverVulnerability the vulnerabilities – identified as issue number 3498 on Github – have been fixed Vulnerability-related.PatchVulnerability . “ If any of these asserts trigger in release it shouldn ’ t pass , but should throw . Allowing the code to continue running in release is a potential security vulnerability and will likely result in crashes elsewhere , ” Larimer wrote on the Github page . Meanwhile , Larimer has today appealed for more external assistance in identifying Vulnerability-related.DiscoverVulnerability critical bugs in the system with the project ’ s mainnet launch just days away .

ENTERPRISE-FOCUSED communication platform Fuze has fixed Vulnerability-related.PatchVulnerability a security vulnerability that allowed anyone to access and download recorded meetings on the platform without password authentication . The flaw was discovered Vulnerability-related.DiscoverVulnerability towards the end of February by Samuel Huckins of security company Rapid7 , and Fuze had disabled Vulnerability-related.DiscoverVulnerability access to recorded meetings by the beginning of March . An update to version 4.3.1 of the Fuze platform on March 10 rectified Vulnerability-related.PatchVulnerability the issue . `` Security is a top priority for Fuze and we appreciate Rapid7 identifying Vulnerability-related.DiscoverVulnerability this issue and bringing it to our attention . When we were informed Vulnerability-related.DiscoverVulnerability by the Rapid7 team of the issue , we took immediate action and have resolved Vulnerability-related.PatchVulnerability the problem , '' Fuze said in a statement . The vulnerability was caused by the way in which the platform incrementally added digits to the URL of recorded meetings , which resulted in relatively easy brute-force attacks proving successful . Combining the simple ability to guess URLs by inputting seven digit numbers with no requirement for authentication was always going to bring the potential for disaster , though there 's no suggestion that anyone with nefarious intent accessed any of the meetings . `` Recorded Fuze meetings are saved to Fuze 's cloud hosting service . They could be accessed by URLs such as 'https : //browser.fuzemeeting.com/ ? replayId=7DIGITNUM ' , where '7DIGITNUM ' is a seven digit number that increments over time , '' Rapid7 explains . `` Since this identifier did not provide sufficient keyspace to resist bruteforcing , specific meetings could be accessed and downloaded by simply guessing a replay ID reasonably close to the target , and iterating through all likely seven digit numbers . This format and lack of authentication also allowed one to find recordings via search engines such as Google . ''

As part of Unit 42 ’ s ongoing threat research , we can now disclose Vulnerability-related.DiscoverVulnerability that Palo Alto Networks Unit 42 researchers have discovered Vulnerability-related.DiscoverVulnerability two code execution vulnerabilities affecting Vulnerability-related.DiscoverVulnerability Microsoft Office that were addressed Vulnerability-related.PatchVulnerability in Microsoft ’ s May 2017 monthly security update release : For current customers with a Threat Prevention subscription , Palo Alto Networks has also released Vulnerability-related.PatchVulnerability IPS signatures providing proactive protection from these vulnerabilities . Traps , Palo Alto Networks advanced endpoint solution , can block memory corruption based exploits of this nature . Palo Alto Networks is a regular contributor to vulnerability research in Microsoft , Adobe , Apple , Google Android and other ecosystems . By proactively identifying Vulnerability-related.DiscoverVulnerability these vulnerabilities , developing protections for our customers , and sharing the information with the security community , we are removing weapons used by attackers to threaten users , and compromise enterprise , government , and service provider networks .