vulnerabilities

Vulnerabilities

Issued by: Security Week

RiskSense has analyzed 54 open source projects in which nearly 2,700 vulnerabilities were reported between 2015 and March 2020. Overall, the Jenkins automation server and MySQL had the most vulnerabilities reported during this timeframe, with more than 600 flaws each. For each of these pieces of software, 15 vulnerabilities were weaponized (i.e. public exploit code…

Vulnerabilities

Issued by: Security Week

VMware Fixes Fusion Vulnerability Introduced by Previous Patch

VMware informed customers in mid-March that it had patched a high-severity privilege escalation vulnerability in Fusion, Remote Console (VMRC) and Horizon Client for Mac. The flaw, tracked as CVE-2020-3950, can be exploited by an attacker with regular user privileges to escalate privileges to root. The researchers who independently reported the issue to VMware, Rich Mirch…

Mobile Security

Issued by: Security Week

Increased Focus on iOS Hacking Leads to Drop in Exploit Prices

Exploit acquisition company Zerodium announced last week that it would no longer be buying certain types of iOS exploits for the next 2-3 months due to surplus. It also announced that prices for iOS exploit chains that require some user interaction and don’t provide persistence will likely drop in the near future. Furthermore, Zerodium’s CEO…

Vulnerabilities

Issued by: Security Week

Flaw in WordPress Plugin Grants Access to Google Search Console

The plugin, Site Kit by Google, was designed to provide site admins with information on how people find and use their websites, providing insights from critical Google tools, straight to the WordPress dashboard. The plugin has over 400,000 active installations. The recently identified security flaw, which has already been patched by Google, is rated critical…

Vulnerabilities

Issued by: CSO

Zoom was a popular online conferencing application before COVID-19 infected the world, but the pandemic drove usage of the service to astronomical levels. Before the virus spread, the platform garnered about 10 million meeting participants a day. By March, that number was 200 million a day. “[W]e did not design the product with the foresight…

Vulnerabilities

Issued by: Security Week

A total of 17 vulnerabilities have been fixed with the release of Adobe Bridge 10.0.4 for Windows and macOS. The critical flaws have been described as stack-based buffer overflow, heap overflow, out-of-bounds write, use-after-free, and other memory corruption issues that can lead to arbitrary code execution. Three of the patched security holes, described as important…

Vulnerabilities

Issued by: Security Week

Sending the malicious link or image was simple, but preparing the attack involved multiple steps that would be difficult to achieve for unsophisticated attackers. “We addressed the issue discussed in this blog and worked with the researcher under Coordinated Vulnerability Disclosure. While we have not seen any use of this technique in the wild, we…

Vulnerabilities

Issued by: Security Week

Google included a total of 32 security fixes in Chrome 81, which was finally promoted to the stable channel, after the current COVID-19 pandemic forced the Internet giant to delay stable releases and roll back some of the recently introduced protections in Chrome. Twenty-three of the patches fix vulnerabilities reported by external security researchers, including…

Mobile Security

Issued by: Security Week

Governments worldwide have released COVID-19 mobile apps to provide citizens with useful information and, in some cases, to track individuals in an effort to contain the coronavirus outbreak. An analysis of dozens of nation and government-sponsored mobile applications for Android released to help with the current COVID-19 pandemic has revealed the existence of privacy risks,…

Network Security

Issued by: Dark Reading

Times of crisis often create opportunities for those looking for vulnerabilities in their opponents. Today’s coronavirus crisis is creating economic and political dislocation, disruption of the commercial status quo, and a breakdown in the fabric of global commerce — not to mention uncertainty and fear. A rapidly growing number of people are already coming to…