Vulnerabilities & Flaws | SC Media

Vulnerabilities & Flaws

77 updates in Microsoft patch Tuesday

By

Microsoft released 77 updates, 20 of which were classified as critical, in this months patch Tuesday announcement. The updates included fixes for Microsoft Windows, Office, IE, Edge resolving a total of 74 unique CVEs this month including one actively exploited zero day flaw in Internet Explorer, according to its February Patch Tuesday release. The zero…

#WatchOut children’s watch vulnerabilities have gotten

By

More than a year after announcing the #WatchOut vulnerabilities in Gator brand children’s smartwatches, researchers revisited the platform and found even greater vulnerabilities in Gator and other children’s smartwatch manufacturers. While the initial vulnerabilities spotted in October 2017 allowed unauthorized access, remote audio surveillance, location spoofing, and SOS compromise, recent tests conducted by the Pen…

AppleMalware2

Attorney claims Apple FaceTime eavesdropping glitch “allowed” recording of deposition

By

Houston attorney Larry Williams is suing Apple over the recently disclosed FaceTime bug which allows callers to listen to the audio of the recipient before they answer the phone, claiming it allowed the recording of a private deposition. Williams argued Apple was negligent when it allowed the microphone to be used in this way and…

AppleMalware2

Apple releases updates for iOS, macOS, tvOS, watchOS and other products

By

Apple Tuesday released updates to address vulnerabilities in several of its products including its macOS and iOS operating systems. The iOS updates include a patch for a FaceTime vulnerability which would allow a remote attacker to infiltrate a FaceTime call causing arbitrary code execution which affected  iPhone 5s and later, iPad Air and later, and…

Adobe releases third update in less than a month

By

Adobe today announced security updates for its vulnerabilities in its Experience Manager product that could result in sensitive information disclosure. The updates address a Moderate rated reflected cross-site scripting vulnerability and an Important rated stored cross-site scripting vulnerability in Adobe Experience Manager version 6.0 through version 6.4 across all platforms, according to a Jan. 22…

telegrammessageapp_875461

Researchers find Telegram bot chatter is actually Windows malware commands

By

Decrypted Telegram bot chatter was found to actually be a new Windows malware, dubbed GoodSender, which uses the messenger platform to listen and wait for commands. Forcepoint researchers discovered what it described as a “fairly simple” year old malware that creates a new administrator account that enables remote desktop once it infects a victim’s device.…

Bluehost and other popular web hosting sites found to be full of flaws

By

The web-hosting platform Bluehost was found to contain multiple account takeover and information leak vulnerabilities. Independent researcher and bug-hunter Paulos Yibelo has identified four vulnerabilities, one of which is a “High” severity information leak through CORS misconfigurations that could allow attackers to steal personally identifiable information, partial payment details and tokens that can give access…

smartcar_1270586

Schneider Electric car charging station vulnerabilities allowed stolen cables, halted charging

By

Positive Technologies researchers have released details concerning the vulnerabilities patched last month in the Schneider Electric car charging stations. One of the vulnerabilities, (CVE-2018-7800) enables access with maximum privileges to the charging station and could allow an attacker to stop the charging process and switch the device to the reservation mode making it inaccessible to…

Cisco patches 18 vulnerabilities including a critical memory corruption DoS bug

By

Cisco issued 18 fixes for vulnerabilities spanning its product line including a critical flaw which could be triggered by a malicious email and another flaw which could enable a permanent DoS condition forcing the affected device to stop scanning and forwarding messages. The critical flaw is the result of a memory corruption denial of service…

Next post in Security News