Security News

Flaws impacting millions of internet of things devices running NVIDIA's Jetson chips open the door for a variety of hacks, including denial-of-service attacks or the siphoning of data. NVIDIA released patches addressing nine high-severity vulnerabilities including eight additional bugs of less severity.

Organizations have been warned about denial of service vulnerabilities found in RabbitMQ, EMQ X and VerneMQ, three widely used open source message brokers. Message brokers enable applications, systems and services to communicate with each other and exchange information by translating messages between formal messaging protocols.

Synopsys Cybersecurity Research Centre has warned of easily triggered denial-of-service vulnerabilities in three popular open-source Internet of Things message brokers: RabbitMQ, EMQ X, and VerneMQ. The message brokers, responsible for handling data sent to or from IoT devices like smart home hubs and door locks, all share a common protocol: Message Queuing Telemetry Transport, first released in 1999 for monitoring oil pipelines and since repurposed for a variety of home and industrial automation tasks. Any disruption in MQTT messaging could potentially leave users locked out of their homes and offices.

It's the smallest monthly update from the computing giant since 2020, but it does contain a patch for a concerning wormable vulnerability found in the Windows OS. The good news is that none of the vulnerabilities are being actively exploited in the wild, according to Microsoft, though three are listed as publicly known. CVE-2021-26419: A scripting-engine memory corruption vulnerability in Internet Explorer 11 and 9 allowing RCE. CVE-2021-31194: An RCE bug in the Microsoft Windows Object Linking and Embedding Automation.

Vulnerabilities Citrix patched in Hypervisor this week could allow for code executed in a virtual machine to cause denial of service on the host. Tracked as CVE-2021-28038 and CVE-2021-28688, the newly addressed vulnerabilities could be abused to cause the host to crash or become unresponsive.

A design flaw discovered in the architecture of 5G network slicing can allow malicious actors to access potentially sensitive data and launch denial-of-service attacks, mobile network security company AdaptiveMobile Security warned this week. AdaptiveMobile Security discovered that the architecture of 5G network slicing has a serious flaw that can expose the customers of mobile operators to various types of attacks.

Today, the OpenSSL project has issued an advisory for two high-severity vulnerabilities CVE-2021-3449 and CVE-2021-3450 lurking in OpenSSL products. CVE-2021-3450: An improper Certificate Authority certificate validation vulnerability which impacts both the server and client instances.

Cisco informed customers on Wednesday that several of its products are exposed to denial-of-service attacks due to a vulnerability in the Snort detection engine. Cisco says the vulnerability is in the Ethernet Frame Decoder component of Snort.

Jack Wallen shows you an easy way to determine if your Linux server is under a DDoS attack and how to quickly stop it.

Nvidia has patched three vulnerabilities affecting its Jetson lineup, which is a series of embedded computing boards designed for machine-learning applications, in things like autonomous robots, drones and more. A successful exploit could potentially cripple any such gadgets leveraging the affected Jetson products, said Nvidia.