Security News

Cisco has patched a high-severity flaw in its NX-OS software, the network operating system used by Cisco's Nexus-series Ethernet switches. If exploited, the vulnerability could allow an unauthenticated, remote attacker to bypass the input access control lists configured on affected Nexus switches - and launch a denial of service attacks on the devices.

While DoS attacks use differing tactics, they most commonly involve sending junk network traffic to overwhelm and crash systems. Cyber espionage attacks meanwhile have seen a downward spiral, dropping from making up 13.5 percent of breaches in 2018 to a mere 3.2 percent of data breaches in 2019.

A proof-of-concept exploit has been made public for a recently patched vulnerability in OpenSSL that can be exploited for denial-of-service attacks. OpenSSL versions 1.1.1d, 1.1.1e and 1.1.1f are affected by a high-severity vulnerability that has been described as a segmentation fault in the SSl check chain function.

An update released on Tuesday for OpenSSL patches a high-severity vulnerability that can be exploited for denial-of-service attacks. The vulnerability impacts OpenSSL versions 1.1.1d, 1.1.1e and 1.1.1f, and it has been patched with the release of version 1.1.1g. Older versions 1.0.2 and 1.1.0, which no longer receive security updates, are not impacted by the flaw.

Vulnerabilities that Videolabs recently addressed in its libmicrodns library could lead to denial of service and arbitrary code execution, Cisco Talos' security researchers warn. The libmicrodns mDNS resolver cross-platform library is used in the VLC media player for mDNS service discovery.

Hackers could have caused a Tesla Model 3's central touchscreen to become unusable simply by getting the targeted user to visit a specially crafted website. A researcher who uses the online moniker Nullze discovered that the Tesla Model 3's web interface is affected by a denial-of-service vulnerability.

NVIDIA addressed the bugs in GPU Display Driver version 442.50, version 432.28, version 426.50, and version 392.59. For Tesla products running R418 versions, GPU Display Driver version 426.50 addresses the flaws.

A serious vulnerability found in the Profinet industrial communication protocol exposes devices from Siemens, Moxa and possibly other vendors to denial-of-service attacks. The company's researchers have confirmed that the vulnerability impacts products from Siemens and Moxa that use Profinet, but they believe products from other vendors may be affected as well.

Online music platform SoundCloud, which can be thought of as an audio-based YouTube for music creators, has addressed several security bugs in its APIs that could lead to denial-of-service or account takeover via credential-stuffing. According to researcher Paulo Silva of Checkmarx Security Research, three different groups of security vulnerabilities were found in the platform: A authentication issue which could lead to account takeover; a rate-limiting bug that could lead to DoS; and an improper input validation.

Siemens' Patch Tuesday updates for February 2020 address serious denial-of-service vulnerabilities in several of the company's products. Siemens SIMATIC PCS 7, SIMATIC WinCC and SIMATIC NET PC products are affected by a high-severity DoS flaw if encrypted communication is enabled.