vulnerabilities Archives - Page 39 of 63

Adobe Patches Code Execution Flaws in Connect, Creative Cloud, Framemaker

Issued by: Security Week

In the Creative Cloud desktop application, Adobe fixed three flaws rated critical, including arbitrary file overwrite and OS command injection issues that can lead to code execution, and an improper input validation issue that can be exploited for privilege escalation. In its Connect product, the company addressed one critical input validation issue that can result…

Mobile Security

Thousands of Mobile Apps Expose Data via Misconfigured Cloud Containers

Issued by: Security Week

The issue, the company notes, is rooted in the fact that many developers tend to overlook the security of cloud containers during the development process. Cloud services help resolve the issue of storage space on mobile devices, and developers have numerous such solutions to choose from, some of the most popular being Amazon Web Services,…

Vulnerabilities

Privilege Escalation Bugs Patched in Linux Kernel

Issued by: Security Week

Identified by Positive Technologies security researcher Alexander Popov, the high severity bugs resided in the virtual socket implementation of the Linux kernel. Tracked as CVE-2021-26708 and featuring a CVSS score of 7.0, the security holes were introduced in Linux kernel version 5.5 in November 2019. The vulnerabilities are the result of race conditions that were…

Vulnerabilities

Intel Paid Out $800,000 Per Year Through Bug Bounty Program

Issued by: Security Week

The chipmaker on Wednesday published its 2020 Product Security Report, which reveals that nearly half of the vulnerabilities patched last year were discovered by its own employees, and the company claims that a vast majority of the addressed issues are the direct result of its investment in product security assurance. According to Intel, 105 vulnerabilities…

Software Security

How Enterprises are Developing Secure Applications

Issued by: Dark Reading

One of the most common ways cybercriminals breach enterprises is by finding security vulnerabilities in the applications they use. The last year delivered a plethora of security challenges. Recent breaches of third-party apps are driving many organizations to think harder about the security of their off-the-shelf software as they continue to move left in secure…

Malware & Threats

How SolarWinds Busted Up Our Assumptions About Code Signing

Issued by: Dark Reading

As the fallout from the SolarWinds hack broadens, we continue to learn more about just how it happened in the first place. There have now been four malware strains identified, one being Sunspot, which was installed on the SolarWinds build server that developers use to piece together software applications. When it comes to software supply…

Vulnerabilities

Google Discloses Details of Remote Code Execution Vulnerability in Windows

Issued by: Security Week

The flaw, tracked as CVE-2021-24093, was patched by Microsoft on February 9 with its Patch Tuesday updates. Dominik Röttsches of Google and Mateusz Jurczyk of Google Project Zero have been credited for reporting the issue to Microsoft. A CVSS score of 8.8 has been assigned to the vulnerability, but Microsoft has rated it critical for…

Vulnerabilities

Hackers Scanning for VMware vCenter Servers Affected by Critical Vulnerability

Issued by: Security Week

The flaw, tracked as CVE-2021-21972, affects the vSphere Client component of vCenter Server and it can be exploited by a remote, unauthenticated attacker to execute arbitrary commands with elevated privileges on the operating system that hosts vCenter Server. While in most cases an attacker would need to have access to the targeted organization’s network in…

Software Security

Google Funds Linux Kernel Security Development

Issued by: Security Week

With this funding, Silva and Chancellor will dedicate their work to improving kernel security, as well as to associated initiatives, so that the open source software project remains sustainable in the long run. The pervasive Linux operating system, according to a recent report from the Linux Foundation’s Open Source Security Foundation (OpenSSF) and the Laboratory…

Vulnerabilities

Facebook Announces Payout Guidelines for Bug Bounty Program

Issued by: Security Week

The payout guidelines provide insight into the process used by the company to determine rewards for certain vulnerability categories. Specifically, it provides information on the maximum bounty for each category and describes the mitigating factors that can result in a lower reward. Payment guidelines are currently available for page admin vulnerabilities, for which the top…