Security News

NVIDIA has newly disclosed three security vulnerabilities in the NVIDIA Shield TV, which could allow denial of service, escalation of privileges and data loss. The NVIDIA Shield TV is a set-top gadget that acts as a hub for the smart home, streams PC games from a gaming PC to a TV; and allows local and online media playback and streaming.

A vulnerability discovered by a researcher in a BIG-IP product from F5 Networks can be exploited to launch remote denial-of-service attacks. The security flaw was discovered by Nikita Abramov, a researcher at cybersecurity solutions provider Positive Technologies, and it impacts certain versions of BIG-IP Access Policy Manager, a secure access solution that simplifies and centralizes access to applications, APIs and data.

German software maker SAP has published 10 advisories to document flaws and fixes for a range of serious security vulnerabilities. Dealing with multiple vulnerabilities in SAP Business Warehouse, the most important of these issues carry a CVSS score of 9.9.

Researchers have discovered vulnerabilities that expose Rockwell Automation's FactoryTalk Linx and RSLinx Classic products to denial-of-service attacks. According to an advisory published by Rockwell late last month, researchers from cybersecurity firm Tenable discovered a total of four DoS vulnerabilities, three affecting FactoryTalk Linx and one impacting the FactoryTalk Services Platform.

Jack Wallen shows you an easy way to determine if your Linux server is under a DDoS attack and how to quickly stop it. How? In this piece I'm going to show you a few commands that can help you discern if your server is being hit by a denial of service attack, which comes from a single IP address and attempts to cripple a website to render its server inaccessible.

U.S. DHS Cybersecurity and Infrastructure Security Agency has warned admins to upgrade their vulnerable OpenSSL instances immediately. OpenSSL advisory states, one place where the GENERAL NAME cmp function is used is when OpenSSL validates a certificate's CRL distribution point field.

A high-severity flaw in Cisco's IOS XR software could allow unauthenticated, remote attackers to cripple Cisco Aggregation Services Routers. The flaw stems from Cisco IOS XR, a train of Cisco Systems' widely deployed Internetworking Operating System.

"The Cisco Product Security Incident Response Team is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory," according to Cisco in an update released on Wednesday. The most severe of these flaws includes a vulnerability in Cisco Firepower Chassis Manager, which exists in the Firepower Extensible Operating System and provides management capabilities.

UPDATE. A critical security bug in the SonicWall VPN portal can be used to crash the device and prevent users from connecting to corporate resources. "The most notable aspect of this vulnerability is that the VPN portal can be exploited without knowing a username or password," Young told Threatpost.

Cisco Talos this week released the details of several remotely exploitable denial-of-service vulnerabilities found by one of its researchers in an industrial automation product made by Rockwell Automation. Cisco Talos and Rockwell Automation say a total of five high-severity buffer overflow vulnerabilities have been identified.