Security News
An Internet Explorer 11 zero-day vulnerability used against security researchers, not yet fixed by Microsoft, today received a micropatch that prevents exploitation. An MHT file, or MIME HTML, is a special file format used by Internet Explorer to store a web page and its resources in a single archive file.
An Internet Explorer 11 zero-day vulnerability used against security researchers, not yet fixed by Microsoft, today received a micropatch that prevents exploitation. An MHT file, or MIME HTML, is a special file format used by Internet Explorer to store a web page and its resources in a single archive file.
Apple on Tuesday released macOS security updates to patch a recently disclosed vulnerability in the Sudo utility. Disclosed during the last week of January 2021, the vulnerability is tracked as CVE-2021-3156, but it's also called Baron Samedit, and it has been lurking in Sudo since July 2011.
SAP has released seven new security notes on February 2021 Security Patch Day, including a Hot News note that addresses a critical flaw in SAP Commerce. Tracked as CVE-2021-21477 and featuring a CVSS score of 9.9, the critical issue could be abused for remote code execution, SAP explains in its advisory.
Automated vulnerability reports generated by scanning tools are returning hundreds, if not thousands of vulnerabilities, and with a great deal of organizations reporting a lack of skilled cybersecurity professionals, teams are already stretched too thin to fix each one. In an effort to resolve this, developers and security professionals have traditionally relied on vulnerability scoring systems to help them prioritize the most critical flaws and streamline remediation efforts.
A hacker's botched attempt to poison the water supply of a small Florida city is raising alarms about just how vulnerable the nation's water systems may be to attacks by more sophisticated intruders. The nation's 151,000 public water systems lack the financial fortification of the corporate owners of nuclear power plants and electrical utilities.
Adobe on Tuesday announced the availability of patches for 50 vulnerabilities across six of its products, including a zero-day vulnerability in Reader that has been exploited in the wild. The exploited vulnerability is tracked as CVE-2021-21017 and it was reported to Adobe anonymously.
Adobe has released security updates that address an actively exploited vulnerability in Adobe Reader and other critical bugs in Adobe Acrobat, Magento, Photoshop, Animate, Illustrator, and Dreamweaver. In total, the company addressed fifty security vulnerabilities affecting seven products, with many of them rated as critical as they allow local arbitrary code execution.
An update released last week by Mozilla for Firefox 85 patches a critical information disclosure vulnerability that can be chained with other security flaws to achieve arbitrary code execution. In its advisory for the vulnerability - the bug currently does not have a CVE identifier - Mozilla described it as a "Buffer overflow in depth pitch calculations for compressed textures." The issue, reported by researchers Abraruddin Khan and Omair through Trend Micro's Zero Day Initiative, apparently only impacts Firefox running on Windows - other operating systems are not affected.
NextGen Gallery, a WordPress plugin used for creating image galleries, currently has over 800,000 active installs, making this security update a top priority for all site owners that have it installed. Both of them are Cross-Site Request Forgery bugs which, in the case of the critical vulnerability tracked as CVE-2020-35942, can lead to Reflected Cross-Site Scripting and remote code execution attacks via file upload or Local File Inclusion.