Security News

Mozilla fixes Firefox zero-days exploited in the wildMozilla has released an out-of-band security update for Firefox, Firefox Focus, and Thunderbird, fixing two critical vulnerabilities exploited by attackers in the wild. Easily exploitable Linux bug gives root access to attackersAn easily exploitable vulnerability in the Linux kernel can be used by local unprivileged users to gain root privileges on vulnerable systems by taking advantage of already public exploits.

Three high-impact security vulnerabilities have been disclosed in APC Smart-UPS devices that could be abused by remote adversaries as a physical weapon to access and control them in an unauthorized manner. TLStorm consists of a trio of critical flaws that can be triggered via unauthenticated network packets without requiring any user interaction, meaning it's a zero-click attack, with two of the issues involving a case of faulty TLS handshake between the UPS and the APC cloud -.

If you're managing a smart model from ubiquitous uninterrupted power supply device brand APC, you need to apply updates now - a set of three critical zero-day vulnerabilities are making Smart-UPS devices a possible entry point for network infiltration. The vulnerabilities, dubbed "TLStorm" were found in Schneider Electric's APC Smart-UPS products by security firm Armis, which made the info public on Tuesday.

A set of three critical zero-day vulnerabilities now tracked as TLStorm could let hackers take control of uninterruptible power supply devices from APC, a subsidiary of Schneider Electric. UPS devices act as emergency power backup solutions and are present in mission-critical environments such as data centers, industrial facilities, hospitals.

TLStorm exploits expose more than 20 million UPS units to takeover. The exploits come, said Armis head of research Barak Hadad, in a time when even the least likely of devices has an internet connection that turns it into a potential threat.

Three critical security vulnerabilities in widely used smart uninterruptible power supply devices could allow for remote takeover, meaning that malicious actors could cause business disruptions, data loss and even physical harm to critical infrastructure, researchers have found. APC is a subsidiary of Schneider Electric, one of the leading vendors of UPS devices.

Three vulnerabilities in ubiquitous APC Smart-UPS devices could allow remote attackers to use them as an attack vector, disable or completely destroy them, Armis researchers have discovered. "The latest APC Smart-UPS models are controlled through a Cloud connection. Armis researchers found that an attacker exploiting the TLStorm vulnerabilities could remotely take over devices via the Internet without any user interaction or signs of attack. As a result, attackers can perform a remote-code execution attack on a device, which in turn could be used to alter the operations of the UPS to physically damage the device itself or other assets connected to it," the researchers noted.