Cybersecurity Vulnerabilities news & analysis | SC Media

Vulnerabilities News and Analyis

Facebook patches denial-of-service flaw in its open-source Fizz TLS implementation

By

Facebook last month patched a critical denial-of-service vulnerability in Fizz, its open-source implementation for Transport Layer Security protocol TLS 1.3, researchers have reported. Unauthenticated remote attackers could exploit the flaw to create an “infinite loop,” causing the web service to be unavailable for other users and thus disrupting service, according to a March 19 blog…

firewall_1208675

11 security patches released in CUJO Smart Firewall platform

By

Cisco Talos researchers discovered 11 vulnerabilities in the CUJO Smart Firewall platform which could allow an attacker to ultimately take control of a device by either executing arbitrary code or by uploading and executing unsigned kernels on affected systems. Researchers found the Firewall was vulnerable to remote code execution, local code execution, smartphone app code…

Mozilla’s latest Firefox releases fix 22 vulnerabilities

By

The Mozilla Foundation yesterday issued version 66 of Firefox and 60.6 of Firefox Extended Support Release (ESR), in the process patching 22 vulnerabilities between them, five of them critical. Four of the five most severe flaws were found in both the standard and ESR versions of the web browser. This includes CVE-2019-9790, a use-after-free vulnerability…

Google Photos bug leaked location history

By

Imperva Researchers recently patched a vulnerability in Google Photos that could allow threat actors to track a user’s location history. By exploiting the flaw and using a little social engineering, malicious websites could have exposed when Google Photos were taken, according to the report. Imperva researcher Ron Masas used an HTML link tag to create…

keyboard

Fujitsu wireless keyboard vulnerable to keystroke injection attack

By

A German security researcher has discovered and released information on a flaw in an otherwise secure wireless keyboard that could allow an attacker to inject keystrokes and take over a computer. Mathias Deeg with SySS in October found a flaw, CVE-2019-9835, in Fujitsu’s Wireless Keyboard Set LX901’s receiver that allows it to receive an act…

Hack U: Ariana Grande file is one of 100+ ways attackers are exploiting WinRAR bug

By

Researchers from McAfee have observed more than 100 different exploits for a now-patched 19-year-old remote code execution vulnerability in the WinRAR compression tool ever since the path traversal bug was disclosed last month. One of the more unique exploit attempts to infect unpatched victims with malware using a bootlegged copy of Ariana Grande’s “Thank U,…

Beto O’Rourke was teen hacker in Cult of the Dead Cow

By

Democrat Beto O’Rourke, who just raked in $6.1 million in campaign donations in the first 24 hours after kicking off his presidential bid, as a teenager was a member of the Cult of the Dead Cow, an old (relatively speaking) and well-known hacking group, whose activities compelled Microsoft to boost the security of Windows. There’s…

VMware security advisories issued

By

VMware issued security advisories for VMware Workstation Pro/Player and VMware Horizon. The two vulnerabilities in VMware Workstation Pro/Player (workstation), CVE-2019-5511 and CVE-2019-5512, are rated important and concern elevation of privilege issues. The organization said workstation does not handle paths and COM paths appropriately and a successful exploitation of this issue may allow the path to…

HHS CISO discusses new threat briefings and alerts for health industry

HHS operating divisions must improve security controls: OIG report

By

The U.S. Department of Health and Human Services must improve network security controls at its eight operating divisions (OPDIVs) and fix a series of vulnerabilities discovered during an audit, according to a summary report issued earlier this month by the Office of Inspector General (OIS). The audit, conducted back in 2016 and 2017 by a…

Next post in Security News