Cybersecurity Vulnerabilities news & analysis | SC Media

Vulnerabilities News and Analyis

April Microsoft Patch Tuesday addresses two actively exploited zero-days

By

Microsoft April 2019 Patch Tuesday’s release included fixes for 74 vulnerabilities, 15 of which were classified as critical and most of which affect the Windows operating system itself and two actively exploited vulnerabilities. The actively exploited vulnerabilities included two Win32K Elevation of Privilege vulnerabilities on of which was discovered by the Alibaba Cloud Intelligence Security…

Adobe Utah facility

April Adobe Patch Tuesday addresses several critical flaws in Flash, Acrobat and more

By

Adobe released security updates for 15 of its products including Adobe Acrobat and Reader for Windows and macOS to address critical and important vulnerabilities which could lead to arbitrary code execution or worse, in this month’s Patch Tuesday updates. The patches include critical updates for multiple versions of Adobe Acrobat, Flash Player, Shockwave and InDesign…

Security update removes hard-coded credentials from MyCar Controls app

By

Motor vehicle technology and equipment provider AutoMobility Distribution Inc. has updated its MyCar Controls telematics mobile application for iOS and Android in order to eliminate the use of insecure hard-coded credentials. The MyCar app offers geolocation services as well as remote start/stop and lock/unlock capabilities to vehicles that come with a compatible remote start unit.…

patch flaw vulnerability

Samba updates eliminate pair of vulnerabilities

By

The development team behind Samba issued software updates yesterday in order to patch a pair of vulnerabilities in the free re-implementation of the SMB networking protocol. The first vulnerability, CVE-2019-3870, occurs in Samba versions 4.9.x upon the provisioning of a new Active Directory domain controller. During this process, some files in the private/ directory are…

Critical vulnerability found in Duplicate-Page’s WordPress Plugin

By

A critical SQL injection/ PHP Object Injection  vulnerability in Duplicate-Page’s WordPress Plugin can allow attackers to steal sensitive user information. The vulnerability was given a DREAD score of 8.4 for being exploitable by any user with an account on the vulnerable site regardless of privileges and is easy to exploit, Sucuri researchers said in an…

Cisco fixes previously issued flawed patches for routers

By

Cisco fixed two flawed patches for its RV320 and RV325 small business routers, while also revealing two medium-rated additional vulnerabilities. The previously patched vulnerabilities, CVE-2019-1652 and CVE-2019-1653, were improperly patched in September 2018. If it is exploited a remote attacker would be able to inject and run admin commands on a device without a password…

Xiaomi devices came with vulnerability baked into its pre installed security app

By

A preinstalled mobile security app on Xiaomi left user devices more vulnerable than protected, researchers said. Check Point researchers discovered a vulnerability in Xiaomi phones’ “Guard Provider app” that could expose users to attacks caused by the unsecured nature of network traffic to and from the app and the use of multiple SDKs within the…

Critical vulnerability in Apache HTTP Server patched

By

A critical vulnerability in Apache HTTP Server that if exploited could allow an attacker to gain full root control has been patched. The cause, dubbed Carpe Diem by the researcher who discovered it Ambionics engineer Charles Fol, affects Apache HTTP Server versions 2.4.17 to 2.4.38. The vulnerability, CVE-2019-0211, is a privilege escalation issue that happens…

VMware issues critical-rated security updates

By

VMware has issued updates to fix two security issues the company rated as critical, one of which could lead to a remote session hijacking if exploited. The hijacking issue, CVE-2019-5523, was in VMware vCloud Director for Service Providers resolves a remote session hijack vulnerability in the Tenant and Provider Portals. The problem attacker could access…

Next post in Vulnerabilities