Cybersecurity Vulnerabilities news & analysis | SC Media

Vulnerabilities News and Analyis

Flaws in SETracker watch app posed danger to dementia patients

Security researchers found flaws in a smart tracker that was aimed at the elderly, especially those with dementia or other cognitive issues. In research released late this week, Pen Test Partners found flaws in source code that the manufacturer posted publicly. Most of the watches use SETracker as a backend, an app owned by the…

Citrix, Juniper and VMware patch array of vulnerabilities

Citrix, Juniper and VMware issued a bevy of patches this week. For starters, the Citrix Security Bulletin CTX276688 addressed vulnerabilities in Citrix ADC (formerly known as NetScaler ADC), Citrix Gateway (formerly known as NetScaler Gateway), and Citrix SD-WAN WANOP appliance. According to CISA, a remote attacker could exploit some of these vulnerabilities to take control…

TaiwanUSB

USB a prevalent industrial vector vulnerability for OT systems

While the ubiquitous USB remains an integral tool to facilitate transferable computing, such removable media is the second most prevalent industrial vector vulnerability for operational technology (OT) systems, according to a Honeywell report. The company first studied the market in 2018, and since then the number of threats capable of disrupting OT rose from 26…

Credit card skimmer preyed on old ASP.NET-powered websites with shopping carts

A credit card-skimming scheme tracked since April and targeting at least a dozen websites – all hosted on Microsoft IIS servers running the ASP.NET web application framework – counts among its victims sports organizations, health and community associations, and a credit union. What they have also in common is that a malicious code was injected…

Cyber Command urges orgs to implement F5 patch for BIG-IP configuration interface flaw

A vulnerability found last month in the configuration interface of the BIG-IP delivery controller used by some of the world’s biggest companies, governments, military, internet service providers, cloud-computing data centers and enterprise networks, was quickly fixed by its developer F5. U.S. Cyber Command retweeted last Friday F5’s advisory to patch immediately the flaw that could…

Zero-day XSS vulnerability found in Cisco small business routers

A CyCognito research team conducting routine reconnaissance on a customer’s network found a cross-site scripting zero day (XSS) vulnerability on the web admin interface of two different small business Cisco routers. The finding was released in a blog that went live earlier today. Alex Zaslavsky, CyCognito’s head of security research, said they reported the flaw…

Microsoft issues two out-of-band patches for RCE flaws, one critical

In a pair of out-of-band updates, Microsoft patched RCE vulnerabilities, one rated critical, the other important. Microsoft said the two vulnerabilities, CVE-2020-1425 (critical) and CVE-2020-1457 (important), fixed prior to the company’s monthly Patch Tuesday updates, are not likely to be exploited. “To successfully exploit this vulnerability, an attacker would need to deliver a specially crafted image…

Triangle of network security management requires formalized process, Rodrigue says

Why do we care about cyber hygiene? For starters, security pros want to ensure operating effectiveness of basic controls and put in a system of checks and balances between processes. Companies also want to offer a foundation for more advanced technical security mechanisms, their effectiveness becomes limited otherwise. They also want to detect blind spots…

India surpasses U.S., others in number of ethical hackers: report

India’s ethical hackers now represent the biggest nationality within Bugcrowd’s network of security researchers, according to the firm’s annual report issued yesterday titled of “Inside the Mind of a Hacker.” The share of the country’s Bugcrowd survey respondents jumped 83 percent from 2019, putting India in first place ahead of the U.S., the vulnerability disclosure…

Next post in Security News