A new report from the Cloud Security Alliance (CSA) on the top threats to cloud computing suggests that service providers are improving their security. Many of today’s threats now stem from organizational management decisions and implementation/configuration weaknesses. The report suggests that “traditional security issues under the responsibility of the CSP seem to be less of […]
A misconfiguration in the popular JIRA project management software exposed a great deal of data on hundreds of companies, security researcher Avinash Jain reveals. JIRA is used by over 135,000 companies and organization globally, including hundreds of Fortune 500 companies. Some of the organizations impacted include NASA, Google, Yahoo, Go-Jek, HipChat, Zendesk, Sapient, Dubsmash, Western […]
Several major industrial and automation solutions providers have issued advisories in response to the recently disclosed Wind River VxWorks vulnerabilities dubbed Urgent/11. In late July, IoT security firm Armis disclosed eleven vulnerabilities found by its researchers in the VxWorks real time operating system (RTOS). The flaws, six of which have been described as critical, can […]
Microsoft’s July 2019 Patch Tuesday updates fix nearly 80 vulnerabilities, including two Windows zero-day flaws and six issues whose details were previously made public. One of the zero-day vulnerabilities is CVE-2019-0880, which Microsoft describes as a local privilege escalation issue related to how the splwow64.exe component in Windows handles certain calls. Splwow64.exe is designed to […]
A vulnerability in the Zoom Client for Mac allows a remote attacker to force a user into joining a video call with the video camera active, a security researcher has discovered. Zoom offers “enterprise video conferencing with real-time messaging and content sharing,” allowing users to join meetings from both desktop and mobile devices, for improved […]
Adobe’s Patch Tuesday updates for July 2019 address vulnerabilities in the company’s Bridge CC, Experience Manager and Dreamweaver products, but none of the security holes appear serious. The latest update for Bridge CC on Windows and macOS resolves an out-of-bounds memory read issue that can result in information disclosure in the context of the targeted […]
A newly discovered piece of malware uses a peer-to-peer (p2p) network on top of InterPlanetary File System’s (IPFS) p2p network, Anomali’s security researchers report. Discovered in May 2019 and dubbed IPStorm, the malware is written in the Go (Golang) programming language and targets Windows machines. Once it has infected a system, the malicious program allows […]
A researcher revealed on Wednesday that he discovered a blind cross-site scripting (XSS) vulnerability that could have been exploited to attack Google employees and possibly gain access to invoices and other sensitive information. Thomas Orlita, a 16-year-old bug bounty hunter from the Czech Republic, analyzed the Google Invoice Submission Portal hosted on gist-uploadmyinvoice.appspot.com, where vendors […]
Microsoft on Tuesday released security patches for nearly 90 vulnerabilities, including two Critical bugs impacting the proprietary authentication protocol NTLM. Tracked as CVE-2019-1040 and CVE-2019-1019, the two security issues consist of three logical flaws in NTLM that allow the bypass of all major NTLM protection mechanisms, Preempt’s security researchers reveal. The flaws impact all Windows […]
Millions of computers powered by Intel processors are affected by vulnerabilities that can be exploited by malicious actors to obtain potentially sensitive information. Intel and other tech giants have already released patches and mitigations. The side-channel attack methods, named ZombieLoad, RIDL (Rogue In-Flight Data Load), and Fallout, are similar to the notorious Meltdown and Spectre, […]
