Orome1 writes: In the last five months, Google’s OSS-Fuzz program has unearthed over 1, 000 bugs in 47 open source software projects… So far, OSS-Fuzz has found a total of 264 potential security vulnerabilities: 7 in Wireshark, 33 in LibreOffice, 8 in SQLite 3, 17 in FFmpeg — and the list goes on… Google launched the program in December and wants more open source projects to participate, so they’re offering cash rewards for including “fuzz” targets for testing in their software. “Eligible projects will receive $1, 000 for initial integration, and up to $20, 000 for ideal integration” — or twice that amount, if the proceeds are donated to a charity. Read more of this story at Slashdot.
More:
Google Found Over 1,000 Bugs In 47 Open Source Projects
An anonymous reader writes from a report via BleepingComputer: A security flaw discovered in a common PHP class allows knowledgeable attackers to execute code on a website that uses a vulnerable version of the script, which in turn can allow an attacker to take control over the underlying server. The vulnerable library is PHPMailer, a PHP script that allows developers to automate the task of sending emails using PHP code, also included with WordPress, Drupal, Joomla, and more. The vulnerability was fixed on Christmas with the release of PHPMailer version 5.2.18. Nevertheless, despite the presence of a patched version, it will take some time for the security update to propagate. Judging by past incidents, millions of sites will never be updated, leaving a large chunk of the Internet open to attacks. Even though the security researcher who discovered the flaw didn’t publish any in-depth details about his findings, someone reverse-engineered the PHPMailer patch and published their own exploit code online, allowing others to automate attacks using this flaw, which is largely still unpatched due to the holiday season. Read more of this story at Slashdot. 
Over the years, Apple may have improved security, filters, and screening process of apps for its Mac’s App Store, but even today things the quality of fraudulent apps continue to not only seep through its gatekeepers, but often times outnumber the good apps. How To Geek did some investigation over this and published the findings yesterday in a story titled, “Don’t Be Fooled: The Mac App Store Is Full of Scams”. It didn’t take long for the publication to find scam apps on Apple’s marquee app store for Mac computers. A search for “Microsoft Excel”, for instance, returns “Office Bundle” made by a third-party. The app offers templates — and just that — for $30. Same is the case with any Office suite application. This might not seem as a real problem to many, but as How to Geek points out, there is one more problem: almost all these apps have icons and title names that are similar to those of Microsoft’s, and Apple has had no issues with that. From the article: Let’s be blunt: these customers were ripped off, and Apple pocketed $10 each (Editor’s note: Apple charges 30 percent on all transactions on App Store(. And you’ll only see these comments if you scroll past the two five star reviews that mention the word “app” numerous times. All of these fakes use Microsoft brands like Office, Word, and Excel in the product names. The logos aren’t one-to-one copies of Microsoft’s official logos, but they’re almost always the correct color and letter (blue “W” for Word, green “E” for Excel, etcetera). Read more of this story at Slashdot.