Vulnerabilities

Vulnerabilities

Issued by: Security Week

On April 7, at the Pwn2Own 2021 hacking competition, Bruno Keith and Niklas Baumstark of Dataflow Security earned $100,000 for a remote code execution exploit that works against web browsers that are based on Google’s open source Chromium project. The researchers demonstrated the exploit against both Chrome and Microsoft Edge. Visiting a specially crafted website…

Vulnerabilities

Issued by: Security Week

The bug, specifically a memory corruption issue, was found to impact QNAP NAS devices running Surveillance Station versions 5.1.5.4.2 and 5.1.5.3.2, and was addressed in February this year. Tracked as CVE-2020-2501, this security hole is a stack-based buffer overflow that could be abused by remote attackers to execute code on an affected system, without authentication….

Vulnerabilities

Issued by: Security Week

Over the course of three days, participants made 23 attempts, targeting Safari, Chrome, Edge, Windows 10, Ubuntu, Microsoft Teams, Zoom, Parallels, Oracle VirtualBox, and Microsoft Exchange. Oracle VirtualBox was only targeted by one team and their attempt failed. The other products were all hacked by at least one team. Results from Pwn2Own 2021The highest rewards…

Vulnerabilities

Issued by: Security Week

Developed by Greyware Automation Products, Inc., Domain Time II is a time synchronization software designed to help enterprises ensure accurate time across their networks. The suite of tools provides testing, administration, and auditing capabilities. Domain Time II consists of client and server programs, and both use the same executable to check for updates, namely dttray.exe….

Vulnerabilities

Issued by: Security Week

The competition’s organizer, Trend Micro’s Zero Day Initiative (ZDI), said there were seven attempts on the first day and five of them were successful. A team called Devcore earned $200,000 for taking complete control of a Microsoft Exchange server by chaining authentication bypass and local privilege escalation vulnerabilities. A researcher who uses the online moniker…

Vulnerabilities

Issued by: Security Week

With the acceleration of digital transformation and convergence of IT and operational technology (OT) networks, Internet of Things (IoT) and Industrial IoT (IIoT) devices are becoming essential tools for companies in sectors including oil and gas, energy, utilities, manufacturing, pharmaceuticals, and food and beverage. Whether optimizing individual processes or entire factories and other critical infrastructure…

Vulnerabilities

Issued by: Security Week

Tracked as CVE-2021-21982 and featuring a CVSS score of 9.1, the recently addressed vulnerability resides in the administrative interface for the appliance and exists because attackers could bypass authentication through manipulation of a URL on the interface. “A malicious actor with network access to the administrative interface of the VMware Carbon Black Cloud Workload appliance…

Vulnerabilities

Issued by: Security Week

The National Counterintelligence and Security Center warned Thursday that foreign hackers are increasingly targeting vendors and suppliers that work with the government to compromise their products in an effort to steal intellectual property and carry out espionage. The NCSC said it is working with other agencies, including the Cybersecurity and Infrastructure Security Agency, to raise…