vulnerabilities

Vulnerabilities

Issued by: Help Net Security

Vulnerabilities in high-performance computer chips could lead to failures in modern electronics

A Washington State University research team has uncovered significant and previously unknown vulnerabilities in high-performance computer chips that could lead to failures in modern electronics. The researchers found they could damage the on-chip communications system and shorten the lifetime of the whole computer chip significantly by deliberately adding malicious workload. Led by Partha Pande, assistant…

Vulnerabilities

Issued by: Security Week

Adobe Patches 87 Vulnerabilities in Acrobat Software

The vulnerabilities impact the Windows and macOS versions of Acrobat and Acrobat Reader DC (Continuous and Classic 2015 tracks), and Acrobat and Acrobat Reader 2017 products. The list of security holes includes various types of critical bugs that can lead to arbitrary code execution, including buffer errors, untrusted pointer dereference, use-after-free, and heap overflow. The…

Vulnerabilities

Issued by: Security Week

Facebook Increases Rewards for Account Hacking Vulnerabilities

According to Facebook, researchers can earn up to $40,000 if they report an account hijacking flaw that does not require any user interaction, and $25,000 if minimum user interaction is required for the exploit to work. The bounty applies to Facebook and other services owned by the company, including Instagram, WhatsApp and Oculus. “By increasing…

Vulnerabilities

Issued by: Security Week

Google Removes Vulnerable Library from Android

The addressed issues include remote code execution bugs, elevation of privilege flaws, and information disclosure vulnerabilities, along with a denial of service. Impacted components include Framework, Media framework, System, and Qualcomm components. “The most severe vulnerability in this section could enable a proximate attacker using a specially crafted file to execute arbitrary code within the…

Network Security

Issued by: Security Week

The zero-day flaw, tracked as CVE-2018-15454, is related to the Session Initiation Protocol (SIP) inspection engine used in the company’s Adaptive Security Appliance (ASA) and Firepower Threat Defense (FTD) software. A remote and unauthenticated attacker can exploit the vulnerability to cause an affected device to reload or consume CPU resources, resulting in a denial-of-service (DoS)…

Vulnerabilities

Issued by: Security Week

Adobe Patches 85 Vulnerabilities in Acrobat Products

Acrobat DC and Acrobat Reader DC (Continuous) 2019.008.20071, Acrobat 2017 and Reader DC 2017 (Classic 2017) 2017.011.30105, and Acrobat DC and Reader DC (Classic 2015) 2015.006.30456 patch a total of 85 flaws. The list includes 22 out-of-bounds write issues, 7 heap overflows, 7 use-after-free bugs, 3 type confusion issues, one double-free bug, 3 buffer errors,…

Application Security

Issued by: Dark Reading

Retail Sector Second-Worst Performer on Application Security

The retail industry’s cybersecurity preparedness continues to lag behind almost every other sector despite efforts by the major credit card associations to bolster retail security via the Payment Card Industry Data Security Standard (PCI DSS). Third-party risk management firm SecurityScorecard recently analyzed a total of 1,444 domains in the retail industry with an IP footprint…

Mobile Security

Issued by: Security Week

Google’s Android Team Finds Serious Flaw in Honeywell Devices

Honeywell’s handheld computers are advertised as devices that combine the advantages provided by consumer PDAs with high-end industrial mobile computers. These rugged devices run Android or Windows operating systems and they provide a wide range of useful functions and connectivity features, including Wi-Fi, Bluetooth and compatibility with Cisco products. The devices are used worldwide in…