Google has released a security update stating that the following vulnerabilities have been discovered in Google Chrome: a) Heap buffer overflow in PDFium – (CVE-2018-6120) b) Privilege escalation in extensions – (CVE-2018-6121) c) Type confusion in V8 – (CVE-2018-6122) d) Chain leading to sandbox escape Successful exploitation of the most severe of these vulnerabilities could …
Microsoft has released a security update stating that vulnerabilities have been found in several of its products which could allow for remote code execution. Products affected include: 1) Microsoft Windows 7, 8, RT 8.1, and 10 2) Microsoft Windows Server 2008, 2008 R2, 2012, 2012 R2, 2016 3) Microsoft Windows Server Core Installation 2008, 2008 …
Adobe has released a security update stating that a vulnerability has been discovered in Adobe Flash Player which could allow for arbitrary code execution due to type confusion error. Depending on the privileges associated with the user, an attacker could then install programs, view, change, delete data or create new accounts with full user rights. …
Just a few days after they were disclosed, malicious actors started targeting a couple of flaws affecting routers made by South Korea-based Dasan Networks. There are roughly one million potentially vulnerable devices accessible directly from the Internet. vpnMentor on Monday disclosed the details of two vulnerabilities in Gigabit-capable Passive Optical Network (GPON) routers made by …
A researcher has discovered that a mitigation implemented by Microsoft in Windows 10 for the Meltdown vulnerability can be bypassed. The tech giant says it’s working on an update. According to Windows internals expert Alex Ionescu, a Meltdown mitigation in Windows 10 has what he describes as “a fatal flaw.” “Calling NtCallEnclave returned back to …
Researchers have discovered a total of eight new Spectre-like vulnerabilities, including flaws that may be more serious and easier to exploit, according to German magazine c’t. The flaws were reportedly identified by several research teams, including Google Project Zero, whose employees were among those who initially discovered the Meltdown and Spectre attack methods. C’t, which …
Cisco has released a security update stating that a vulnerability has been discovered in Cisco Adaptive Security Appliance (ASA) which could allow for an unauthenticated, remote attacker to establish a Secure Sockets Layer (SSL) Virtual Private Network (VPN) connection to the device and bypass certain SSL certificate verification steps. The vulnerability is due to incorrect …
Microsoft has released a security update stating that a remote code execution vulnerability exists when the Windows Host Compute Service Shim (hcsshim) library fails to properly validate input while importing a container image. Exploitation occurs when an attacker places malicious code in a specially crafted container image which, if an authenticated administrator imported (pulled), could …
Insecure software is undermining critical infrastructure woldwide. As our infrastructure becomes increasingly complex and connected, the difficulty of achieving application security increases exponentially. Further information on this topic can be found in the article entitled “OWASP: Top Ten Most Critical Web Application Vulnerabilities For 2017” which can be downloaded via the TTCSIRT Website at https://ttcsirt.gov.tt/documents/owasp2017.pdf
Serious issues often originate inside the network: everything from worms, viruses, and Trojan horses to unsecured wireless networks, peer-to-peer mobile communications and guest users can compromise the security of corporate networks. Thus, to address these threats, the corporate network should no longer be a single homogeneous zone in which users connect from anywhere in the …