vulnerabilities Archives - Page 41 of 63

Over 1 Million Impacted by Data Breach at Washington State Auditor

Issued by: Security Week

At the heart of the incident, SAO says, was Accellion software used for file transfers. Hackers exploited a security flaw in the file sharing service and gained access to restricted files. Called FTA (File Transfer Application), Accellion’s service in mid-December received a patch for a critical vulnerability impacting less than 50 customers. The fix was…

Malware & Threats

FBI Warns of Employee Credential Phishing via Phone, Chat

Issued by: Security Week

Taking advantage of the COVID-19 pandemic, which has forced the broad adoption of telework, cyber-criminals and threat actors are attempting to exploit possible misconfiguration and lack of monitoring for remote network access and user privileges. An observed shift in tactics, the FBI says, is the targeting of all employee credentials, not exclusively of those individuals…

Network Security

Malvuln Project Catalogues Vulnerabilities Found in Malware

Issued by: Security Week

Malvuln is the creation of security researcher John Page (aka hyp3rlinx), who told SecurityWeek that he came up with the idea when he got bored during a COVID-19 lockdown. The Malvuln website currently has 26 entries describing remotely exploitable buffer overflow vulnerabilities and privilege escalation flaws related to insecure permissions. The list of targeted malware…

Vulnerabilities

Over 70 Vulnerabilities Will Remain Unpatched in EOL Cisco Routers

Issued by: Security Week

A total of 68 high-severity flaws were identified in Cisco’s Small Business RV110W, RV130, RV130W, and RV215W routers, but the company says patches won’t be released, because these devices have reached end-of-life (EOL). The last day for software maintenance releases and bug fixes was December 1, 2020. The security bugs exist because user-supplied input to…

Network Security

Vulnerabilities Can Allow Hackers to Create Backdoors in Comtrol Industrial Gateways

Issued by: Security Week

A researcher at Austria-based cybersecurity consultancy SEC Consult discovered five types of vulnerabilities in Pepperl+Fuchs Comtrol industrial products, including cross-site request forgery (CSRF), reflected cross-site scripting (XSS), blind command injection, and denial-of-service (DoS) issues. The impacted products were found to leverage outdated versions of third-party components that were known to have vulnerabilities, including PHP, OpenSSL,…

Vulnerabilities

Microsoft Releases Out-of-Band Update for Kerberos Authentication Issues

Issued by: Security Week

The issue is related to the PerformTicketSignature registry subkey value in CVE-2020-17049, a security feature bypass bug in Kerberos Key Distribution Center (KDC) that Microsoft fixed on November 2020 Patch Tuesday. CVE-2020-17049, the tech company explains in an advisory, resides in the manner in which KDC determines whether tickets are eligible for delegation via Kerberos…

Vulnerabilities

VMware Patches Vulnerabilities Exploited at Chinese Hacking Contest

Issued by: Security Week

At the 2020 Tianfu Cup International PWN Contest, which took place earlier this month in China, participants earned a total of more than $1.2 million for exploits targeting Chrome, Safari, Firefox, Adobe Reader, Docker, VMware ESXi, CentOS, the iPhone, the Samsung Galaxy S20 phone, Windows, and routers from TP-Link and Asus. The 360 ESG Vulnerability…

Vulnerabilities

Cisco Webex Vulnerability Allows Ghost Access to Meetings

Issued by: Security Week

Identified by IBM’s security researchers, the Webex flaws could allow attackers to join meetings as ghosts (without being seen by other participants), remain in the meeting as a ghost after being expelled, and access information on meeting attendees (names, email addresses and IP addresses). Tracked as CVE-2020-3419, the first of the issues impacts both Webex…

Software Security

macOS Big Sur 11.0.1 Patches 60 Vulnerabilities

Issued by: Security Week

macOS Big Sur 11.0 was officially launched on November 12 and on the same day Apple released its first update, version 11.0.1. The company has advised customers to update to this version — macOS Big Sur 11.0 comes preinstalled on certain Mac models — but there have been reports that the Big Sur update is…

Vulnerabilities

Vulnerabilities Exploited at Chinese Hacking Contest Patched in Firefox, Chrome

Issued by: Security Week

The Firefox vulnerability, tracked as CVE-2020-26950, has been described as an issue related to write side effects in MCallGetProperty opcode not being accounted for. “In certain circumstances, the MCallGetProperty opcode can be emitted with unmet assumptions resulting in an exploitable use-after-free condition,” Mozilla said in an advisory published on Monday. The flaw was fixed with…