Security News

Critical Vulnerability Could Have Allowed Hackers to Disrupt Traffic Lights
2020-06-05 12:33

A critical vulnerability affecting traffic light controllers made by SWARCO could have been exploited by hackers to disrupt a city's traffic lights. Peter Fröhlich, managing director at ProtectEM, told SecurityWeek that the vulnerability was discovered during a security audit conducted for a city in Germany that hired his company to analyze networked traffic systems.

Critical SAP ASE Flaws Allow Complete Control of Databases
2020-06-03 16:51

ASE is used by more than 30,000 organizations globally - including 90 percent of the top banks and security firms worldwide, according to SAP. Researchers disclosed six vulnerabilities that they discovered while conducting security tests for the latest version of the software, ASE 16. While SAP has released patches for both ASE 15.7 and 16.0 in its May 2020 update, researchers disclosed technical details of the flaws on Wednesday, saying "There is no question" that the patches should be applied immediately if they haven't been already.

Defending critical national infrastructure... hmm. Does Zoom count as critical now?
2020-06-03 14:30

Does your IT security model take into account things like pacemakers? According to Dr Victoria Baines, speaking at Infosec Europe, "We also perhaps neglect the idea that critical infrastructure might be inside people" as well as merely carried in their pockets. Baines was speaking during a panel webinar about protecting critical national infrastructure.

Two Critical Flaws in Zoom Could've Let Attackers Hack Systems via Chat
2020-06-03 08:53

Cybersecurity researchers from Cisco Talos unveiled today that it discovered two critical vulnerabilities in the Zoom software that could have allowed attackers to hack into the systems of group chat participants or an individual recipient remotely. According to the researchers, successful exploitation of both flaws requires no or very little interaction from targeted chat participants and can be executed just by sending specially crafted messages through the chat feature to an individual or a group.

Two Critical Flaws in Zoom Could've Let Attackers Hack Systems via Chat
2020-06-03 08:53

Cybersecurity researchers from Cisco Talos unveiled today that it discovered two critical vulnerabilities in the Zoom software that could have allowed attackers to hack into the systems of group chat participants or an individual recipient remotely. According to the researchers, successful exploitation of both flaws requires no or very little interaction from targeted chat participants and can be executed just by sending specially crafted messages through the chat feature to an individual or a group.

Two Critical Android Bugs Open Door to RCE
2020-06-02 17:10

Google has addressed two critical flaws in its latest monthly Android update that enable remote code execution on Android mobile devices. The critical bugs exist in the Android System area, and would allow a remote attacker using a specially crafted transmission to execute arbitrary code within the context of a privileged process.

Android's June 2020 Patches Fix Critical RCE Vulnerabilities
2020-06-02 14:36

Google has started rolling out the June 2020 security patches for the Android operating system, which address a total of 43 vulnerabilities, including several rated critical. This is one of the two critical remote code execution issues patched in System, both affecting Android releases 8.0 through 10.

nCipher provides control of customer-managed keys and critical assets in Azure
2020-06-02 00:00

nCipher Security, an Entrust Datacard company, announces its support for new key import method for Azure Key Vault, allowing customers to generate and transfer encryption keys to Azure Key Vault using an on-premises or as a service nShield HSM, giving them complete control over both their keys and their data security. Azure Key Vault helps safeguard cryptographic keys and secrets that cloud applications and services use.

Get rich quick! Work from home! Earn $100,000 easy – just find a critical flaw in Apple's sign-in system
2020-06-01 23:52

Security researcher Bhavuk Jain has landed a $100,000 payday after he reported a critical flaw in Apple's sign-in system that could be exploited to access countless accounts on sites from Dropbox and Spotify to Airbnb. The security hole affected all third-party apps that use the service - Apple's equivalent of the Facebook and Google sign-in services - and "Could have resulted in a full account takeover of user accounts on that third party application irrespective of a victim having a valid Apple ID or not."

Critical VMware Cloud Director Flaw Lets Hackers Take Over Corporate Servers
2020-06-01 22:37

Cybersecurity researchers today disclosed details for a new vulnerability in VMware's Cloud Director platform that could potentially allow an attacker to gain access to sensitive information and control private clouds within an entire infrastructure. VMware Cloud Director is a popular deployment, automation, and management software that's used to operate and manage cloud resources, allowing businesses to data centers distributed across different geographical locations into virtual data centers.