Vulnerabilities News, Articles and Updates

Security bugs in Dell storage platform allowed hackers to gain root access

Security researchers recently unearthed as many as nine security vulnerabilities in Dell EMC's Isilon OneFS platform allowing remote attackers to launch social engineering attacks and subsequently access the Isilon systems at root.

Reported vulnerabilities in Microsoft products more than doubled since 2013

The total number of reported vulnerabilities in Microsoft's software products, including those in the new Windows 10 operating system, rose over two-fold in the last four years and critical vulnerabilities rose by 60 percent.

Cryptocurrency mining crimeblotter, Apache CouchDB & other vulnerabilities

The amount of illegal cryptocurrency mining that is now taking place makes keeping track a difficult task, but here is a quick roundup of what was has been spotted over the last few days.

AndroRAT exposes fragmented Android ecosystem vulnerabilities

A new version of a familiar menace, AndroRAT, has emerged from out of the trash to exploit long forgotten vulnerabilities.

Microsoft Patch Tuesday: Nearly 50 patches, most for privilege escalation

Microsoft patched nearly 50 vulnerabilities this month, including patches for an Adobe Flash Player zero-day vulnerability that was announced earlier this month.

Adobe Patch Tuesday patches issues in Acrobat, Reader & Experience manager

Adobe's Patch Tuesday updates included security updates for Adobe Acrobat and Reader for Windows and Macintosh to address critical vulnerabilities that could potentially allow an attacker to take control of the affected system.

APIs in Samsung, Roku devices unsecure: Consumer Reports

Several Smart TVs from Samsung and others using the Roku TV platform, as well as media players from that company, are susceptible cyber-attacks, according to Consumer Reports, a claim denied vehemently by Roku.

Security shortage forces CISOs to increase reliance on machine learning

With enterprises struggling with a massive shortage of experienced cyber-security professionals, today's CISOs are placing more faith in machine learning which they believe will be important to their IT security functions.

Desperately needed fix for Flash Player bug exploitation released by Adobe

Adobe Systems today released a critical security update for a pair of vulnerabilities in Flash Player, one of which has been actively exploited in phishing attacks attributed to North Korean APT actor Group 123.

All versions' of Windows vulnerable to tweaked Shadow Broker NSA exploits

NSA exploits stolen by hacker Shadow Brokers can be tweaked to exploit vulnerabilities in all versions of Windows, including Windows 10 - so deploy the MS17-010 security update from Microsoft as soon as possible.

Core Security releases advisory on Kaspersky Labs' Secure Mail Gateway

Core Security issued an advisory for multiple vulnerabilities it found in Kaspersky Labs' Secure Mail Gateway that if left unpatched could lead to administrative account takeover.

Monero crypto miner leveraging Apache Struts vulnerability

Cryptocurrency miners have begun using two older and already patched vulnerabilities to compromise servers to mine the Monero digital currency.

Intel advises companies to stop

Intel is recommending that vendors and end users stop deploying the current version of its patch designed to fix the Spectre/Meltdown vulnerabilities that were discovered in most of the company's processors.

Cisco security updates nix high-impact DoS and privilege escalation bugs

Cisco Systems on Wednesday issued 26 security updates to fix an array of vulnerabilities, including high-impact bugs in its Unified Customer Voice Portal (CVP), its NX-OS Software, and its Email Security Appliance (ESA).

Blender 3D open source platform plagued with arbitrary code vulnerabilities

Cisco Talos researchers identified multiple unpatched vulnerabilities in the Blender Open Source 3D creation suite that could allow an attacker to run arbitrary code.

Survey: Most security pros aim to patch vulnerabilities within 30 days

High-profile cyber-security incidents continue to appear due to the mistake of companies not applying patches to known vulnerabilities according to Tripwire research.

Apple issues Spectre patches for macOS High Sierra, Safari and iOS

Apple followed up on its promise last week and rolled out updates for macOS High Sierra, Safari and iOS to patch the Spectre vulnerabilities CVE-2017-5753 and CVE-2017-5715 in Intel's processor family.

Vulnerabilities including remote execution spotted in WDMyCloud products

A GulfTech researcher spotted multiple vulnerabilities In Western Digital's MyCloud products, some of which could lead to remote code execution and unauthorised access.

Attackers exploit old WordPress to inject code enabling site redirection

Attackers exploited an old WordPress vulnerability to infect more than one thousand websites with malware capable of injecting malvertising and even creating a rogue admin user with full access privileges, according to researchers.

Apple addresses KRACK exploits in AirPort Base Station firmware

Apple has continued to roll out patches to fix the KRACK (Key Reinstallation AttaCKs) series of vulnerabilities, this time in its AirPort Base Station firmware.

TLS implementation bug put millions at risk

A critical security bug put millions of banking app users at risk, according to researchers from the University of Birmingham.

Android Flaw could enable hackers to modify code without signature change

A serious vulnerability in Android could put millions of devices at risk from attackers modifying code in applications without affecting their signatures.

Apple releases security updates for multiple products

Apple released security updates to patch vulnerabilities in its iOS, mac OS, tvOS and watchOS platforms, some of which could have been used to remotely exploit the affected devices.

LinkedIn access down across much of the globe, encryption down for others

Yesterday large parts of the world were without their LinkedIn accounts due to an SSL certificate expiry and those that were able to login were browsing without encryption, meaning all of their data was potentially at risk.

Cisco patches multiple vulnerabilities in WebEx platforms

Cisco released patches for multiple vulnerabilities in its WebEx Recording Format and Advanced Recoding Format Players to address vulnerabilities.

'Golden Ticket' SAML attack vector puts cloud apps at risk

New Golden Ticket technique could allow hackers to authenticate themselves with cloud services and enable any level of privilege.

Securing the vulnerabilities of remotely working

CIOs and security professionals need to ensure that company security policies are established and enforced, whether employees access company sensitive data from home offices, public Wi-Fi networks or hotels says Gerald Beuchelt.

UK University fails to learn - UEA, a data breach repeat offender

The UEA has suffered another data breach; an email was sent to about 300 students in the social science faculty which included the personal health information of a member of staff, in a repeat use of a flaw not fixed previously.

Artificial intelligence can fool Captcha security more than half the time

Scientists use vision algorithms to sidestep security systems and machine-read CAPTCHA security words like a human.

20% of Manchester police computers at risk of ransomware - using XP

Some 20 percent of Greater Manchester Police's computers are at risk of a ransomware hack due to still running Windows XP, according to research from Top10VPN.com