Vulnerabilities | SC Media

Vulnerabilities

Mozilla fires up another Firefox update, patching 24 vulnerabilities

The Mozilla Foundation yesterday issued version 67 of its Firefox browser and version 60.7 of Firefox Extended Support Release (ESR), in the process patching 24 vulnerabilities between them, two of them critical. The two most serious flaws consisted of a series of memory bugs found by the browser’s developers and the greater Mozilla community. The first set…

EternalBlue

Attempted cyberattacks using EternalBlue exploit soar in recent months

Cyberattacks leveraging the Windows Server Message Block exploit known as EternalBlue have reportedly reached historically high levels over the last few months, even though the vulnerability it affects was patched by Microsoft more than two years ago. In a May 17 blog post, ESET security evangelist Ondrej Kubovic said his company’s telemetry data has revealed…

Slack logo

Slack patches flaw that could allow attackers to hijack downloaded documents

The developers of the work collaboration app Slack have issued a security update for its desktop client following the discovery of a medium-severity download hijack vulnerability that could let attackers modify the location where downloaded files are stored. Malicious actors could exploit the flaw to steal and spy on users’ documents by uploading them to…

‘Thrangrycat’ flaw in millions of Cisco devices could enable ‘Secure Boot’ bypass

Millions of Cisco devices used by corporate, government and military networks contain a logic vulnerability in their Secure Boot process that could allow local, authenticated actors to bypass and disable critical functionality in the Trust Anchor hardware module (TAm) – the bedrock upon which all other trusted computing mechanisms within the devices are built. The hardware…

DHS reduces deadline for agencies to fix vulnerabilities in their systems

The Department of Homeland Security’s U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Monday issued a directive that now gives federal agencies a 15-day deadline to remediate critical-level vulnerabilities that are detected on their internet-accessible systems by CISA’s Cyber Hygiene scanning service. Binding Operational Directive 19-02 supersedes BOD 15-01, which when enacted in 2015 gave…

Drupal core patches moderately critical vulnerability

Drupal core released a patch for a  moderately critical vulnerability in third-party libraries that could allow the by-passing of protection of Phar Steam Wrapper Interceptor. The vulnerability occurs when untrusted data is used to abuse the logic of the application, according to, TYPO3-PSA-2019-007: By-passing protection of Phar Stream Wrapper Interceptor. “In order to intercept file…

NVIDIA update fixes three vulnerabilities in GPU Display Driver

Graphics chip manufacturer NVIDIA last week released a security software update for its GPU Display Driver, fixing three vulnerabilities that, if left untreated, could result in denial of service, escalation of privileges, code execution or information disclosure. The most serious of the three bugs is CVE-2019-5675, a high-severity flaw in the kernel mode layer handler…

IOT2

Uptick in IoT related data breaches as unsecured devices increase

A recent  Ponemon Institute study found, there has been a dramatic increase in IoT-related data breaches specifically due to an unsecured IoT device or application since 2017. The study found these breaches account for 26 percent of incidents, up from 15 percent, although the actual number may be greater as most organizations aren’t aware of…

Next post in IoT