Vulnerabilities Archives - Page 15 of 85

CISA Tells Organizations to Patch Linux Kernel Vulnerability Exploited by Malware

Issued by: Security Week

The vulnerability is tracked as CVE-2021-3493 and it’s related to the OverlayFS file system implementation in the Linux kernel. It allows an unprivileged local user to gain root privileges, but it only appears to affect Ubuntu. CVE-2021-3493 has been exploited in the wild by a stealthy Linux malware named Shikitega, which researchers at AT&T Alien…

Vulnerabilities

WordPress Security Update 6.0.3 Patches 16 Vulnerabilities

Issued by: Security Week

WordPress 6.0.3 fixes nine stored and reflected cross-site scripting (XSS) vulnerabilities, as well as open redirect, data exposure, cross-site request forgery (CSRF), and SQL injection flaws. WordPress security company Defiant has shared a description of each vulnerability. Four of them have a ‘high severity’ rating, and the rest have ‘medium’ or ‘low’ severity. “We have…

Vulnerabilities

Zoom for macOS Contains High-Risk Security Flaw

Issued by: Security Week

The vulnerability, which carries a CVSS severity score of 7.3/10, is documented as a debugging port misconfiguration that is opened by the Zoom client on macOS machines. Details from Zoom’s advisory: Zoom Client for Meetings for macOS (Standard and for IT Admin) starting with 5.10.6 and prior to 5.12.0 contains a debugging port misconfiguration. When…

Vulnerabilities

Flaw in Microsoft OME Could Lead to Leakage of Encrypted Data

Issued by: Security Week

Issues with ECB are not unknown. In its Announcement of Proposal to Revise Special Publication 800-38A, NIST wrote, “The ECB mode encrypts plaintext blocks independently, without randomization; therefore, the inspection of any two ciphertext blocks reveals whether or not the corresponding plaintext blocks are equal… the use of ECB to encrypt confidential information constitutes a…

Vulnerabilities

Chrome 106 Update Patches Several High-Severity Vulnerabilities

Issued by: Security Week

All the newly resolved vulnerabilities were discovered by external researchers and the internet giant has handed out $38,000 in bug bounty rewards to the reporters. Based on the bug bounty amounts that Google has paid out, the most severe of the newly addressed flaws is CVE-2022-3445, a use-after-free vulnerability in Skia, the open-source 2D graphics…

Vulnerabilities

Intel Confirms UEFI Source Code Leak as Security Experts Raise Concerns

Issued by: Security Week

Last week, someone announced leaking source code associated with the Alder Lake BIOS — Alder Lake is Intel’s codename for its 12th generation Core processors. The files total nearly 6 Gb and they were made public on GitHub and other websites. Mark Ermolov, a security researcher who specializes in Intel products, analyzed the leaked code…

Vulnerabilities

Personal Information of 123K Individuals Exposed in City of Tucson Data Breach

Issued by: Security Week

The incident was identified at the end of May 2022, but the city concluded its investigation only last month. In a data breach notice on its website, the city says that the incident was the result of compromised network account credentials that allowed the attackers to access files containing the personal information of some individuals….

Vulnerabilities

Cisco Patches High-Severity Vulnerabilities in Communications, Networking Products

Issued by: Security Week

The company has informed customers that its Expressway series and TelePresence Video Communication Server software is affected by two high-severity vulnerabilities. One of them, tracked as CVE-2022-20814 and related to improper certificate validation, can allow a remote, unauthenticated attacker to access sensitive data through a man-in-the-middle attack. Successful exploitation of the flaw can result in…

Vulnerabilities

Insurance Giant Lloyd’s of London Investigating Cybersecurity Incident

Issued by: Security Week

The company says it has detected unusual activity and decided to ‘reset’ its network and systems as a precaution. It shut down all external connectivity, including its delegated authority platforms, in response to the incident. “Following the unusual activity detected on Lloyd’s network, our precautionary work to secure systems has been completed overnight,” a Lloyd’s…

Vulnerabilities

Critical Vulnerabilities Expose Parking Management System to Hacker Attacks

Issued by: Security Week

The flaws were discovered by researchers at industrial cybersecurity firm Claroty in Carlo Gavazzi’s CPY Car Park Server and UWP 3.0 monitoring gateway and controller products. The vendor released patches for the impacted products earlier this year. The Germany-based CERT@VDE, which coordinates the disclosure of vulnerabilities impacting the industrial control system (ICS) and operational technology…