Security Vulnerabilities news & analysis | SC Media

Vulnerabilities

Report: Microsoft misses disclosure deadline to patch RCE bug in JET

By

Trend Micro’s Zero Day Initiative (ZDI) team disclosed a still-unpatched remote code execution vulnerability in Microsoft’s JET Database Engine yesterday, claiming the software giant failed to fix the flaw within its 120-day disclosure window. Discovered by Trend Micro researcher Lucas Leong, the zero-day bug is an out-of-bounds write issue pertaining to the management of indexes within…

RussiaHack

Russian MagBo black market offers access to 3000 breached sites

By

Flashpoint researchers discovered a Russian speaking underground market place named “Magbo” selling access to approximately 3,000 breached sites for as little as 50 cents. The site allowed cybercriminals to purchase the exact breach they need depending on the website value with prices as low as 50 cents per access to $1,000 per access, depending on…

Adobe Utah facility

Adobe releases surprise update week after Patch Tuesday

By

Adobe has released a set of security updates for Adobe Acrobat and Reader for Windows and MacOS to address several critical and important vulnerabilities that could lead to arbitrary code execution in the context of the current user. Acrobat DC (Continuous), Acrobat Reader DC (Continuous), Acrobat 2017 (Classic 2017), Acrobat Reader 2017 (Classic 2017), Acrobat DC (Classic 2015) and…

applePatch

Apple issues updates for multiple operating systems, Safari browser

By

Apple yesterday released software updates for five of its offerings: Safari, ioS, watchOS, tvOS and Apple Support for iOS. The company fixed three vulnerabilities in Safari 12: a logic issue that could enable a malicious website to exfiltrate autofilled data (CVE-2018-4307), an error that prevents users from deleting their browsing history if their visits involved…

ZeroDay

Zero day found in NUUO video software allowing camera takeover

By

Multiple vulnerabilities, including a zero-day, have been uncovered in NUUO NVRMini2 video software that, if exploited, could expose thousands of surveillance cameras to remote code execution, allowing the video feed to be viewed and altered by unauthorized people. Tenable recommends those affected to update to NUUO NVRMini2 v. 3.9.1. The flaws, dubbed Peekaboo, were discovered by…

Criminals fuse Zeus, Carberp code for more sinister trojan

New cold-boot attacks allow stolen encryption keys and more

By

F-Secure researchers have developed a new tool to carry out cold boot attacks which could allow attackers to steal encryption keys and other sensitive information from devices left in sleep mode. The firm’s Principal Security Consultant Olle Segerdahl and his fellow cybersecurity consultant Pasi Saarinen developed an attack to bypass BIOS mitigations by exploiting a…

AppleMalware2

Apple’s Safari and Microsoft’s Edge browsers contain spoofing bug

By

Apple’s Safari and Microsoft’s Edge browser users are vulnerable to a bug that would allow attackers to spoof website addresses. Independent security researcher Rafay Baloch spotted the vulnerability that could allow JavaScript to update the address bar while the page was still loading effectively causing the browser to display the intended address while loading content from…

Google’s desktop update for Chrome squashes two bugs

By

Google yesterday updated the its browser for Windows, Mac and Linux machines, fixing two vulnerabilities, including one considered high in severity. In a blog post, Google described the more serious bug as a “function signature mismatch” in WebAssembly binary language. The vulnerability has yet to be assigned a CVE number, but it did manage to…

September Patch Tuesday: Adobe patches seven critical vulnerabilities

By

Adobe’s September Patch Tuesday offering included a security update fixing an important rated update to Flash Player, along with a total of nine fixes for Cold Fusion six of which were rated critical. The Flash Player issue, CVE-2018-15967, fixes a privilege escalation vulnerability that if exploite could lead to information disclosure, Adobe reported. It impacts…

Next post in News