Cybersecurity Vulnerabilities news & analysis | SC Media

Vulnerabilities News and Analyis

CERT/CC issues warning for Microsoft Exchange 2013

By

The CERT Coordination Center (CERT/CC) has issued a vulnerability note for versions of Microsoft Exchange 2013 and newer for being vulnerable to NTLM relay attacks. The issue, for which there is no patch or viable solution, is due to a failure by the software to set signing and sealing flags on NTLM authentication traffic, which…

Attackers scanning unpatched Cisco small business routers after exploit code published

By

Cisco Systems last week issued security advisories for two dozen vulnerabilities, including two high-severity flaws in its Small Business RV320 and RV325 dual gigabit WAN VPN routers, which attackers are reportedly already trying to exploit with published proof-of-concept code. Device owners are advised to immediately download Cisco’s patches for the two exploited flaws, both of…

RCE flaw found in firmware of commonly used Wi-Fi chipset

By

ThreadX, a real-time operating system (RTOS) that serves as firmware for the Marvell Avastar Wi-Fi chipset, contains a major vulnerability that can enable remote code execution on affected systems, a researcher has reported. Product lines that use Marvell Avastar and thus are potentially endangered by the vulnerability include the Sony PlayStation 4 and Xbox One…

Adobe releases third update in less than a month

By

Adobe today announced security updates for its vulnerabilities in its Experience Manager product that could result in sensitive information disclosure. The updates address a Moderate rated reflected cross-site scripting vulnerability and an Important rated stored cross-site scripting vulnerability in Adobe Experience Manager version 6.0 through version 6.4 across all platforms, according to a Jan. 22…

Critical vulnerability issued for Cisco switches

By

Cisco has revealed a critical-rated vulnerability in its small business switches software that if exploited can allow a remote attacker to bypass the device’s user authentication mechanism. The vulnerability in version 1.4.9.04 of the Cisco software exists because under specific circumstances, the affected software enables a privileged user account without notifying administrators of the system.…

Drupal patches two critical security issues

By

Drupal released two critical security updates that if exploited could allow an attacker to take control of an affected system. The patches are for Drupal versions 7.x, 8.5.x, and 8.6.x and can be rectified by updating to Drupal 7.62, 8.5.9 or 8.6.6. The first critical vulnerability, CVE-2018-1000888, and has to do with a third-party component…

Fixed Fortnite flaws could have enabled account takeovers

By

A series of vulnerabilities in the hugely popular online survival game Fortnite could have allowed malicious actors to take over players’ accounts, prompting developer Epic Games to fix the issues before a major incident transpired, according to researchers who discovered the program. Had the flaws been exploited, attackers could have victimized gamers by viewing their…

Next post in Vulnerabilities