Cybersecurity Vulnerabilities news & analysis | SC Media Vulnerabilities

Vulnerabilities News and Analyis

Cable Haunt RCE vulnerability exposes millions of modems to exploitation

Researchers have disclosed the discovery of a critical remote code execution vulnerability in millions of Broadcom cable modems, including about 200 million in Europe alone. Named Cable Haunt, the flaw consists of a combination of “lack of proper authorization of the web-socket client, default credentials and a programming error in the spectrum analyzer” component of…

Mozilla patches exploited zero-day flaw in Firefox

The Mozilla Foundation yesterday issued a security update for Firefox and Firefox Extended Support Release, which were found to contain an actively exploited, critical vulnerability in the IonMonkey JIT compiler. “Incorrect alias information in IonMonkey JIT compiler for setting array elements could lead to a type confusion,” reads an official advisory posted by Mozilla, citing…

Cisco patches multiple vulnerabilities

Cisco released 14 security advisories on January 8 with two being rated as having a potentially high impact and the remainder listed as medium issues. The two rated high are CVE-2019-16005 and CVE-2019-16009. The first is a Cisco Webex video mesh node comm and injection vulnerability that if exploited could allow an authenticated, remote attacker…

Google reportedly suspends integrations with Xiaomi smart camera due to software bug

Google this month reportedly suspended its integrations with Xiaomi-manufactured Internet of Things devices, after one user’s Xiaomi smart camera began showing images from strangers’ homes while the content was being streamed to a Google Nest Hub. As of Jan. 6, Google has restored all of its Assistant devices’ integrations with Xiaomi products, except for the…

Cisco repairs 12 bugs in its Data Center Network Manager

Cisco Systems this month issued six security advisories disclosing a total of 12 vulnerabilities the Data Center Network Manager, three of them critical. Designated CVE-2019-15975, CVE-2019-15976 and CVE-2019-15977, the three most serious flaws could enable unauthenticated, remote attackers to bypass authentication measures and execute malicious actions with admin-level privileges. Collectively, the trio of vulnerabilities were…

Cisco ASA and Firepower Appliance seeing increased attacks

Cisco Talos is reporting on a vulnerability in the company’s Cisco Adaptive Security Appliance (ASA) and Firepower Appliance that is being openly exploited. The issue, CVE-2018-0296, is a denial-of-service and information disclosure directory traversal bug in the web framework of the appliance. Using a specially crafted URL an attacker could cause the ASA appliance to…

Two information-disclosing bugs found in Twitter Android

In the span of five days, reports of two Twitter Android app vulnerabilities have surfaced: one that could cause attackers to view nonpublic account information or control accounts, and another that reportedly allowed a researcher to look up details on 17 million accounts. In a Dec. 20 blog post, Twitter noted that it issued an…

Citrix vulnerability places 80,000 companies at risk

Vulnerabilities have been uncovered in two Citrix platforms that, if exploited, could give an attacker direct access to a company’s local network, potentially affecting thousands of organizations. The flaws were found in NetScaler Application Delivery Controller and NetScaler Gateway by Positive Technologies researcher Mikhail Klyuchnikov, who believes about 80,000 companies in 158 countries are at…

Drupal’s Archive Tar patches multiple crititical vulnerabilities

Drupal Core announced multiple critical vulnerabilities that impact some of its configurations for versions: 8.8.x-dev, 8.7.x-dev, and 7.x-dev. The Drupal project uses the third-party library Archive_Tar, which released a security update – SA-CORE-2019-012, according to a Dec. 18 advisory. Multiple vulnerabilities are possible if Drupal is configured to allow .tar, .tar.gz, .bz2 or .tlz file uploads and processes them. The latest versions…

Microsoft issues an advisory for a SharePoint vulnerability

Microsoft issued an out of band security advisory for an information disclosure vulnerability in SharePoint Server. The issue, CVE-2019-1491, is has an “important” severity rating and affects SharePoint Enterprise Server 2016, SharePoint Foundation 2010 Pack 2, SharePoint Foundation 2013 Pack 1 and SharePoint Server 2019. If exploited the vulnerability could allow unauthorized file system access…

Next post in Vulnerabilities