Robert Abel SC Media

Robert Abel

Content Coordinator/Reporter

Most recent articles by Robert Abel

Bird Miner cryptominer targets Macs, emulates Linux

A new cryptominer, dubbed Bird Miner, has been spotted in the wild targeting Mac devices and running via Linux emulation under the guise of a production software tool. Malwarebytes researchers described Bird Miner as “somewhat stealthy” due to its instructions to bail out at multiple points if Activity Monitor is running and because of its…

Dell SupportAssist bug leaves millions of PCs vulnerable

A vulnerability in Dell’s SupportAssist software, a software designed to protect users from vulnerabilities, has left millions of PCs vulnerable to remote takeover.  SafeBreach security researchers discovered the high-severity vulnerability (CVE-2019-12280) which stems from a component in SupportAssist, which checks the health of system hardware and software and requires high permissions, according to a June…

Apache advisory addresses incomplete Tomcat update

Apache released a security advisory for Apache Tomcat to address a vulnerability, CVE-2019-10072, which could allow an attacker to cause a denial-of-service condition. The issue was caused by an incomplete fix for the CVE-2019-019 vulnerability that did not address the  window exhaustion on write. “By not sending WINDOW_UPDATE messages for the connection window (stream 0)…

Palo Alto’s Unit 42 discovered 10 ‘Important’ Microsoft bugs

Palo Alto’s Unit 42 researchers discovered 10 new Microsoft vulnerabilities all of which had a Maximum Severity Rating of “Important.” “The severity of the vulnerabilities discovered were all rated ‘Important,’” according to a June 20 blog post, which said that one vulnerability had been addressed in the June 2019 Microsoft Security Response Center (MSRC) update…

Oracle addresses vulnerabilities with 154 security fixes

Oracle releases second WebLogic Server patch in two months

Oracle released an out-of-band patch for a WebLogic Server Deserialization vulnerability which could allow an unauthenticated attacker to remotely exploit and gain remote code execution (RCE) ability on vulnerable systems. The vulnerability, CVE-2019-2729, affected Oracle WebLogic Server, versions 10.3.6.0.0, 12.1.3.0.0, and 12.2.1.3.0, and can be exploited over a network without the need for a username…

Cisco announced 26 vulnerabilities in over the last two days, three critical

Cisco announced 26 vulnerabilities in over the last two days, including two critical flaws affecting core equipment that could grant attackers an avenue into networks. The vulnerabilities CVE-2019-1625 and CVE-2019-1848  were a Cisco SD-WAN Solution privilege escalation vulnerability and a Cisco DNA Center authentication bypass vulnerability, respectively. The privilege escalation vulnerability, CVE-2019-1625,  is caused by…

Script fails, thousands of Mozilla developer emails and passwords possibly exposed

Firefox updates address takeover vulnerability

Mozilla released security updates to address a vulnerability in Firefox and Firefox ESR that could allow attackers to take control of an affected system. The vulnerability is rated critical and is actively being exploited in the wild. Mozilla called it “a type confusion vulnerability” that occurs when manipulating JavaScript objects due to issues in Array.pop.…

Samba security updates address Samba flaws that could be used to execute DoS attacks

The Samba Team has released security updates to address vulnerabilities in Samba 4.9 and all versions of Samba from 4.10 onward, which, if exploited, could be used to prompt a denial-of-service (DoS) attack. One vulnerability affecting the free software platform is a DoS in DNS management server bug,which could allow an authenticated user to crash…

Next post in Vulnerabilities