Security News

NVIDIA addressed the bugs in GPU Display Driver version 442.50, version 432.28, version 426.50, and version 392.59. For Tesla products running R418 versions, GPU Display Driver version 426.50 addresses the flaws.

A serious vulnerability found in the Profinet industrial communication protocol exposes devices from Siemens, Moxa and possibly other vendors to denial-of-service attacks. The company's researchers have confirmed that the vulnerability impacts products from Siemens and Moxa that use Profinet, but they believe products from other vendors may be affected as well.

Online music platform SoundCloud, which can be thought of as an audio-based YouTube for music creators, has addressed several security bugs in its APIs that could lead to denial-of-service or account takeover via credential-stuffing. According to researcher Paulo Silva of Checkmarx Security Research, three different groups of security vulnerabilities were found in the platform: A authentication issue which could lead to account takeover; a rate-limiting bug that could lead to DoS; and an improper input validation.

Siemens' Patch Tuesday updates for February 2020 address serious denial-of-service vulnerabilities in several of the company's products. Siemens SIMATIC PCS 7, SIMATIC WinCC and SIMATIC NET PC products are affected by a high-severity DoS flaw if encrypted communication is enabled.

Vulnerabilities recently patched in Mini-SNMPD could be abused for denial-of-service attacks or to obtain sensitive information, Cisco Talos' security researchers report. It works on both x86 and ARM platforms running Ubuntu, Alpine Linux, and FreeBSD. Talos' researchers discovered a total of three vulnerabilities in Mini-SNMPD, including two out-of-bounds read bugs and one stack overflow.

Cisco this week informed customers that some of its Small Business Switches are affected by high-severity vulnerabilities that can be exploited to obtain sensitive device information and to launch denial-of-service attacks. The information disclosure vulnerability is caused by the lack of proper authentication controls and it can be exploited by sending specially crafted HTTP requests to the user interface of an affected switch.

Android’s December 2019 updates arrived this week, patching a small list of system and Qualcomm flaws across the operating system’s two patch levels.

One of the vulnerabilities Google addressed in Android with the December 2019 set of monthly patches is a critical vulnerability that could result in a permanent denial of service. read more

The December security update stomped out critical denial-of-service (DoS) and remote-code-execution (RCE) vulnerabilities in the Android operating system.

A group of security researchers from German universities has devised a new class of web cache poisoning attacks that could render victim services unreachable. read more