Vulnerabilities & Flaws | SC Media

Vulnerabilities & Flaws

EA Origin client bug allows threat actors to run remote code


A vulnerability in the Electronic Arts (EA)  online gaming platform Origin could allow an attacker to trick unsuspecting gamers into remotely running malicious code on their computer. Security researchers Daley Bee and Dominik Penner of Underdog Security discovered the bug affecting tens of millions of Windows users with the Origin app installed, according to TechCrunch.…

Adblock Plus Exploit allows threat actors to read Gmail and other Google services


Independent security researcher Armin Sebastian discovered a vulnerability in Adblock Plus which can allow hackers to read a victim’s Gmail and look into other Google services. Adblock Plus is the world’s most popular free advertisement blocker with millions of users and extensions that run in all the major web browsers including Chrome, Edge, Firefox, Opera…

Apache Tomcat vulnerability results in remote code exectuion


Security researchers identified a remote code execution on windows vulnerability in Apache Tomcat. The vulnerability is rated “Important” and was identified by an external security researcher and reported to the Apache Tomcat security team via the bug bounty program, according to an April 10 blog post. The vulnerability leaves the CGI Servlet at risk due…

VPN apps found insecurely storing session cookies


Researchers with National Defense ISAC Remote Access Working Group discovered multiple Virtual Private Networks (VPN) applications were insecurely storing authentication and/or session cookies in memory logs and files. The vulnerability would allow an attacker to replay the session and bypass other authentication methods and ultimately grant them access to the same applications as the user…

April Microsoft Patch Tuesday addresses two actively exploited zero-days


Microsoft April 2019 Patch Tuesday’s release included fixes for 74 vulnerabilities, 15 of which were classified as critical and most of which affect the Windows operating system itself and two actively exploited vulnerabilities. The actively exploited vulnerabilities included two Win32K Elevation of Privilege vulnerabilities on of which was discovered by the Alibaba Cloud Intelligence Security…

Researchers get free Tesla for finding infotainment system bug


Tesla awarded two researchers a car after they found a vulnerability in the vehicle’s infotainment system which allowed them to commandeer the vehicle.   The exploit was found during the Pwn2Own hacking event held in Vancouver during which Tesla was the first automaker to participate and ultimately led to the researchers receiving $375,000 in prizes,…

Highly critical Drupal flaw being exploited in the wild


Cybercriminals are actively exploiting a “highly critical” Drupal bug to deliver cryptocurrency miners and other malicious payloads. The remote code execution vulnerability in Drupal Core was announced in a Feb. 20, 2019 security update, and is the result of some field types not properly sanitizing data from non-form sources leading to arbitrary PHP code execution…

Looming retirement of legacy system custodians put global IT systems at risk


Government IT systems and critical infrastructure systems around the world are at risk due to legacy technology and the pending retirement of those who have historically maintained these older systems. Of the U.S. General Services Administration’s mission-critical IT staff, 20-50 percent will be eligible to retire by 2024 and 66 percent of U.K. companies have…

77 updates in Microsoft patch Tuesday


Microsoft released 77 updates, 20 of which were classified as critical, in this months patch Tuesday announcement. The updates included fixes for Microsoft Windows, Office, IE, Edge resolving a total of 74 unique CVEs this month including one actively exploited zero day flaw in Internet Explorer, according to its February Patch Tuesday release. The zero…

Next post in Security News