Cybersecurity Vulnerabilities news & analysis | SC Media

Vulnerabilities News and Analyis

Microsoft researchers find NSA-style backdoor in Huawei laptops

By

The Microsoft Defender Advanced Threat Protection (ATP) service featured in Windows 10 version 1809 alerted researchers to an NSA-inspired backdoor vulnerability in Huawei laptops. The PCManager software included in some Huawei’s Matebook systems allows unprivileged users to create processes with superuser privileges, according to a March 25 Microsoft security post. Upon investigation, researchers found a…

Cisco may have released a faulty patch in most recent update

By

Cisco released 24 patches, many dealing with the company’s IOS XE operating system and 19 of them addressing vulnerabilities rated high severity – although some researchers have reported that two of the high-severity fixes weren’t enough to stop exploitation. Among the crucial patches are those for high-severity vulnerabilities affecting 10,000 of company’s popular Cisco RV320 and RV325…

Mozilla plugs two critical security holes in Thunderbird

By

The Mozilla Foundation yesterday issued a security update for its Thunderbird open-source email client, fixing two critical vulnerabilities involving its IonMonkey JavaScript JIT (just-in-time) compiler. The first of the two flaws, CVE-2019-9810, consists of incorrect alias information when using the Array.prototype.slice method, which could result in a missing bound check and buffer overflow. The second…

Asus issues patch, but questions still remain about ShadowHammer

By

Asus released a patch in the wake of the ShadowHammer malware attack, but despite fix researchers are still left wondering how the attack was carried out in the first place. The company said its customer service has been reaching out the affected users and providing assistance to ensure that the security risks are being removed,…

Locky Ransomware

Researchers: LockerGoga coding error can be exploited to prevent malicious encryption

By

The LockerGoga ransomware that’s been targeting industrial and manufacturing companies in early 2019 contains a coding error that could potentially be exploited to stop it from encrypting files, researchers say. The mistake pertains to how the malware handles .lnk file extensions, explains a March 25 blog post from threat management company Alert Logic, whose researchers…

Apple’s latest round of security updates includes 51 iOS fixes

By

Apple yesterday released software updates for seven of its products, fixing a broad range of vulnerabilities. Altogether, the company addressed 51 flaws in iOS, 38 in macOS Mojave, 36 in tvOS, 20 in iCloud for Windows, 20 in Safari, 18 in iTunes for Windows and one in Xcode. Some of the vulnerabilities overlapped between these…

Researchers get free Tesla for finding infotainment system bug

By

Tesla awarded two researchers a car after they found a vulnerability in the vehicle’s infotainment system which allowed them to commandeer the vehicle.   The exploit was found during the Pwn2Own hacking event held in Vancouver during which Tesla was the first automaker to participate and ultimately led to the researchers receiving $375,000 in prizes,…

WordPress plugin zero day exploited in the wild

By

Hackers are continuing to abuse the recently patched zero day vulnerability in the WordPress plugin Easy WP SMTP that if exploited can give attackers administrative control of a site. The zero day was first exploited in the wild for version 1.3.9 on March 15 and WordPress issued an update to pushing out version 1.3.9.0 on…

Critical OpenSSL vulnerability, 'Heartbleed Bug,' enables SSL/TLS decryption

Medtronic defibrillators vulnerable to attack

By

The Department of Homeland Security is warning users of Medtronic defibrillators of two vulnerabilities that could lead to an attacker accessing and altering the device. The warning, which was issued through the DHS Cybersecurity and Infrastructure Security Agency, covers two vulnerabilities, CVE-2019-6538 and CVE-2019-6540. A complete list of the models affected can be found here.…

Next post in Vulnerabilities