Cybersecurity Vulnerabilities news & analysis | SC Media Vulnerabilities

Vulnerabilities News and Analyis

Citrix fixes bug used in ransomware attacks; Auto maker GEDIA falls victim to exploit

Citrix over the last six days has been releasing firmware updates to fix CVE-2019-19781, a critical remote code execution vulnerability in its Citrix Application Delivery Controller, Citrix Gateway and SD-WAN WANOP products, which cybercriminals have actively exploited in an attempt to deliver ransomware, backdoors and coin miners. The Fort Lauderdale, Fla.-based software company has now…

Samba issues patches for three vulnerabilities

Samba released security updates patching three issues CVE-2019-14902, CVE-2019-14907, and CVE-2019-19344. The medium-rated CVE-2019-14902 fixes a problem where a newly delegated right, but more importantly the removal of a previously delegated right, would not be inherited on any domain controller other than the one where the change was made. This means if a user had…

Microsoft warns attackers are exploiting zero day in IE scripting engine

Hackers are actively exploiting a zero day vulnerability in Internet Explorer, prompting a warning from the Department of Homeland Security (DHS) Cybersecurity & Infrastructure Security Agency (CISA). “Microsoft is aware of limited targeted attacks” in a remote code execution (RCE) vulnerability [CVE-2020-0674] in the scripting engine of Internet Explorer across all versions of Windows that…

Travelex recovering from ransomware, but more firms at risk of VPN exploit

Beleaguered foreign currency exchange company Travelex confirmed on Friday that the first of its U.K.-based customer-facing systems were back up and running after the New Year’s Eve discovery of Sodinokibi ransomware on its network prompted a shutdown of key systems. Meanwhile, a worrisome report revealed that dozens of major U.S. organizations and businesses have also failed…

Report: FBI issues alert after two municipalities hacked via SharePoint

The FBI this month reportedly issued an alert to its private industry partners, warning that a probable nation-state hacking group had recently compromised the networks of two U.S. municipalities via unpatched, vulnerable Microsoft SharePoint servers. According to the report, from ZDNet, the flaw the hackers reportedly abused was CVE-2019-0604, a remote code execution bug caused by…

Army cyber troops

Army (websites) defeated, but for the greater good

Normally the U.S. Army would not tout the success of an attacker, but in the case of Hack the Army 2.0 bug bounty program the service proudly announced 146 vulnerabilities were found. The platoon-sized unit of white hat hackers, 52 individuals, found the valid vulnerabilities while investigating 60 publicly accessible Army websites, including army.mil, .goarmy.mil,…

VMware advisory warns users to patch critical issue in product

VMWare updates Tools fixing race condition

VMWare issued a single security advisory and patch for a vulnerability in its Tools product. The flaw, CVE-2020-3941, affects VMware Tools for Windows version 10.x.y and can be mitigated by updating to version 11.0. The vulnerability, rated as important, is a race condition that can be exploited enabling an unauthorized person from escalating their privileges…

Intel patches six security issues

Intel’s January 2020 security update included six items with one rated high, four medium and one as a low priority. The most important vulnerability is CVE-2019-14613 affecting Intel’s VTune Amplifier for Windows and if left unpatched and exploited can allow escalation of privilege. An update fixing the problem has been posted. The medium CVE-2019-14615 affects…

Adobe rolls out a light Patch Tuesday offering

Adobe’s January Patch Tuesday security update contains five critical patches for Illustrator CC and four non-critical vulnerabilities for Adobe Experience Manager. Two versions of Illustrator CC are covered in this release, 24.0 and 24.0.2 24.0, being impacted by the critical-rated CVE-2020-3710, CVE-2020-3711, CVE-2020-3712, CVE-2020-3713 and CVE-2020-3714.  All are memory code issues and can lead to…

National Security Agency

NSA reveals to Microsoft critical Windows 10 flaw

Microsoft reportedly acted on an NSA warning creating and issuing a secret out-of-band patch to the military and other high-value targets fixing CVE-2020-0601, a vulnerability affecting a core cryptographic component present in all versions of Windows. Published reports stated that the NSA informed Microsoft of the vulnerability and this knowledge enabled Microsoft to quickly fix…

Next post in Vulnerabilities