Cybersecurity Vulnerabilities news & analysis | SC Media

Vulnerabilities News and Analyis

Have I Been Pwned code base goes open source as it expands

After a failed attempt at a sale, Have I Been Pwned (HIBP) founder Troy Hunt decided to open source the code base for the sprawling database, which has become unwieldy for his singular stewardship. Hunt said the HIPB website, which since 2013 has allowed internet users to check if their data has been compromised and…

Adobe eliminates 11 critical bugs in Acrobat, Reader

For the August edition of Patch Tuesday, Adobe Systems today supplied fixes for 26 vulnerabilities — 11 critical — in Acrobat and Reader and one in its image organization and manipulation software Lightroom Classic. Nine of the 11 critical flaws can result in arbitrary code execution. Two are caused by out-of-bounds write conditions (CVE-2020-9693, CVE-2020-9694), five are…

Adobe mends critical code execution flaws in Magento

Adobe this week released a security update fixing four vulnerabilities – two critical – in its Magento Commerce 2 and Magento Open Source 2 e-commerce platforms. The two most significant bugs are identified as a path traversal flaw (CVE-2020-9689) and a Security Mitigation bypass (CVE-2020-9692), both of which can result in arbitrary code execution. The first issue is credited was reported by…

Linux

‘Boothole’ threatens billions of Linux, Windows devices

A newly discovered serious vulnerability – dubbed “BootHole” – with a CVSS rating of 8.2 could unleash attacks that could gain total control of billions of Linux and Windows devices. Security firm Eclypsium researchers released details today about how the flaw can take over nearly any device’s boot process. The majority of laptops, desktops, servers,…

Hackers could exploit iDRAC flaw to control EMC PowerEdge servers

Dell issued a patch for a path traversal vulnerability found in the Integrated Dell Remote Access Controller (iDRAC) that could allow criminals to obtain full control of server operations. The vulnerability scored a CVSS rating of 7.1. iDRAC was designed for secure local and remote server management to help IT administrators deploy, update and monitor…

Critical VPN vulnerabilities pose danger to OT networks

The VPN approach for remote security may not be as secure as previously believed, new research has found. That’s particularly troubling, which is especially unfortunate given on the work-at-home reality brought on by COVID-19, according to a blog post from Claroty. Remote code execution (RCE) vulnerabilities affecting VPN implementations primarily used to provide remote access…

Cisco patches severe traversal vulnerability exploited in wild

Cisco is urging organizations to implement its patch for a high severity directory traversal vulnerability that affected the web services interface of the Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software firewall products and which is being actively exploited in the wild. The vulnerability, CVE-2020-3452, stems from the “lack of…

Apple Store

Apple to send research phones to trusted hackers

Apple on Wednesday officially launched its iOS Security Research Device (SRD) program — a significant milestone for the white-hat hacker community, which has made significant strides in recent years gaining the trust of software developers, tech manufacturers and website operators that previously were reluctant to work with outsiders on security issues. Under the terms of…

Adobe fixes 12 critical bugs in second round of July patches

Just one week after issuing its last batch of patches, Adobe Systems has issued additional security updates fixing 13 vulnerabilities, 12 of them critical out-of-bounds read or write flaws that can lead to arbitrary code execution in either Prelude, Photoshop or Bridge. One additional bug of “important” severity was all located in Mobile Reader, for…

Next post in Vulnerabilities