Cybersecurity Vulnerabilities news & analysis | SC Media

Vulnerabilities News and Analyis

dirty cow

DirtyCOW is back in backdoor attack targeting Drupal Web Servers


Threat actors are using the DirtyCOW bug to exploit a backdoor in Drupal Web Servers. Impreva researcher Nadav Avital spotted the attack on Oct. 31 exploiting the Drupalgeddon2 and DirtyCOW, bugs as well as system misconfigurations to persistently infect vulnerable Drupal web servers and take over user machines, according to a Nov. 19 blog post. Researchers noted this…

Samsung updates Smart TV privacy policy to clarify collection of user data

Study finds privacy concerns amidst Black Friday tech deals


Consumers may want to think twice before taking advantage of the Black Friday discounts offered on the latest Smart TVs after a recent study found 25 percent of Americans worry their conversations are being monitored through their smart TVs. The study was conducted by Propeller Insights on behalf of ExpressVPN  and surveyed 1,000 U.S. adults, finding that 29…

Children’s smartwatches once again found vulnerable


China-based company MiSafe is once again making headlines with its unsecured products after a pen tester found that its child tracking smartwatches were found to be highly insecure. MiSafe previously made controversy after firm’s Mi-Cam baby monitors were found to be susceptible to unauthenticated access and hijacking of arbitrary baby monitors. Pen Test Partners researchers…

Privilege escalation bug patched in Accelerated Mobile Pages WordPress plug-in


A WordPress plug-in used to build faster-loading web pages was discovered to contain a privilege escalation vulnerability that allows unauthorized attackers to inject malicious HTML code into the main page. In a company blog post yesterday, researchers at WebARX disclosed the bug, which resides in the “MP for WP – Accelerated Mobile Pages” plug-in. The…

Study finds medical device security pros may have false sense of security


A recent study surveying healthcare IT professionals found while the majority of them are very confident their connected devices are protected from cyberattacks, there may be some disconnects between the perceived level of security and how secure medical devices are. The 2018 Zingbox Second Annual Connected Medical Device Survey sought input from more than 200…

Top online retailers rated for cybersecurity practices


With Black Friday and Cyber Monday looming only eight days away, and Magecart’s malware being spotted in more than a few retailer point-of-sale systems, consumers should be aware of which online retailers are the best at protecting their customer’s data. To come up with a definitive list LastPass tested the websites of the top 10…

D-Link router vulnerability detailed


Researchers at Synopsys Software Integrity Research Center are recommending those using the D-Link DIR-850L wireless router immediately update its firmware to patch a vulnerability that could allow an unauthorized person to join the network. The issue, CVE-2018-18907, is an authentication flaw affecting routers with hardware revision A and firmware version 1.21B06 Beta and older. Essentially,…

Microsoft’s Patch Tuesday addresses Zero Day vulnerabilities


Microsoft’s Patch Tuesday rollout covered 62 items, 12 rated critical, including patches for a pair of Zero Day vulnerabilities. Among the most worrisome issues addressed with this round of updates is CVE-2018-8589, a Won32k elevation of privilege flaw, that has been spotted in the wild affecting Windows 7, Server 2008 and Server 2008 R2. “This…

Adobe Patch Tuesday updates for Flash Player, Reader, Acrobat and PhotoShop


Adobe’s November Patch Tuesday security updates cover an important patch for Flash Player along with similarly rated patches for Acrobat, Reader and Photoshop. Flash Player and earlier versions for Windows, macOS, Linux and Chrome OS have an out-of-bounds read vulnerability (CVE-2018-15978) that if exploited could lead to information disclosure. Adobe rated it a priority…

Attackers exploit GDPR compliance plug-in for WordPress


A WordPress plug-in that’s supposed to help with GDPR compliance contains a dangerous privilege escalation vulnerability that attackers have been actively exploiting to compromise websites. Known as the WP GDPR Compliance plug-in, the software module helps ensure compliance with Europe’s General Data Protection Regulation by providing tools through which site visitors can permit use of their…

Next post in Cybercrime