Cybersecurity Vulnerabilities news & analysis | SC Media

Vulnerabilities News and Analyis

NSA urges admins to patch BlueKeep vulnerability

The National Security Agency (NSA) has added its weight to Microsoft’s by heavily recommending that Windows administrators update their systems to protect against the CVE-2019-0708 “BlueKeep” vulnerability. Microsoft issued a patch for CVE-2019-0708 in May, but it’s estimated there are almost one million devices that have not been issued the update and remain vulnerable. The…

Organizations still struggle to manage vulnerability patches, report

Nearly 27 percent of organizations worldwide have been breached as a result of an unpatched vulnerability, according to Tripwire’s 2019 Vulnerability Management Survey.. In Europe, companies fair worse with 34 percent of respondents reporting a breach due to the same cause. Tripwire partnered with Dimensional Research to survey 340 infosecurity professionals on vulnerability management trends…

applePatch

MacOS 0-Day Flaw exploits ‘Synthetic Clicks’

A security researcher with a history of finding bugs in Apple products discovered a zero-day vulnerability that can bypass Apple’s security protections with “synthetic clicks.” Security researcher Patrick Wardle demonstrated the bug, at the Object by the Sea security conference in Monaco, which affects macOS Mojave and takes advantage of ‘synthetic events’, a macOS automation…

Critical vulnerability found in WordPress plugin Convert Plus

For the second time this week a WordPress plugin has been found vulnerable, this time allowing an attacker to gain administrative privileges in plugin Convert Plus. Convert Plus, which has 100,000 active installs, is a commercial lead generation tool containing a critical-rated “unauthenticated administrator creation” flaw, according to Wordfence. If exploited, the flaw allows an…

WordPress Slick Popup plugin could leave backdoor open to hackers

A vulnerability in the plugin Slick Popup lets hackers get into a WordPress website through a backdoor administrator account. The flaw, found in all versions of Slick Popup up to 1.71 and discovered by researchers at Defiant, is in a feature designed to give the plugin’s developer, Om Ak Solutions, access to websites running Slick…

applePatch

Bypass vulnerability in MacOS X GateKeeper

Independent Researcher Filippo Cavallarin discovered a GateKeeper Bypass vulnerability in Apple’s MacOS X that will allow threat actors to execute untrusted code without any warning or the user’s permission. GateKeeper is a mechanism developed by Apple and is included in MacOSX which enforces code signing and verifies downloaded applications before allowing them to run on…

Despite patch, nearly 1M devices still vulnerable to ‘BlueKeep’ RCE flaw

Almost 1 million internet-connected devices remain vulnerable to the critical “BlueKeep” remote code execution bug that was recently found in Microsoft’s Remote Desktop Services, despite security fixes that were issued as part of May’s Patch Tuesday earlier this month. Officially designated CVE-2019-0708, the BlueKeep vulnerability could potentially allow unauthenticated attackers to install programs, view or…

EternalBlue believed to be behind crippling Baltimore attack

Baltimore has battled the effects of a ransomware attack that started May 7 and now it seems that a familiar culprit, the National Security Agency (NSA) EternalBlue tool, known to exploit some versions of Microsoft Windows XP and Vista, is behind the city’s misery, which has included a shutdown of many vital systems and services.…

Mozilla fires up another Firefox update, patching 24 vulnerabilities

The Mozilla Foundation yesterday issued version 67 of its Firefox browser and version 60.7 of Firefox Extended Support Release (ESR), in the process patching 24 vulnerabilities between them, two of them critical. The two most serious flaws consisted of a series of memory bugs found by the browser’s developers and the greater Mozilla community. The first set…

Next post in Network Security