Vulnerability | SC Media

Vulnerability

Researcher finds malware in USG Sony Chip HD 6 Camera surveillance kit.

Zoom finally patches video vulnerability months after discovery

Zoom finally released patches for two long-ago reported vulnerabilities in their platform including one which allow malicious websites to enable your camera without permission exposing up to 750,000 companies around the world.  Software Engineer Jonathan Leitschuh discovered two vulnerabilities in the Mac Zoom Client back in March 2019 including a Denial of Service (DOS) Vulnerability, CVE-2019–13449,…

Cisco releases updates for DoS vulnerability

Cisco released security updates for a “high” rated vulnerability in its Adaptive Security Appliance Software and Firepower Threat Defense Software products that could allow a remote attacker to cause a denial-of-service condition The vulnerability, CVE-2019-1873, is in the cryptographic driver of the products, according to a July 10 security update. The bug is due to incomplete…

Intel releases updates for Processor Diagnostic tool and SSD DC S4500/S4600 Series

Intel released updates and security advisories  for its Processor Diagnostic Tool and its SSD DC S4500/S4600 Series products, including a high severity flaw in the Processor Diagnostic Tool that could allow the escalation of privilege, denial of service and information disclosure.  “Improper access control in the Intel Processor Diagnostic Tool before version 4.1.2.24 may allow…

On Patch Tuesday, Microsoft unveils fix for critical Windows flaw 'JASBUG'

Microsoft Patch Tuesday addresses two actively exploited zero-days

Microsoft’s July 2019 Patch Tuesday included updates for 77 vulnerabilities, including two actively exploited zero-days and five publicly disclosed vulnerabilities. One of the zero-days, CVE-2019-1132, a privilege escalation vulnerability in the Win32k component, was actively exploited as part of the attack chain by a group of Russian state-funded hackers.  If exploited, this bug could allow…

Adobe’s July Patch Tuesday includes Bridge CC, Experience Manager, Dreamweaver fixes

Adobe’s July 2019 Patch Tuesday included updates for its Adobe Bridge CC , Adobe Experience Manager and Adobe Dreamweaver products. The updates for Experience Manager patched three vulnerabilities, while Bridge and Dreamweaver updates each have one, none of which are labeled as “critical,” and the highest rated vulnerability for each software is rated “important,” according…

patch flaw vulnerability

Cisco releases updates for 10 high-rated vulnerabilities

Cisco released security updates to address vulnerabilities in multiple products that could allow an attacker to take control of an affected system. The updates include patches to 10 flaws rated “high,” including four denial of service (DoS) bugs involving a Web Security Appliance HTTPS Certificate, a Small Business Series Switches HTTP, a Web Security Appliance…

Heaven’s Gate exploit still defiled ten years later to deliver RATs and stealers

Threat actors were spotted using a decade-old antivirus evasion technique in at least three malware distribution campaigns.  A HawkEye Reborn keylogger, Remcos remote access trojan (RAT), and various other cryptocurrency mining trojan campaigns are using the “Heaven’s Gate” technique to avoid antivirus detection, Cisco Talos researchers said in a July 1 blog post. The technique…

Apache advisory addresses incomplete Tomcat update

Apache released a security advisory for Apache Tomcat to address a vulnerability, CVE-2019-10072, which could allow an attacker to cause a denial-of-service condition. The issue was caused by an incomplete fix for the CVE-2019-019 vulnerability that did not address the  window exhaustion on write. “By not sending WINDOW_UPDATE messages for the connection window (stream 0)…

Next post in Vulnerabilities