Security News

Patch time! NVIDIA fixes kernel driver holes on Windows and Linux
2020-06-25 18:24

In contrast, a high-end GPU might have 2000 to 5000 cores, but they aren't each able to run completely different instructions at the same time. Servers fitted with GPUs probably need two sets of patches, covering both the NVIDIA GPU drivers that control the actual hardware in the physical system, and the NVIDIA vGPU software, which shares out physical GPUs between guest operating systems running under virtualisation software from vendors including Citrix, Red Hat and VMWare.

Nvidia Warns Windows Gamers of Serious Graphics Driver Bugs
2020-06-25 14:44

Graphics chipmaker Nvidia has fixed two high-severity flaws in its graphics drivers. Nvidia's graphics driver for Windows is used in devices targeted to enthusiast gamers; it's the software component that enables the device's operating system and programs to use its high-level, gaming-optimized graphics hardware.

Self-Propagating Lucifer Malware Targets Windows Systems
2020-06-24 21:20

Security experts have identified a self-propagating malware, dubbed Lucifer, that targets Windows systems with cryptojacking and distributed denial-of-service attacks. "Lucifer is a new hybrid of cryptojacking and DDoS malware variant that leverages old vulnerabilities to spread and perform malicious activities on Windows platforms," said researchers with Palo Alto Networks' Unit 42 team, on Wednesday in a blog post.

Microsoft promises to fix Windows 10 printer problem
2020-06-18 14:01

Windows 10 updates released as part of last week's Patch Tuesday appear to be making life hard for some printer users. Windows cannot print due to a problem with the current printer setup.

Drupal Patches Code Execution Flaw Most Likely to Impact Windows Servers
2020-06-18 12:37

Updates released this week by Drupal patch several vulnerabilities, including a flaw that could allow an attacker to execute arbitrary PHP code. The code execution vulnerability, tracked as CVE-2020-13664, can be exploited against Drupal 8 and 9 installations, but only in certain circumstances.

Adobe Acrobat DC Gets Protected Mode on Windows
2020-06-18 08:43

Adobe this week announced that it has introduced a protected mode in Adobe Acrobat DC for Windows. The Protected Mode in Acrobat DC is aimed at ensuring addition layers of security are available for users, thus improving the protection of desktop environments from potentially malicious code.

Wailing Wednesday follows Patch Tuesday as versions of Windows 10 stop playing nicely with plugged-in printers
2020-06-12 18:20

Windows 10 users woke up to borked printers following the monthly Microsoft bugfix party, Patch Tuesday. The timing is unfortunate since many Windows 10 users are now working from home and relying on directly connected printers for remote working.

A Bug in Facebook Messenger for Windows Could've Helped Malware Gain Persistence
2020-06-11 14:35

Cybersecurity researchers at Reason Labs, the threat research arm of security solutions provider Reason Cybersecurity, today disclosed details of a vulnerability they recently discovered in the Facebook Messenger application for Windows. The vulnerability, which resides in Messenger version 460.16, could allow attackers to leverage the app to potentially execute malicious files already present on a compromised system in an attempt to help malware gain persistent/extended access.

'SMBleed' Vulnerability Impacts Windows SMB Protocol
2020-06-10 17:46

One of the vulnerabilities that Microsoft addressed on June 2020 Patch Tuesday is a Server Message Block protocol bug that could allow an attacker to leak kernel memory remotely, without authentication. Called SMBleed and tracked as CVE-2020-1206, the vulnerability could be chained with SMBGhost, a flaw addressed in March 2020, to achieve pre-authentication remote code execution, security researchers with ZecOps reveal.

Microsoft Patches Critical Code Execution Vulnerabilities in Windows, Browsers
2020-06-10 03:32

"Microsoft's latest fixes in its June Patch Tuesday update show that when it comes to vulnerabilities, what's old is new again. The same vulnerabilities we've seen appear in Adobe Flash over the past few years, along with common cross-site-scripting issues, were addressed this month. As witnessed within Microsoft Office SharePoint, there were multiple XSS vulnerabilities identified in the same product - this could be the result of a researcher who found one flaw and decided to continue digging, or Microsoft itself going through similar flows of code to try to fix them all." "This month starts with CVE-2020-1281, a remote code execution vulnerability in Microsoft's Object Linking & Embedding. This vulnerability impacts Windows 7 through 10 and Windows Server 2008 through 2019. The vulnerability exists in the way OLE validates user input. An attacker who sent a specially crafted file or program, or convinced a victim to download one, could execute malicious code on the victim's machine. Microsoft assigned this vulnerability a CVSS score of 7.8; a similar vulnerability, CVE-2017-0199, has been widely exploited including by the Lazarus group and APT 34.".