Network Security | SC Media

Network Security

Fixed Fortnite flaws could have enabled account takeovers


A series of vulnerabilities in the hugely popular online survival game Fortnite could have allowed malicious actors to take over players’ accounts, prompting developer Epic Games to fix the issues before a major incident transpired, according to researchers who discovered the program. Had the flaws been exploited, attackers could have victimized gamers by viewing their…

Researchers develop proof-of-concept malware for attacking Building Automation Systems


Researchers have developed proof-of-concept malware capable of compromising Building Automation Systems after discovering two critical bugs in a BAS programmable logic controller (PLC). Created by experts at ForeScout, the malware exploits both vulnerabilities in combination with several older flaws that were previously known to the public, according to a ForeScout white paper released today in…

Report: Flaws in PremiSys access system could literally open door for physical intruders


In a case of cybersecurity converging with physical security, researchers have disclosed four vulnerabilities in IDenticard Corp.’s PremiSys building access control system that attackers could exploit to sneak into restricted locations. In a corporate blog post, Tenable, Inc. reported today its researcher Jimi Sebree discovered the zero-day flaws in September 2018, after which time the company…

Microsoft updates brick Windows 7 devices


Microsoft Corp. this Tuesday released two software updates that reportedly rendered some Windows 7-based machines useless by mistake. The problem springs from the implementation of Microsoft’s Jan. 8, 2019, security-only update KB4480960 or Monthly Rollup update KB4480970, in combination with older update KB971033, whose previous iteration dates back to April 2018. The two more recent updates introduced…

Researchers discover hardware-agnostic side-channel attack that exploits OS page cache


Researchers from a combination of academic and corporate backgrounds have disclosed a newly discovered side-channel attack technique that targets the operating system page cache and affects devices regardless of hardware architecture or OS. “The page cache is a pure software cache that contains all disk-backed pages, including program binaries, shared libraries,and other files, and our attacks…

Fearing backlash, IoT hacker ‘TheHackerGiraffe’ no longer sticking neck out for PewDiePie


The hacker who’s taken credit for compromising connected devices such as printers and smart televisions in support of YouTube star PewDiePie has gone dark, apparently due to fears of prosecution as well as death threats. According to multiple reports, the individual known as TheHackerGiraffe deleted his (or her/their) accounts on Twitter, Cloudflare, Patreon and other…

Candid Candiru: Report dredges up details on secretive spyware company


A report from Israeli news outlet Haaretz has ever so slightly lifted the veil on what may be Israel’s second largest commercial provider of offensive cyber tools and spyware, a clandestine company called Candiru. The candiru is South American parasitic catfish that, according to legend, invades swimmers’ urethras. Much like the fish after which it…

Adobe tackles two critical bugs in Acrobat and Reader update


Adobe Systems today released an unscheduled security update for Acrobat and Reader for both the Windows and MacOS operating systems, fixing two critical vulnerabilities in the process. The San Jose, Calif.-based software company identified the issues as a use-after-free bug that can result in arbitrary code execution (CVE-2018-16011) and a security bypass flaw that can lead…

Cisco patches privilege escalation flaw in Adaptive Securty Appliance software


Cisco Systems this week issued an update for its Adaptive Security Appliance (ASA) software, fixing a high-severity vulnerability that could allow authenticated attackers with low-level access to remotely escalate their privileges on Cisco devices with web management access enabled. Designated CVE-2018-15465, the flaw is the result of an improper validation process while using the web management interface.…

IE, Firefox, Chrome and Safari's protection against phishing was tested.

Microsoft issues out-of-band patch for exploited memory corruption bug in Internet Explorer


Microsoft Corporation yesterday released an emergency patch for a remote code execution vulnerability in Internet Explorer that attackers have been actively exploiting in the wild. Designated CVE-2018-8653, the zero-day memory corruption bug results from the mishandling of objects in memory by the JScript component of Internet Explorer’s scripting engine, according to an official advisory from Microsoft, as…

Next post in Security News