Network Security | SC Media

Network Security

Unpatched bug in Windows SymCrypt library could cause DoS condition, warns researcher

Google’s Project Zero vulnerability hunting team has publicly disclosed an unpatched bug in the SymCrypt cryptography library for Windows, which could create a denial of service condition when the user initiates any function that requires cryptography. Project Zero researcher Tavis Ormandy said in a June 11 tweet that even though the problem is of “relatively…

Telegram blames China for DDoS disruptions during Hong Kong unrest

Telegram pointed the finger at Chinese state-sanctioned actors yesterday after a distributed denial of service (DDoS) attack overwhelmed its servers as protests were taking place in Hong Kong. “We’re currently experiencing a powerful DDoS attack, Telegram users in the Americas and some users from other countries may experience connection issues,” the encrypted messaging service said…

Researchers: Pyramid Hotel Group stored security info on openly accessible server

For over a month, U.S.-based hospitality company and franchisee Pyramid Hotel Group (PHG) had been running its intrusion detection system on a unsecured, openly configured server, thereby exposing sensitive information pertaining to its security policies, systems, networks, and application logs, according to researchers. At the time of its discovery by vpnMentor researchers Noam Rotem and…

Despite patch, nearly 1M devices still vulnerable to ‘BlueKeep’ RCE flaw

Almost 1 million internet-connected devices remain vulnerable to the critical “BlueKeep” remote code execution bug that was recently found in Microsoft’s Remote Desktop Services, despite security fixes that were issued as part of May’s Patch Tuesday earlier this month. Officially designated CVE-2019-0708, the BlueKeep vulnerability could potentially allow unauthenticated attackers to install programs, view or…

Google adds to Baltimore’s ransomware woes

A recent attempt by Baltimore government officials to create a workaround that would allow them to email while the city recovers from a ransomware attack was temporarily stymied by Google. Baltimore staffers had started to create Google Gmail accounts as a temporary replacement communication system. However, Google’s automatic security apparatus shut down the accounts as…

Mozilla fires up another Firefox update, patching 24 vulnerabilities

The Mozilla Foundation yesterday issued version 67 of its Firefox browser and version 60.7 of Firefox Extended Support Release (ESR), in the process patching 24 vulnerabilities between them, two of them critical. The two most serious flaws consisted of a series of memory bugs found by the browser’s developers and the greater Mozilla community. The first set…

Slack logo

Slack patches flaw that could allow attackers to hijack downloaded documents

The developers of the work collaboration app Slack have issued a security update for its desktop client following the discovery of a medium-severity download hijack vulnerability that could let attackers modify the location where downloaded files are stored. Malicious actors could exploit the flaw to steal and spy on users’ documents by uploading them to…

‘Thrangrycat’ flaw in millions of Cisco devices could enable ‘Secure Boot’ bypass

Millions of Cisco devices used by corporate, government and military networks contain a logic vulnerability in their Secure Boot process that could allow local, authenticated actors to bypass and disable critical functionality in the Trust Anchor hardware module (TAm) – the bedrock upon which all other trusted computing mechanisms within the devices are built. The hardware…

DHS reduces deadline for agencies to fix vulnerabilities in their systems

The Department of Homeland Security’s U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Monday issued a directive that now gives federal agencies a 15-day deadline to remediate critical-level vulnerabilities that are detected on their internet-accessible systems by CISA’s Cyber Hygiene scanning service. Binding Operational Directive 19-02 supersedes BOD 15-01, which when enacted in 2015 gave…

NVIDIA update fixes three vulnerabilities in GPU Display Driver

Graphics chip manufacturer NVIDIA last week released a security software update for its GPU Display Driver, fixing three vulnerabilities that, if left untreated, could result in denial of service, escalation of privileges, code execution or information disclosure. The most serious of the three bugs is CVE-2019-5675, a high-severity flaw in the kernel mode layer handler…

Next post in Security News