Vulnerability | SC Media

Vulnerability

Autonomous vehicle sensors tricked by “invisible” drone projections of road signs

A group of researchers developed an attack to trick “Level 0” autonomous vehicle sensors by using drones which project images too quick for humans to see but slow enough for the vehicle’s sensors.  Level 0 autonomy systems advise human drivers but don’t directly operate the vehicle and Ben Gurion University security researchers performed the experiment…

Cessna

DHS warns small aircraft are vulnerable to cyberattacks from those with physical access

The Department of Homeland Security (DHS) issued a warning that small aircraft can easily be hacked by threat actors who have physical access to the vehicles. By hacking into the aircrafts’ CAN bus system, threat actors can take control of key navigation systems and easily manipulate telemetry data potentially resulting in loss of control of…

Google researchers discover six iPhone vulnerabilities, one unpatched

Google Project Zero researchers discovered six iPhone security vulnerabilities, one of which remains unpatched, and four of which could lead to the execution of malicious code. All of the vulnerabilities are “interaction-less,” meaning they can be run without any interaction from a user and can be exploited via  SMS, MMS, Visual Voicemail, iMessage and Mail, according…

Best IPsec/SSL VPN

Multiple advisories for various VPN providers

The Cybersecurity and Infrastructure Security Agency (CISA) is warning users of multiple vulnerabilities in Virtual Private Network (VPN) applications. The vulnerabilities are in the Palo Alto GlobalProtect portal and GlobalProtect Gateway interface products, FortiGuard FortiOS system product, and Pulse Security Pulse Connect Secure / Pulse Policy Secure products and could allow threat actors to take…

Banner vulnerability allows remote access to records of more than 60 colleges

At least 62 colleges were affected by a software vulnerability in a program called Banner, operated by Ellucian, that allows threat actors to infiltrate colleges’ private records. The vulnerability, CVE-2019-8978, was reported in May 2019 and allows an attacker to log in to the Banner system with an institutional account and leverage scripts in the…

Cisco releases updates, one ‘Critical,’ two ‘High’ severity ratings

Cisco released security updates for multiple products, some of which contain vulnerabilities that if exploited would allow an attacker to take control of an affected system. The patches include fixes for a Cisco Vision Dynamic Signage Director REST API Authentication bypass vulnerability, FindIT Network Management Software static credentials vulnerability, and an IOS Access Points Software…

Drupal patches access bypass vulnerability

Drupal released a security update to patch an access bypass vulnerability in Drupal Core which could allow an attacker to take control of an affected website. The problem exists in Drupal 8.7.4, when the experimental Workspaces module is enabled, an access bypass condition is created and can be mitigated by disabling the Workspaces module, according…

Researcher finds malware in USG Sony Chip HD 6 Camera surveillance kit.

Zoom finally patches video vulnerability months after discovery

Zoom finally released patches for two long-ago reported vulnerabilities in their platform including one which allow malicious websites to enable your camera without permission exposing up to 750,000 companies around the world.  Software Engineer Jonathan Leitschuh discovered two vulnerabilities in the Mac Zoom Client back in March 2019 including a Denial of Service (DOS) Vulnerability, CVE-2019–13449,…

Cisco releases updates for DoS vulnerability

Cisco released security updates for a “high” rated vulnerability in its Adaptive Security Appliance Software and Firepower Threat Defense Software products that could allow a remote attacker to cause a denial-of-service condition The vulnerability, CVE-2019-1873, is in the cryptographic driver of the products, according to a July 10 security update. The bug is due to incomplete…

Next post in Vulnerabilities