Security News

Microsoft Patches IE Zero-Day, 98 Other Vulnerabilities
2020-02-11 19:29

Microsoft disclosed the existence of the Internet Explorer zero-day on January 17, when it promised to release patches and provided a workaround. Microsoft has credited Google's Threat Analysis Group and Chinese cybersecurity firm Qihoo 360 for reporting the vulnerability.

Adobe Patches 42 Vulnerabilities Across Five Products
2020-02-11 16:42

Adobe's February 2020 Patch Tuesday updates fix a total of 42 vulnerabilities across the company's Framemaker, Acrobat and Reader, Flash Player, Digital Editions and Experience Manager products. While the vulnerabilities have been classified as critical, Adobe believes they are unlikely to be exploited in attacks any time soon.

Which vulnerabilities were most exploited by cybercriminals in 2019?
2020-02-06 06:30

Which ten software vulnerabilities should you patch as soon as possible? Recorded Future researchers have analyzed code repositories, underground forum postings, dark web sites, closed source reports and data sets comprising of submissions to popular malware repositories to compile a list of the ten most exploited vulnerabilities by cybercriminals in 2019.

CDPwn vulnerabilities open millions of Cisco enterprise devices to attack
2020-02-05 21:31

If you have Cisco equipment in your enterprise network - and chances are good that you have - you should check immediately which feature the newly revealed CDPwn vulnerabilities in Cisco' proprietary device discovery protocol and implement patches as soon as possible. "Different models of devices that run Cisco FXOS Software, Cisco IP Camera Firmware, Cisco IP Phone Firmware, Cisco NX-OS Software, Cisco IOS-XR, and Cisco UCS Fabric Interconnects are affected by one or more of these vulnerabilities," a Cisco spokesman told Help Net Security.

Android's February 2020 Update Patches Critical System Vulnerabilities
2020-02-05 04:58

Google this week released the February 2020 set of security updates for the Android operating system, which address a total of 25 vulnerabilities, including 2 rated critical severity. Tracked as CVE-2020-0022, the first of these bugs is a remote code execution vulnerability that is considered critical only on Android 8.0, 8.1, and 9 devices.

Vulnerabilities in Mini-SNMPD Lead to DoS, Information Disclosure
2020-02-04 15:45

Vulnerabilities recently patched in Mini-SNMPD could be abused for denial-of-service attacks or to obtain sensitive information, Cisco Talos' security researchers report. It works on both x86 and ARM platforms running Ubuntu, Alpine Linux, and FreeBSD. Talos' researchers discovered a total of three vulnerabilities in Mini-SNMPD, including two out-of-bounds read bugs and one stack overflow.

Trend Micro Patches More Vulnerabilities in Anti-Threat Toolkit
2020-02-03 13:32

An update announced last week by Trend Micro for its Anti-Threat Toolkit addresses some additional attack methods related to a vulnerability initially patched in October 2019. Researcher Stefan Kanthak has also analyzed the vulnerability and discovered that Trend Micro has failed to patch it completely.

Researcher Finds Over 60 Vulnerabilities in Physical Security Systems
2020-01-31 12:32

A researcher has discovered more than 60 vulnerabilities across 20 physical security products, including critical flaws that can be exploited remotely to take complete control of a device. The DHS's Cybersecurity and Infrastructure Security Agency recently published an advisory to warn users of Honeywell's MAXPRO video management system and network video recorder products that Austria-based researcher Joachim Kerschbaumer had identified two serious vulnerabilities that could allow hackers to take control of affected systems.

Hackers Can Earn $20,000 for Xbox Vulnerabilities
2020-01-30 19:35

Microsoft on Thursday announced the launch of an Xbox bug bounty program with rewards of up to $20,000 for critical remote code execution vulnerabilities. The company is hoping to receive reports describing XSS, CSRF, IDOR, insecure deserialization, injection, server-side code execution, security misconfigurations, and the use of components with known vulnerabilities.

Magento patches critical code execution vulnerabilities, upgrade ASAP!
2020-01-30 10:08

Adobe-owned Magento has plugged multiple critical vulnerabilities in its eponymous content management system, the most severe of which could be exploited by attackers to achieve arbitrary code execution. According to the newest Magento-themed security bulletin, three of the six fixed flaws are critical and three are important.