Cybersecurity Vulnerabilities news & analysis | SC Media

Vulnerabilities News and Analyis

PHP update fixes arbitrary code execution flaw, 9 other bugs

The Center for Internet Security’s Multi-State Information Sharing and Analysis Center (MS-ISAC) on Friday issued a security advisory urging developers to upgrade to the latest version of PHP in order to patch an arbitrary code execution vulnerability that was found in the programming language. “PHP is prone to a heap-based buffer overflow vulnerability because the…

Apple updates software, fixes flaw affecting third-party keyboard apps

Apple last week released a series of software updates that repaired vulnerabilities in iOS, iPadOS, macOS Mojave, macOS High Sierra, macOS Sierra, watchOS, tvOS, Apple TV Software and Safari. This included a fix for an iOS/iPadOS flaw that, due to improper sandbox restrictions, can grant third-party keyboard extensions full access to iPhone, iPad and iPod…

Cisco addresses multiple bugs in network operating systems

Cisco Systems issued a series of security updates on Wednesday in the process disclosing 29 vulnerabilities, including 12 high-impact ones. The vast majority were found in its various network operating systems. Affected products include Cisco’s Email Security Appliances, cCatalyst 4000 Series Switches, IOx, IOS Software, IOS XE Software, IOS XR Software and NX-OS Software. To…

WordPress Rich Review plugin vulnerable to malvertising

An estimated 16,000 WordPress websites are running a plugin that is vulnerable to unauthenticated plugin option updates. WordFence, a WordPress security solution provider, has reported that the plugin Rich Reviews has a vulnerability that is currently being abused and can be exploited to deliver stored cross-site scripting (XSS) payloads. This can result in malvertisements being…

VBulletin

Reports: Actively exploited zero-day found in vBulletin forum software

The vBulletin internet forum software package reportedly contains a critical zero-day remote code execution vulnerability that attackers have been actively exploiting, possibly as far back as three years ago. Multiple news organizations are reporting that a researcher studying the well-known forum software published a pre-auth RCE exploit for the bug on vBulletin’s Full Disclosure security mailing…

Adobe patches two critical issues with Cold Fusion

Adobe today released an out-of-band security update fixing two critical issues for Cold Fusion 2018 and 2016. The two critical-rated issues are CVE-2019-8073 and CVE-2019-8074. The former allows arbitrary code execution if exploited and the latter leads to an access control bypass. Adobe also patched an important-rated vulnerability, CVE-2019-8072, that could lead to information disclosure…

IE, Firefox, Chrome and Safari's protection against phishing was tested.

Microsoft patches flaws in IE, Defender

Microsoft Corp. yesterday issued out-of-band updates for a pair of security vulnerabilities, one in Internet Explorer and one in its Defender anti-malware software for Windows. Discovered by Clément Lecigne of Google’s Threat Analysis Group and designated CVE-2019-1367, the IE bug is a memory corruption vulnerability that can be exploited for remote code execution in the…

Eight cities’ payment records impacted in Click2Gov portal breach

For the second time since 2017, the third-party government bill-payment portal Click2Gov has experienced a significant data breach affecting thousands of individuals in multiple cities across the U.S. Government entities use the Click2Gov portal to accept payments for permits, licenses, fines and utilities. Discovered by fraud intelligence experts at Gemini Advisory, this latest attack compromised…

Chrome security issues addressed with Stable channel update

Google updated its Chrome Stable channel to version 77.0.3865.90 for Windows, Mac, and Linux to implement four security fixes, one rated critical and three high. The critical CVE-2019-13685 covers a use-after-free in UI issue; CVE-2019-13688 (high) deals with a use-after-free in media; CVE-2019-13687 (high) a use-after-free in media and CVE-2019-13686 (high) a use-after-free in offline…

Next post in Vulnerabilities