Archive for the ‘Security vulnerabilities’ Category

Serious Security: OpenSSL fixes two high-severity crypto bugs

We’re sure you’ve heard of OpenSSL, and even if you aren’t a coder yourself, you’ve almost certainly used it. OpenSSL is one of the most popular open-source cryptography libraries out there, and lots of well-known products rely on it, especially on Linux, which doesn’t have a standard, built-in encryption toolkit of its own. Even on Windows […]

Leave a Comment

Exploiting Spectre Over the Internet

Google has demonstrated exploiting the Spectre CPU attack remotely over the web: Today, we’re sharing proof-of-concept (PoC) code that confirms the practicality of Spectre exploits against JavaScript engines. We use Google Chrome to demonstrate our attack, but these issues are not specific to Chrome, and we expect that other modern browsers are similarly vulnerable to this exploitation vector. We […]

Leave a Comment

Expert publishes PoC exploit code for Microsoft Exchange flaws

On March 2nd, Microsoft has released emergency out-of-band security updates that address four zero-day issues (CVE-2021-26855, CVE-2021-26857, CVE-2021-26858, and CVE-2021-27065) in all supported Microsoft Exchange versions that are actively exploited in the wild. The IT giant reported that at least one China-linked APT group, tracked as HAFNIUM, chained these vulnerabilities to access on-premises Exchange servers to access email […]

Leave a Comment

Apple fixes CVE-2021-1844 RCE that affects iOS, macOS, watchOS, and Safari

Apple has released out-of-band security patches to address a critical iOS, macOS, watchOS, and Safari web browser to address a security flaw tracked as CVE-2021-1844. The vulnerability was discovered by ClĂŠment Lecigne of Google’s Threat Analysis Group and Alison Huffman of Microsoft Browser Vulnerability Research. The flaw could be exploited by remote attackers to run […]

Leave a Comment

How one man silently infiltrated dozens of high-tech networks

We know what you’re thinking: “I bet you this is what they call a supply chain attack.” And you’d be right. The “one man” in the headline is cybersecurity researcher Alex Birsan, and his paper Dependency Confusion: How I Hacked Into Apple, Microsoft and Dozens of Other Companies, which came out last week, will tell you […]

Leave a Comment

223 vulnerabilities identified in recent ransomware attacks

Leave a Comment

Google launches Open Source Vulnerabilities (OSV) database

Google last week announced the OSV (Open Source Vulnerabilities), a vulnerability database and triage infrastructure for open source projects. The database aims at helping both open source maintainers and consumers of open source projects. The archive could allow users and maintainers of open-source software to find the vulnerabilities that affect them, providing detailed info about […]

Leave a Comment

Skype ‘spoofing vulnerabilities’ are a haven for social engineering attacks

Microsoft doesn’t feel the bugs are important enough to fix immediately, although one researcher disagrees Several purported security flaws in Skype have been disclosed publicly, but Microsoft claims they do not need “immediate security servicing”. On February 2, researcher “mr.d0x,” also known as “TheCyberSecurityTutor”, publicly disclosed a “plague” of spoofing vulnerabilities in the Microsoft-owned remote […]

Leave a Comment

Open source vulnerabilities go undetected for over four years

GitHub has analyzed over 45,000 active directories and found that open source vulnerabilities often go undetected for more than four years. Source: Open source vulnerabilities go undetected for over four years – Help Net Security The State of Open Source Security Vulnerabilities Resources for Searching and Analyzing Online Information Advanced Sciences and Technologies for Security […]

Leave a Comment

Expert discloses unpatched Safari flaw that allows stealing local files

A researcher disclosed technical details of an unpatched vulnerability in Apple’s Safari web browser that can be exploited to steal files from the targeted system. Source: Expert discloses unpatched Safari flaw that allows stealing local files Download a Security Risk Assessment Steps paper! Security Risk assessment Quiz – Find Out How Your security risk assessment […]

Leave a Comment

Mozilla offers rewards for Bypassing Firefox Exploit Mitigations

Mozilla has expanded its bug bounty program including rewards for bypass methods for the exploit mitigations and security features in Firefox. Source: Mozilla offers rewards for Bypassing Firefox Exploit Mitigations Why Firefox is the best browser for privacy and how to configure things properly

Leave a Comment

IBM finds vulnerability in IoT chips present in billions of devices

Manufactured by Thales, the EHS8 module family has security flaws that could allow attackers to take total control over internet-connected industrial machines. Source: IBM finds vulnerability in IoT chips present in billions of devices   Download a Security Risk Assessment Steps paper! Security Risk assessment Quiz – Find Out How Your security risk assessment Stands […]

Leave a Comment

FritzFrog cryptocurrency P2P botnet targets Linux servers over SSH

Researchers spotted a new sophisticated peer-to-peer (P2P) botnet, dubbed FritzFrog, that has been actively targeting SSH servers since January 2020. Source: FritzFrog cryptocurrency P2P botnet targets Linux servers over SSH   Download a Security Risk Assessment Steps paper! Security Risk assessment Quiz – Find Out How Your security risk assessment Stands Up! DISC InfoSec 🔒 […]

Leave a Comment

Google Chrome will warn users when submitting insecure forms

Google Chrome will warn users when submitting insecure forms that deliver information via HTTP connections on HTTPS websites starting with version 86. Source: Google Chrome will warn users when submitting insecure forms   Download a Security Risk Assessment Steps paper! Security Risk assessment Quiz – Find Out How Your security risk assessment Stands Up! DISC InfoSec […]

Leave a Comment

PoC exploit code for two Apache Struts 2 flaws available online

Security researchers have discovered a PoC code and exploit available online that can be used to trigger unpatched security flaws in Apache Struts 2. Security researchers have discovered a PoC code and exploit available on GitHub that that can be used to trigger the security vulnerabilities in Apache Struts 2. The Proof-of-concept exploit code was released last […]

Leave a Comment

If you haven’t yet patched this critical hole in SAP NetWeaver Application Server, today is not your day

Full details of security vuln plus proof-of-concept exploits revealed This critical-severity bug – scoring 9.9 out of 10 on the CVSS v3 meter – can be exploited by a rogue authenticated user, or someone whose access has been hijacked, to inject arbitrary code into an application server. This means they can run malicious commands they […]

Leave a Comment

Someone’s scanning gateways, looking for those security holes Citrix told you not to worry too much about

FYI: Someone’s scanning gateways, looking for those security holes Citrix told you not to worry too much about Hackers hit honeypots hours after CISO downplays risk, proof-of-concept exploit code emerges. Source: FYI: Someone’s scanning gateways, looking for those security holes Citrix told you not to worry too much about Explore the subject of Cyber Attack […]

Leave a Comment

Google open-sources Tsunami vulnerability scanner

Google says Tsunami is an extensible network scanner for detecting high-severity vulnerabilities with as little false-positives as possible. Source: Google open-sources Tsunami vulnerability scanner | ZDNet The scanner has been used internally at Google and has been made available on GitHub Google Tsunami Security Scanner – Quick install an example run InfoSec Threats, Books and Training […]

Leave a Comment

Good Cyber Hygiene in a Post-Pandemic World Starts with Us

Three ways that security teams can improve processes and collaboration, all while creating the common ground needed to sustain them. Source: Good Cyber Hygiene in a Post-Pandemic World Starts with Us Cyber ‘hygiene’ could resolve 90% of cyber attacks | FT Business Notebook Download a Security Risk Assessment steps paper! Download a vCISO template Subscribe […]

Leave a Comment

Flaws in device drivers from 20 vendors allow hackers to install a persistent backdoor

Researchers discovered multiple flaws in more than 40 drivers from at least 20 different vendors that could to install a persistent backdoor on Windows PCs. Source: Flaws in device drivers from 20 vendors allow hackers to install a persistent backdoor The security flaw in more than 40 Device Drivers from 20 hardware vendors Subscribe to […]

Leave a Comment