Vulnerabilities | SC Media



11 security patches released in CUJO Smart Firewall platform


Cisco Talos researchers discovered 11 vulnerabilities in the CUJO Smart Firewall platform which could allow an attacker to ultimately take control of a device by either executing arbitrary code or by uploading and executing unsigned kernels on affected systems. Researchers found the Firewall was vulnerable to remote code execution, local code execution, smartphone app code…

Mozilla’s latest Firefox releases fix 22 vulnerabilities


The Mozilla Foundation yesterday issued version 66 of Firefox and 60.6 of Firefox Extended Support Release (ESR), in the process patching 22 vulnerabilities between them, five of them critical. Four of the five most severe flaws were found in both the standard and ESR versions of the web browser. This includes CVE-2019-9790, a use-after-free vulnerability…

Google Photos bug leaked location history


Imperva Researchers recently patched a vulnerability in Google Photos that could allow threat actors to track a user’s location history. By exploiting the flaw and using a little social engineering, malicious websites could have exposed when Google Photos were taken, according to the report. Imperva researcher Ron Masas used an HTML link tag to create…

Hack U: Ariana Grande file is one of 100+ ways attackers are exploiting WinRAR bug


Researchers from McAfee have observed more than 100 different exploits for a now-patched 19-year-old remote code execution vulnerability in the WinRAR compression tool ever since the path traversal bug was disclosed last month. One of the more unique exploit attempts to infect unpatched victims with malware using a bootlegged copy of Ariana Grande’s “Thank U,…

WordPress releases 14 fixes in latest security updates


WordPress has released a security and maintenance patch which introduces 14 fixes and enhancements designed to help hosts prepare users for the minimum PHP version bump in version 5.2. In April 2019, WordPress will up the minimum PHP version requirement to be 5.6 and sites that remain on 5.5 or lower will still receive security…

HHS CISO discusses new threat briefings and alerts for health industry

HHS operating divisions must improve security controls: OIG report


The U.S. Department of Health and Human Services must improve network security controls at its eight operating divisions (OPDIVs) and fix a series of vulnerabilities discovered during an audit, according to a summary report issued earlier this month by the Office of Inspector General (OIS). The audit, conducted back in 2016 and 2017 by a…

Mozilla, Cisco and others sponsor certificate provider Let's Encrypt

GoDaddy, Apple and Google misuse more than 1M certificates


A major operational error has resulted in the issuance of at least one million browser-trusted digital certificates from GoDaddy, Apple and Google that don’t comply with binding industry mandates. The misconfiguration is the result of open source EJBCA software package that many browser-trusted authorities use to generate certificates that secure websites, encrypt email, and digitally…

Yatron ransomware uses NSA exploits


A ransomware-as-a-service (RaaS) dubbed Yatron plans to spread using EternalBlue and NSA exploits. Oddly enough, researchers noted the ransomware has been promoted on Twitter by its creator who has tweeted promotions to various ransomware and security researchers, according to Bleeping Computer. A security researcher who goes by the name “A Shadow” brought the ransomware to…

Flaws in visitor management systems could roll out welcome mat for attackers


Five kiosk-based visitor management systems designed to securely check guests into business facilities or industrial buildings were found to contain vulnerabilities that could potentially allow attackers to physically intrude into spaces, break into private networks or steal information. Normally, these systems automate the authentication of visitors and provision them with security badges (potentially RFID-enabled) for…

Report: Bug bounty reward totals soared in 2018


The hacker community reported more than 93,000 resolved security vulnerabilities last year and earned roughly $19 million in bug bounties while using HackerOne’s vulnerability disclosure platform, according to the company The $19 million figure nearly equals the total bug bounty earnings collected over the previous six years of the platform’s existence, HackerOne explains in its…

Next post in Security News