Apple has a released a security update stating that the following vulnerabilities have been discovered in the macOS 10.13.4: a) A memory corruption issue was addressed with improved error handling which could lead to an application may be able to gain elevated privileges – CVE-2018-4206 b) A spoofing issue existed in the handling of URLs …
Drupal has released a security update stating that CKEditor, a third-party JavaScript library included in Drupal core, has fixed a cross-site scripting (XSS) vulnerability. The vulnerability stemmed from the fact that it was possible to execute XSS inside CKEditor when using the image2 plugin (which Drupal 8 core also uses). Further information on this vulnerability …
A Windows 10 vulnerability that could bypass Windows Lockdown Policy and result in arbitrary code execution remains unpatched 90 days after Microsoft has been informed on the bug’s existence. On systems with User Mode Code Integrity (UMCI) enabled, a .NET bug can be exploited to bypass the Windows Lockdown Policy check for COM Class instantiation, …
Microsoft on Thursday announced Windows Defender System Guard runtime attestation, a new Windows platform security technology set to roll out to all editions of Windows. Meant to mitigate attacks in software, the runtime attestation takes advantage of the same hardware-rooted security technologies in virtualization-based security (VBS) as Credential Guard, Microsoft says. The new security technology …
Researchers claim hackers can remotely exploit an unpatched command injection vulnerability to take control of network-attached storage (NAS) devices from LG. VPN specialists at vpnMentor discovered that many LG NAS models are impacted by a flaw that can be exploited without authentication. According to researchers, the password parameter in the login page is vulnerable to …
Google has released a security update stating that multiple vulnerabilities have been discovered in Google Chrome, the most severe of which could result in arbitrary code execution. Details are as follows: 1) Use after free in Disk Cache – (CVE-2018-6085, CVE-2018-6086) 2) Use after free in WebAssembly – (CVE-2018-6087) 3) Use after free in PDFium …
Oracle has released its Critical Patch Update for April 2018 to address 254 vulnerabilities across multiple products including 1) Enterprise Manager Base Platform, versions 12.1.0.5, 13.2.0.0 2) Enterprise Manager for MySQL Database, version 12.1.0.4 3) Enterprise Manager for Virtualization, version 13.2 4) Enterprise Manager Ops Center, versions 12.2.2, 12.3.3 5) Hardware Management Pack, versions prior …
Adobe has released a security update stating that multiple vulnerabilities have been discovered in Adobe Flash Player the most severe of which could allow for remote code execution. Details are as follows: a) A remote code-execution vulnerability that occurs due to a use-after-free condition – (CVE-2018-4932) b) Multiple remote code-execution vulnerabilities that occur due to …
Juniper Networks has released a series of security updates to address several vulnerabilities in its products. Details are as follows: a) Junos OS – kernel crash upon receipt of crafted CLNP packets (CVE-2018-0016) b) SRX Series – denial-of-service vulnerability in flowd daemon on devices configured with NAT-PT (CVE-2018-0017) c) SRX Series – crafted packet may …
Phishing is a criminal mechanism employing both social engineering and technical subterfuge to steal consumers’ personal identity data and financial account credentials. Social engineering schemes use spoofed e-mails purporting to be from legitimate businesses and agencies, designed to lead consumers to counterfeit websites that trick recipients into divulging financial data such as usernames and passwords. …