Cybersecurity Vulnerabilities news & analysis | SC Media

Vulnerabilities News and Analyis

Microsoft, oracle, cybersecurity

Microsoft, Oracle release security updates

Microsoft and Oracle issued security updates with Redmond, Wash., company patching a single issue in Windows Defender Application Control while Oracle’s update covered over 100 products and dozens of vulnerabilities. The issue with Windows Defender, CVE-2019-1167, if exploited would allow an attacker to circumvent PowerShell Core Constrained Language Mode on the machine. However, Microsoft noted…

Lucky break: Cracked windshield helps hacker find bug in Tesla

Hackers typically crack software, but web application security researcher Sam Curry quite literally cracked his Tesla Model 3 and discovered a vulnerability that earned him a hefty reward from the car maker’s bug bounty program. After a rock bounced up and damaged the windshield of Curry’s very own Model 3, the seemingly unlucky happenstance actually…

Dire straights: Glamoriser smart hair straighteners susceptible to hacking, warn researchers

Here’s some news that might curl your hair: A pen testing firm has disclosed a vulnerability in the Glamoriser smart hair straightener that could allow attackers to easy gain control of the device and perhaps create a fire hazard. The problem involves the Bluetooth Low Energy connection that the straightener uses to communicate with mobile…

Atlassian issues critical alert for Jira Server

Atlassian issued a critical security advisory for several programs used in conjunction with the company’s Jira server and Data Center products. The vulnerability, CVE-2019-11581, affects Jira Software, Jira Core, and Jira Service Desk, however, Jira Cloud customers are not affected. The server-side template injection vulnerability was introduced in version 4.4.0 of Jira Server and Data…

Researcher finds malware in USG Sony Chip HD 6 Camera surveillance kit.

Zoom finally patches video vulnerability months after discovery

Zoom finally released patches for two long-ago reported vulnerabilities in their platform including one which allow malicious websites to enable your camera without permission exposing up to 750,000 companies around the world.  Software Engineer Jonathan Leitschuh discovered two vulnerabilities in the Mac Zoom Client back in March 2019 including a Denial of Service (DOS) Vulnerability, CVE-2019–13449,…

Juniper Networks patches dozens of vulnerabilities

Juniper Networks issued 11 security alerts, two critical, five high and four medium, for a large number of vulnerabilities across a several product lines. The critical issues cover Steel Belted Radius Carrier Edition and Junos Space. The former product contains 21 CVEs and affects Steel Belted Radius Carrier Edition 8.4R14 on RHEL6 (32-bit), RHEL6 (64-bit),…

Cisco releases updates for DoS vulnerability

Cisco released security updates for a “high” rated vulnerability in its Adaptive Security Appliance Software and Firepower Threat Defense Software products that could allow a remote attacker to cause a denial-of-service condition The vulnerability, CVE-2019-1873, is in the cryptographic driver of the products, according to a July 10 security update. The bug is due to incomplete…

Over and out: Apple temporarily disables Walkie Talkie app after bug discovery

And that’s a big “10-7” (radio lingo for “out of service”) for the Apple Watch Walkie Talkie app after the company reportedly disabled the feature following the discovery of a security vulnerability that could allow eavesdropping on iPhones. According to TechCrunch, Apple learned of the problem through a disclosure on its “report a vulnerability” portal.…

Intel releases updates for Processor Diagnostic tool and SSD DC S4500/S4600 Series

Intel released updates and security advisories  for its Processor Diagnostic Tool and its SSD DC S4500/S4600 Series products, including a high severity flaw in the Processor Diagnostic Tool that could allow the escalation of privilege, denial of service and information disclosure.  “Improper access control in the Intel Processor Diagnostic Tool before version 4.1.2.24 may allow…

Next post in Vulnerabilities