Cybersecurity Vulnerabilities news & analysis | SC Media

Vulnerabilities News and Analyis

Adobe fixes 18 critical vulnerabilities on heels of largest-ever Microsoft Patch Tuesday

Adobe on Tuesday patched 18 critical vulnerabilities – five of them in Illustrator and another five in After Effects. The out-of-band updates came a week after the company patched four flaws in Flash and Microsoft unveiled its largest Patch Tuesday ever, offering updates for 129 vulnerabilities. The After Effects out-of-bounds read, out-of-bounds write and overflow…

Ripple20 bugs in scores of IoT devices reveal third-party code dangers

Hundreds of millions of Internet of Things (IoT) products use a TCP/IP software library containing severe vulnerabilities that can be exploited for remote code execution and complete device takeover, say researchers who also warn that the bug has been extremely difficult to track across the IoT supply chain due to liberal adoption of the third-party…

Trump

Vulnerability in Trump campaign app revealed keys and secrets

A security vulnerability in President Trump’s mobile campaign app exposed Twitter application keys and secrets, Google apps and maps keys and Branch.io keys in the Android APK file, researchers at Website Planet recently discovered. A research team led by Noam Rotem and Ran Locar said the exposed keys and secrets provided access to the app’s…

Honeypot study: Unsecured database simulation attacked 18x per day on average

Now there’s proof that every random minute counts when a database is left unsecured on the web. In fact, a recent Comparitech experiment led by researcher Bob Diachenko found that hackers attacked a simulation of an unsecured database an average of 18 times per day. In a June 10 blog post, Comparitech Privacy Advocate Paul…

CallStranger bug in billions of devices can enable data exfiltration, DoS attacks

Billions of Internet of Things and Local Area Network devices that rely on the Universal Plug and Play (UPnP) protocol for discovery of and interaction with other devices are vulnerable to “CallStranger,” a bug that can be exploited to exfiltrate data, launch a denial of service attack or scan ports. The Windows 10 operating system,…

Attackers are using exploit code for SMBGhost bug, CISA warns

Functioning point-of-concept exploit code now exists for the highly critical “SMBGhost” bug that Microsoft last March patched in its Server Message Block 3.1.1 (SMBv3) protocol, and attackers are taking advantage, the U.S. Cybersecurity and Infrastructure Security Agency (CISA) has warned, citing open-source reports. Designated CVE-2020-0796 and also known as EternalDarkness, the bug can result in…

Cisco security advisories address 47 flaws, three critical

Cisco Systems on Wednesday, June 3 released a series of security advisories addressing a total of 47 vulnerabilities, including three critical bugs that were found and fixed in IOS or IOS EX software. Among the most series flaws is a privilege escalation vulnerability in the authorization controls of the IOx application hosting infrastructure in Cisco IOS XE…

AppleMalware2

Fixed Apple sign-in bug could have enabled hijacking of 3rd-party accounts

A security researcher in Delhi, India, reported that Apple paid him $100,000 through its bug bounty program for finding a vulnerability in its Sign in with Apple feature that could have resulted in the takeover of users’ third-party website and app accounts. In a May 30 blog post, researcher Bhavuk Jain explains how he detected the bug that could have fully compromised third-party user accounts , regardless…

Next post in Vulnerabilities