Cybersecurity Vulnerabilities news & analysis | SC Media

Vulnerabilities News and Analyis

Six Cisco servers compromised when hackers exploited SaltStack Salt flaws

Six Cisco salt-master backend servers were compromised when attackers exploited two recently reported vulnerabilities in SaltStack Salt. Cisco revealed the attacks in an advisory, saying the Cisco Modeling Labs Corporate Edition (CML) and the Cisco Virtual Internet Routing Lab Personal Edition (VIRL-PE) were vulnerable. In early May one or more attackers exploited the flaws in…

StrandHogg 2.0 bug enables Android app hijacking, poses patching challenge

A critical elevation-of-privilege vulnerability found in Android devices could potentially be exploited, without root access or user permission, to hijack virtually all mobile apps in order to spy on individuals or steal their login credentials. Google has developed a security patch for Android versions 8, 8.1 and 9 — alerting its partners of the update…

Hacker group announces jailbreak for iOS 11 – 13.5

Users of iPhones, iPads and iPod Touches that run on iOS 11 through 13.5 can now jailbreak their devices with new downloadable software from the hacking group Unc0ver. The jailbreak is reportedly made possible thanks to a zero-day kernel vulnerability discovered by Unc0ver hacker @Pwn20wnd. [1, 2, 3] Jailbreaks are hotly anticipated events for certain tech…

Patch round-up: Cisco repairs RCE bug; notable fixes from VMware, Google, Adobe

Cisco Systems on Wednesday fixed a critical remote code execution vulnerability in its Unified Contact Center Express solution — one of a flurry of patches and bug disclosures announced this week by tech giants such as Microsoft, Apple and Google. Found in Unified CCX’s Java Remote Management Interface, the critical Cisco flaw — with a CVSS…

VMware issues workarounds for Salt vulnerabilities in vRealize Operations Manager

VMware has issued workarounds for a pair of vulnerabilities that were earlier disclosed in Salt that directly affect VMware’s vRealize Operations Manager. The vulnerabilities, the critical CVE-2020-11651 and important CVE-2020-11652, impact the Application Remote Collector that was introduced with vRealize Operations Manager 7.5. The SaltStack project previously patched the issues in its own product, but…

Thunderbolt ports vulnerable to hands-on hacks

A threat actor with just five minutes of direct access to a computer’s Thunderbolt port can steal encrypted data and clean out the device’s system memory due to seven specific security lapses in the Intel-developed port. The vulnerabilities, named Thunderspy, were brought to light by Björn Ruytenberg, a graduate student at the Eindhoven University of…

Cisco pushes out almost three dozen security updates

Cisco released a batch of 34 security updates with 12 being rated as a high priority. Eight of the high-rated advisories impacting the company’s Cisco Adaptive Security Appliance Software and Cisco Firepower Threat Defense Software while all of them involve the latter software product. A few of the more critical problems were CVE-2020-3187, a vulnerability…

Threat Profiling in the ICS World: What You Need to Know

Vulnerabilities in two Schneider Electric ICS products reminiscent of Stuxnet

Vulnerabilities reminiscent of Stuxnet found in two Schneider Electric products could allow an attacker to gain operation control of a device by intercepting then retransmitting commands. Trustwave’s Global OT/IoT security research team uncovered the flaws in Schneider’s SoMachine Basic v1.6 and Schneider Electric M221, firmware version 1.6.2.0, Programmable Logic Controller (PLC). By exploiting the flaws,…

Next post in Vulnerabilities