Vulnerabilties | SC Media

Vulnerabilties

Autonomous vehicle sensors tricked by “invisible” drone projections of road signs

A group of researchers developed an attack to trick “Level 0” autonomous vehicle sensors by using drones which project images too quick for humans to see but slow enough for the vehicle’s sensors.  Level 0 autonomy systems advise human drivers but don’t directly operate the vehicle and Ben Gurion University security researchers performed the experiment…

Google researchers discover six iPhone vulnerabilities, one unpatched

Google Project Zero researchers discovered six iPhone security vulnerabilities, one of which remains unpatched, and four of which could lead to the execution of malicious code. All of the vulnerabilities are “interaction-less,” meaning they can be run without any interaction from a user and can be exploited via  SMS, MMS, Visual Voicemail, iMessage and Mail, according…

Best IPsec/SSL VPN

Multiple advisories for various VPN providers

The Cybersecurity and Infrastructure Security Agency (CISA) is warning users of multiple vulnerabilities in Virtual Private Network (VPN) applications. The vulnerabilities are in the Palo Alto GlobalProtect portal and GlobalProtect Gateway interface products, FortiGuard FortiOS system product, and Pulse Security Pulse Connect Secure / Pulse Policy Secure products and could allow threat actors to take…

Cisco releases updates, one ‘Critical,’ two ‘High’ severity ratings

Cisco released security updates for multiple products, some of which contain vulnerabilities that if exploited would allow an attacker to take control of an affected system. The patches include fixes for a Cisco Vision Dynamic Signage Director REST API Authentication bypass vulnerability, FindIT Network Management Software static credentials vulnerability, and an IOS Access Points Software…

Drupal patches access bypass vulnerability

Drupal released a security update to patch an access bypass vulnerability in Drupal Core which could allow an attacker to take control of an affected website. The problem exists in Drupal 8.7.4, when the experimental Workspaces module is enabled, an access bypass condition is created and can be mitigated by disabling the Workspaces module, according…

Researcher finds malware in USG Sony Chip HD 6 Camera surveillance kit.

Zoom finally patches video vulnerability months after discovery

Zoom finally released patches for two long-ago reported vulnerabilities in their platform including one which allow malicious websites to enable your camera without permission exposing up to 750,000 companies around the world.  Software Engineer Jonathan Leitschuh discovered two vulnerabilities in the Mac Zoom Client back in March 2019 including a Denial of Service (DOS) Vulnerability, CVE-2019–13449,…

Highly critical Drupal flaw being exploited in the wild

Cybercriminals are actively exploiting a “highly critical” Drupal bug to deliver cryptocurrency miners and other malicious payloads. The remote code execution vulnerability in Drupal Core was announced in a Feb. 20, 2019 security update, and is the result of some field types not properly sanitizing data from non-form sources leading to arbitrary PHP code execution…

Next post in RSA 2018