vulnerabilities

Malware & Threats

Issued by: Security Week

Cisco Aware of Attacks Exploiting Critical Firewall Flaw

Cisco informed customers on Wednesday that it has become aware of malicious attacks attempting to exploit a recently patched vulnerability affecting the company’s Adaptive Security Appliance (ASA) software. No other information has been provided by the networking giant, but it’s worth noting that aproof-of-concept (PoC) exploit designed to cause a denial-of-service (DoS) condition on devices running…

Network Security

Issued by: Security Week

The Time to Focus on Critical Infrastructure Security is Now

The world has once again been reminded that the threat of cyber attacks on critical infrastructure systems remains very real. Last month, Britain’s defense secretary, Gavin Williamson, iterated that Russia held the potential for wide disruption and “thousands of deaths” through such attacks. His announcement was the latest indication of increased chatter regarding attacks on critical infrastructure,…

Network Security

Issued by: Security Week

Asus Router Flaws Disclosed by Several Researchers

Several security researchers and companies have recently disclosed the details of potentially serious vulnerabilities they discovered in the past months in various Asus routers. Fortinet reported on Tuesday that its researchers had found a vulnerability in some Asus routers that allows an authenticated attacker to execute arbitrary commands with root privileges.

Vulnerabilities

Issued by: Security Week

Cisco Patches Critical Code Execution Flaw in Security Appliances

Cisco informed customers on Monday that updates released for its Adaptive Security Appliance (ASA) software patch a critical vulnerability that can be exploited to gain full control of devices or cause them to reload. The security hole, tracked as CVE-2018-0101 and assigned a CVSS score of 10, allows a remote and unauthenticated attacker to execute arbitrary code…

Network Security

Issued by: Security Week

Gemalto Licensing Tool Exposes ICS, Corporate Systems to Attacks

A significant number of industrial and corporate systems may be exposed to remote attacks due to the existence of more than a dozen vulnerabilities in a protection and licensing product from Gemalto. Gemalto Sentinel LDK is a software licensing solution used by many organizations worldwide on both their enterprise and industrial control systems (ICS) networks….

Vulnerabilities

Issued by: Security Week

AMD, Apple Sued Over CPU Vulnerabilities

Apple and Advanced Micro Devices (AMD) are also facing class action lawsuits following the disclosure of critical CPU vulnerabilities that affect billions of devices. The Meltdown and Spectre attack methods, which rely on vulnerabilities that have been around for roughly two decades, allow malicious applications to bypass memory isolation mechanisms and access passwords, photos, documents, emails, and…

Vulnerabilities

Issued by: Security Week

Windows Hello Face Recognition Tricked by Photo

The facial recognition-based authentication system in Windows Hello has been bypassed by researchers using a printed photo, but the method does not work in the latest versions of Windows 10. Windows Hello, a feature available in Windows 10, allows users to quickly and easily log into their devices using their face or fingerprints. The face…

Vulnerabilities

Issued by: Security Week

Old Crypto Vulnerability Hits Major Tech Firms

A team of researchers has revived an old crypto vulnerability and determined that it affects the products of several major vendors and a significant number of the world’s top websites. Last month, F5 Networks informed customers that some of its BIG-IP products include a vulnerability that can be exploited by a remote attacker for recovering encrypted data…