Cybersecurity Vulnerabilities news & analysis | SC Media

Vulnerabilities News and Analyis

VMware advisory warns users to patch critical issue in product

VMware patches five security vulnerabilities

VMware pushed out security updates covering five vulnerabilities that if exploited could lead to information disclosure or a denial of service situation. The important-rated vulnerabilities are CVE-2019-5540, CVE-2019-5541 and CVE-2019-5542 and impact VMware Workstation Pro / Player and VMware Fusion Pro/Fusion. CVE-2019-5541 covers an out-of-bounds write vulnerability in e1000e virtual network adapter that could lead…

System bug gives Facebook access to iPhone cameras

A bug in the latest version of iOS opens iPhone cameras as users peruse their Facebook feeds, letting the social media giant access the cameras. “We have seen no evidence of photos or videos being uploaded due to this bug,” a spokesman told the Guardian, confirming that glitch would let the Facebook app “navigate to…

Intel launches security blog, pushes security patches

Intel joined the Patch Tuesday crowd with a platform update that covered 77 vulnerabilities, two of which were rated critical. The chip maker noted the security updates in a new blog the company said it will use to disseminate security updates, bug bounty topics, new security research, and engagement activities within the security research community.…

Microsoft Patch Tuesday covers 13 critical vulnerabilities

Microsoft today issued updates covering 74 vulnerabilities, 13 critical, as part of its November Patch Tuesday roll out with two flaws, CVE-2019-1429 and CVE-2019-1457, catching the eye of several cybersecurity researchers as particularly important. CVE-2019-1429 is a scripting engine memory corruption vulnerability that has been exploited in the wild as a zero day. When exploited…

A light November Patch Tuesday for Adobe

Adobe’s November Patch Tuesday offering focused on several products not normally covered with its monthly security update, including Illustrator, Media Encoder and Animate. None of the patched vulnerabilities have been spotted in the wild. Illustrator CC 2019’s patch covered three vulnerabilities, CVE-2019-7962, CVE-2019-8247 and CVE-2019-8248 with the first being rated important and the last two…

Phishing emails spoof WebEx invites, abuse Cisco open redirect

That WebEx meeting invite you just received may actually be a phishing email that spreads the WarZone remote access trojan by abusing a Cisco open redirect. An open redirect is an app or website vulnerability — caused by improper authentication of URLs — that allows attackers to introduce their own URLs that route users or…

Bugcrowd breaks its weekly bounty payout record

For the first time in Bugcrowd’s seven-year history it paid out more than $500,000 in bounty fees to its white hats in a one-week period. For all of October more than 550 white-hat hacker working with Bugcrowd earned $1.6 million with the top recipient taking home $40,000. “As those on the Bugcrowd platform know, and…

Patched bug allows beaming of malicious apps to NFC-enabled Android devices

Google last month patched an Android bug that could allow attackers to transfer a malicious application to a nearby NFC-enabled device via the Android Beam feature, bypassing security mechanisms in the process. The vulnerability was discovered in early 2019 by the research team at Nightwatch Cybersecurity, which late last month published a company blog post…

breaches hurt stocks

Traders exploit ‘infinite money cheat code’ bug on Robinhood Markets system

Traders are exploiting a glitch in the Robinhood Markets Inc. system – referred to as an “infinite money cheat code” by users in the WallStreetBets forum on Reddit – to excessively tap borrowed funds to trade stocks. The Robinhood Markets system lets traders borrow money from the company or trade on margin for a $5-per-month…

Next post in Security News