Cybersecurity Vulnerabilities news & analysis | SC Media

Vulnerabilities News and Analyis

Hackers could exploit iDRAC flaw to control EMC PowerEdge servers

Dell issued a patch for a path traversal vulnerability found in the Integrated Dell Remote Access Controller (iDRAC) that could allow criminals to obtain full control of server operations. The vulnerability scored a CVSS rating of 7.1. iDRAC was designed for secure local and remote server management to help IT administrators deploy, update and monitor…

Critical VPN vulnerabilities pose danger to OT networks

The VPN approach for remote security may not be as secure as previously believed, new research has found. That’s particularly troubling, which is especially unfortunate given on the work-at-home reality brought on by COVID-19, according to a blog post from Claroty. Remote code execution (RCE) vulnerabilities affecting VPN implementations primarily used to provide remote access…

Cisco patches severe traversal vulnerability exploited in wild

Cisco is urging organizations to implement its patch for a high severity directory traversal vulnerability that affected the web services interface of the Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software firewall products and which is being actively exploited in the wild. The vulnerability, CVE-2020-3452, stems from the “lack of…

Apple Store

Apple to send research phones to trusted hackers

Apple on Wednesday officially launched its iOS Security Research Device (SRD) program — a significant milestone for the white-hat hacker community, which has made significant strides in recent years gaining the trust of software developers, tech manufacturers and website operators that previously were reluctant to work with outsiders on security issues. Under the terms of…

Adobe fixes 12 critical bugs in second round of July patches

Just one week after issuing its last batch of patches, Adobe Systems has issued additional security updates fixing 13 vulnerabilities, 12 of them critical out-of-bounds read or write flaws that can lead to arbitrary code execution in either Prelude, Photoshop or Bridge. One additional bug of “important” severity was all located in Mobile Reader, for…

Legacy ICS puts critical infrastructure at risk

By using search engines dedicated to scanning all open ports, or scanning the ports themselves, hackers can remotely take control of critical private and public U.S. infrastructure run largely by industrial control systems (ICS) that weren’t built with security in mind. American water and energy providers are particularly vulnerable to cyberattack because their legacy ICSs…

Critical SAP flaw puts 40,000 users at risk

More than 40,000 SAP users of an estimated 2,500 internet facing systems should move quickly to patch a Remotely Exploitable Code On NetWeaver (RECON) vulnerability that scored a 10 out of 10 on the bug-severity CVSS scale and which could give an attacker full enterprise control. Noting that “this is the second major Java-based 0-day in…

Microsoft sounds alarm to fix wormable bug “SIGRed”

Microsoft Corporation on Patch Tuesday addressed 123 vulnerabilities — 18 of them critical — including a “wormable” flaw in Windows DNS Service that could be leveraged to execute remote code in the context of the Local System Account and then spread malware across various network devices. Officially designated CVE-2020-1350, the wormable flaw is caused by…

Patch Tuesday: Adobe eliminates four critical bugs

Adobe Systems on Patch Tuesday issued fixes for 13 vulnerabilities — four critical — spread out among five products, including Download Manager, ColdFusion, Genuine Service, Media Encoder and the Creative Cloud Desktop Application. Download Manager 2.0.0.518 for Windows contains a command injection flaw (CVE-2020-9688), that can cause arbitrary code execution. Discovered by researcher Dhiraj Mishra,…

Flaws in SETracker watch app posed danger to dementia patients

Security researchers found flaws in a smart tracker that was aimed at the elderly, especially those with dementia or other cognitive issues. In research released late this week, Pen Test Partners found flaws in source code that the manufacturer posted publicly. Most of the watches use SETracker as a backend, an app owned by the…

Next post in Security News