Cybersecurity Vulnerabilities news & analysis | SC Media

Vulnerabilities News and Analyis

Microsoft issues out-of-band fix for leaked ‘EternalDarkness’ bug

Due to an apparent error in the Microsoft vulnerability disclosure process, news of an unpatched, critical Microsoft Server Message Block (SMB) vulnerability leaked to the public this past Patch Tuesday. In response to this occurrence, Microsoft today issued an out-of-band security update fixing the flaw. If exploited, the bug could result in a wormable remote…

Intel issues nine security advisories

Intel rolled out nine security advisories for a variety of components associated with its processors and graphics drivers, with four having a high severity rating and the remainder medium. The high-rated advisory for Intel graphics drivers contains 17 CVEs, which if left unpatched and exploited could lead to escalation of privilege, denial of service and…

Zero day found in Zoho One Desktop Central

Cloud software provider Zoho One has pushed out an update patching a zero-day vulnerability that could allow remote attackers to execute arbitrary code on affected installations of its ManageEngine Desktop Central product. The vulnerability, CVE-2020-10189, carries a CVSS rating of 9.8 and was discovered by security researcher Steven Seeley of Source Incite. In his advisory,…

Cisco fixes three high-level bugs, but a fourth remains unpatched

Cisco Systems this week issued disclosed a dozen software vulnerabilities, including four high-severity flaws, one of which has not been patched. The flaw with no current fix is CVE-2020-3155: a validation error in the SSL implementation of Cisco Intelligent Proximity, a solution that helps laptops, smartphones and other devices automatically discover and link with Webex…

Flaw impacts most new Intel chipsets

A vulnerability was found in most of the Intel chipsets released in the last five years that could allow an attacker to extract the chipset key stored on the PCH microchip and obtain access to data encrypted with the key. The issue, CVE-2019-0090, was found by Positive Technologies and resides in the Intel Converged Security…

KrØØk vulnerability could allow crooks to intercept WiFi data packets

ESET researchers revealed during a talk at RSA Conference 2020 a vulnerability found in more than one billion WiFi-enabled devices and access points that could allow an attacker to partially read encrypted data being transmitted. Dubbed KrØØk, CVE-2019-15126 is a previously unknown vulnerability found in WiFi chips from Broadcom and Cypress. These are not only…

DOD seal

White hat hackers find thousands of vulnerabilities: DoD

The U.S. Department of Defense’s Cyber Crime Center (DC3) received more than 2,800 validated vulnerability reports from a variety of sources, according to its 2019 Vulnerability Disclosure Program (VDP). In 2019 the VDP processed 4,013 vulnerability reports establishing that 2,816 were in fact previously unknown vulnerabilities, according to the VDP’s annual report. The VDN was…

Cisco issues 17 security updates

Cisco released 17 security updates in the past week, with eight considered to have a potentially high impact and the remainder rated medium. The updates cover a variety of products and services with the high-rated vulnerabilities leading to a denial of service or a command line interface (CLI) command injection issue if exploited. The DoS…

Next post in Vulnerabilities