vulnerabilities Archives - Page 29 of 63

ICS Vendors Assess Impact of INFRA:HALT Vulnerabilities

Issued by: Security Week

Forescout Research Labs and JFrog Security Research found a total of 14 vulnerabilities in NicheStack, a TCP/IP stack used by many operational technology (OT) vendors. The flaws, a majority of which have been assigned critical and high severity ratings, can be exploited for remote code execution, denial of service (DoS) attacks, obtaining information, TCP spoofing,…

Vulnerabilities

Devices From Many Vendors Can Be Hacked Remotely Due to Flaws in Realtek SDK

Issued by: Security Week

Firmware security company IoT Inspector said its researchers have identified more than a dozen vulnerabilities in SDKs provided by Realtek to companies that use its RTL8xxx chips. The security flaws can be exploited to cause a denial of service (DoS) condition and for command injection, and some of them can be leveraged by remote attackers…

Malware & Threats

Colonial Pipeline Confirms Personal Information Impacted in Ransomware Attack

Issued by: Security Week

The attack, which took place in May 2021, involved the Darkside ransomware and resulted in the Georgia-based company temporarily shutting down operations and paying $5 million to the attackers to recover stolen information. Most of the money was recovered, the US announced in June. In a notification letter sent to the Maine Attorney General’s Office,…

Software Security

Adobe Plugs Critical Photoshop Security Flaws

Issued by: Security Week

The flaws, rated critical, expose both Windows and MacOS users to code execution attacks, Adobe said in an advisory released Tuesday. The updates, available for Photoshop 2020 and Photoshop 2021, are being pushed via the software’s automatic updating mechanism. Adobe described the vulnerabilities as memory corruption issues with 7.8 CVSS scores. The company also shipped…

Vulnerabilities

Microsoft’s PrintNightmare continues, shrugs off Patch Tuesday fixes

Issued by: Blog Malwarebytes

I doubt if there has ever been a more appropriate nickname for a vulnerable service than PrintNightmare. There must be a whole host of people in Redmond having nightmares about the Windows Print Spooler service by now. PrintNightmare is the name of a set of vulnerabilities that allow a standard user on a Windows network…

Vulnerabilities

Mandiant Snaps Up Attack Surface Management Startup Intrigue

Issued by: Security Week

According to FireEye, Intrigue’s technology will be integrated into the Mandiant Advantage platform, and help customers discover, monitor, and manage risk across their attack surface. “By coupling intelligence on the vulnerabilities that are being exploited by adversaries with visibility across the entire attack surface, Mandiant Advantage with Intrigue’s capabilities advances the ability of today’s overworked…

Vulnerabilities

Microsoft Patch Tuesday: Windows Flaw Under Active Attack

Issued by: Security Week

The zero-day flaw, documented as CVE-2021-36948, is rated “important” with a CVSS base score of 7.8. Microsoft described the vulnerability as a local privilege escalation bug, a suggestion that it is part of a larger software exploit chain. The Windows Update Medic Service is used to repair Windows Update components from damage so that Windows…

Software Security

Adobe Warns of Critical Flaws in Magento, Connect

Issued by: Security Week

As part of its scheduled Patch Tuesday release, Adobe released fixes for 29 documented security vulnerabilities, some serious enough to expose users to code execution, security feature bypass, and privilege escalation attacks. The Adobe Magento patch lists 26 CVEs with severity ratings ranging from critical to important, according to an advisory from San Jose, Calif….

Vulnerabilities

Home routers are being hijacked using vulnerability disclosed just 2 days ago

Issued by: Blog Malwarebytes

The early bird catches the worm. Unless the worm was early enough to hide. On August 3, 2021 a vulnerability that was discovered by Tenable was made public. Only two days later, on August 5, Juniper Threat Labs identified some attack patterns that attempted to exploit this vulnerability in the wild. The vulnerability is listed…

Application Security

Google Patches High-Risk Android Security Flaws

Issued by: Security Week

The latest Android update provides documentation on 33 security bugs, some serious enough to cause privilege escalation or information disclosure compromises. The most important of these is a bug in the Media framework that could lead to elevation of privilege on Android 8.1 and 9 devices, or information disclosure, on Android 10 and 11. The…