Cybersecurity Vulnerabilities news & analysis | SC Media

Vulnerabilities News and Analyis

Chrome security issues addressed with Stable channel update

Google updated its Chrome Stable channel to version 77.0.3865.90 for Windows, Mac, and Linux to implement four security fixes, one rated critical and three high. The critical CVE-2019-13685 covers a use-after-free in UI issue; CVE-2019-13688 (high) deals with a use-after-free in media; CVE-2019-13687 (high) a use-after-free in media and CVE-2019-13686 (high) a use-after-free in offline…

Patches issued for VMware’s vSphere ESXi, VMware vCenter Server

VMware issued a security advisory containing several security updates for its vSphere ESXi and VMware vCenter Server products to patch command injection and information disclosure vulnerabilities. Two of the vulnerabilities, CVE-2019-5532 and CVE-2019-5534, are rated as “important” with CVE-2017-16544 and CVE-2019-5531 considered “moderate” issues, VMware reported. CVE-2019-5534 covers an issue where virtual machines deployed in…

Instagram fixed after researcher finds way to link account info to PII

Facebook has repaired a vulnerability in its Instagram social media platform, after a researcher found that it could be exploited to link users’ phone numbers to their account numbers, usernames and actual names. With the help a brute-force algorithm and a network of bots, malicious actors could have leveraged the flaw to bypass data security…

Intel releases medium and low-rated security advisories

Intel posted two security advisories for its Easy Streaming Wizard (CVE-2019-11166) and Data Direct I/O Technology (DDIO) and Remote Direct Memory Access (RDMA). A potential escalation of privileges vulnerability, rated as a medium threat, exists with Easy Streaming Wizard on versions before 2.1.0731 due to improper file permissions in the installer. Intel plans on issuing…

Flaws in Imperial, Dabman web radios could lead to full compromise

Researchers have disclosed a pair of vulnerabilities in multiple Imperial and Dabman-branded web radios that could allow malicious actors to remotely compromise the IoT devices. Telestar Digital GmbH, the company that manufacturers the web radios, has patched both problems, according to a security advisory yesterday from Vulnerability Lab, whose researchers made the discovery. Several reports…

A great deal of web apps are vulnerable to SQL injection attacks according to Netsparker

Apps vulnerable to SQL injection by way of virtual assistant verbal commands

Malicious hackers can use verbal commands to perform SQL injections on web-based applications run by virtual assistants such as Amazon’s Alexa, researchers say. “Leveraging voice-command SQL injection techniques, hackers can give simple commands utilizing voice text translations to gain access to applications and breach sensitive account information,” reports Baltimore, Maryland-based Protego Labs, in a blog…

Microsoft Patch Tuesday: Two zero days and 17 critical vulnerabilities addressed

Microsoft’s September Patch Tuesday offering contained 80 updates with 17 being rated critical including taking care of two zero days actively exploited in the wild. Overall, 57 CVEs were issued for Windows 10 and 29 CVEs for the older Microsoft operating systems and Office and SharePoint also received some updates. CVE-2019-1214 and CVE-2019-1215 are zero…

Flash Player patches headline Adobe Patch Tuesday releases

Adobe’s September Patch Tuesday releases included two “critical” Flash Player updates along with a single “important “one for Adobe Application Manager (Installer). The Flash patches are for Adobe Flash Player Desktop Runtime, for Google Chrome and for Microsoft Edge and Internet Explorer 11 fixing the arbitrary code execution vulnerabilities covered by CVE-2019-8070 (use after free)…

Next post in Vulnerabilities