Vulnerability | SC Media


Facebook patches denial-of-service flaw in its open-source Fizz TLS implementation


Facebook last month patched a critical denial-of-service vulnerability in Fizz, its open-source implementation for Transport Layer Security protocol TLS 1.3, researchers have reported. Unauthenticated remote attackers could exploit the flaw to create an “infinite loop,” causing the web service to be unavailable for other users and thus disrupting service, according to a March 19 blog…

Xiaomi electric scooter vulnerability allows remote hacks


The Xiaomi M365, a popular electric scooter used by several ride-share companies such as BIRD as well as for personal ownership, is vulnerable to remote hacking due to improper password validation. The scooters are enabled with Bluetooth access which allows the user to interact with the scooters for multiple features including its  Anti-Theft System, Cruise-Control,…

#WatchOut children’s watch vulnerabilities have gotten


More than a year after announcing the #WatchOut vulnerabilities in Gator brand children’s smartwatches, researchers revisited the platform and found even greater vulnerabilities in Gator and other children’s smartwatch manufacturers. While the initial vulnerabilities spotted in October 2017 allowed unauthorized access, remote audio surveillance, location spoofing, and SOS compromise, recent tests conducted by the Pen…


Apple releases updates for iOS, macOS, tvOS, watchOS and other products


Apple Tuesday released updates to address vulnerabilities in several of its products including its macOS and iOS operating systems. The iOS updates include a patch for a FaceTime vulnerability which would allow a remote attacker to infiltrate a FaceTime call causing arbitrary code execution which affected  iPhone 5s and later, iPad Air and later, and…

Adobe releases third update in less than a month


Adobe today announced security updates for its vulnerabilities in its Experience Manager product that could result in sensitive information disclosure. The updates address a Moderate rated reflected cross-site scripting vulnerability and an Important rated stored cross-site scripting vulnerability in Adobe Experience Manager version 6.0 through version 6.4 across all platforms, according to a Jan. 22…


Researchers find Telegram bot chatter is actually Windows malware commands


Decrypted Telegram bot chatter was found to actually be a new Windows malware, dubbed GoodSender, which uses the messenger platform to listen and wait for commands. Forcepoint researchers discovered what it described as a “fairly simple” year old malware that creates a new administrator account that enables remote desktop once it infects a victim’s device.…

Bluehost and other popular web hosting sites found to be full of flaws


The web-hosting platform Bluehost was found to contain multiple account takeover and information leak vulnerabilities. Independent researcher and bug-hunter Paulos Yibelo has identified four vulnerabilities, one of which is a “High” severity information leak through CORS misconfigurations that could allow attackers to steal personally identifiable information, partial payment details and tokens that can give access…


Schneider Electric car charging station vulnerabilities allowed stolen cables, halted charging


Positive Technologies researchers have released details concerning the vulnerabilities patched last month in the Schneider Electric car charging stations. One of the vulnerabilities, (CVE-2018-7800) enables access with maximum privileges to the charging station and could allow an attacker to stop the charging process and switch the device to the reservation mode making it inaccessible to…

Cisco patches 18 vulnerabilities including a critical memory corruption DoS bug


Cisco issued 18 fixes for vulnerabilities spanning its product line including a critical flaw which could be triggered by a malicious email and another flaw which could enable a permanent DoS condition forcing the affected device to stop scanning and forwarding messages. The critical flaw is the result of a memory corruption denial of service…

Fiat Chrysler Automobiles logos

U.S. Supreme Court declines to hear Fiat Chrysler appeal in car hacking case


The U.S. Supreme court Monday declined to hear Fiat Chrysler’s appeal in a class action lawsuit claiming the automaker knew its vehicles were vulnerable to cyberattacks as early as 2011. The case stems from three car owners who sued the Samsung Electronics Co subsidiary Harman International Industries which manufactures the vehicle’s Uconnect infotainment system, and…

Next post in Security News