Internet technology is so pervasive today, for example, from online social networking to online banking, it has made people’s lives more comfortable. Due the growth of Internet technology, security threats to systems and networks are relentlessly inventive. One such a serious threat is “phishing”, in which, attackers attempt to steal the user’s credentials using fake …
Google has released a security update stating that multiple vulnerabilities have been discovered in Google Android OS, the most severe of which could allow for arbitrary code execution within the context of a privileged process. Details are as follows: a) An elevation of privilege vulnerability in Android runtime – (CVE-2017-13274) b) An arbitrary code vulnerability …
Microsoft has released a security update stating that when the Microsoft update for meltdown is installed on a Windows 7 x64 or Windows Server 2008 R2 x64 system, an unprivileged process may be able to read and write the entire memory space available to the Windows kernel. Basically, an attacker with the ability to run …
Apple has released a security update stating that multiple vulnerabilities have been discovered in iCloud for Windows, Safari, macOS High Sierra, Sierra, and El Capitan, iTunes, Xcode, tvOS, watchOS and iOS. Details are as follows: 1) A buffer overflow was addressed with improved size validation – (CVE-2018-4144) 2) A command injection issue existed in the …
Drupal has released a security update stating that a remote code execution vulnerability exists within multiple subsystems of Drupal 7.x and 8.x. This potentially could allow attackers to exploit multiple attack vectors on a Drupal site and result in it being compromised. In addition, depending on the privileges associated with the user, an attacker could …
Citrix has released a security update stating that a number of vulnerabilities have been identified within Citrix XenServer that could, if exploited, allow a malicious administrator of a guest VM to crash the host and for some XenServer versions, allow a remote attacker to compromise the host. Details of the vulnerabilities are as follows: a)CVE-2016-2074: …
Mozilla has released a security update stating that multiple vulnerabilities have been discovered in Mozilla Firefox and Firefox Extended Support Release (ESR) which could allow for remote code execution. Details of the vulnerabilities are as follows: a) A remote code-execution vulnerability exists because it fails to properly process Vorbis audio data. Specifically, this issue occurs …
Following an analysis of the progression of ransomware and ongoing attacks on critical infrastructure, highlighted in the previous chapters, it becomes clear that cyberattacks will continue to expand in scope and volume over the coming year. However, we must not lose sight of the fact that these complex scenarios are just one aspect of cybercrime …
Some of the most critical vulnerabilities in the Internet’s history have been discovered and resolved thanks to the efforts of hackers fueled by curiosity and altruism. Acalvio Technologies Chief Security Architect Chris Roberts puts it this way, “Hackers unfortunately are [often] portrayed as the bad guys, whereas I would argue that for the last 20 …
Researchers at cybersecurity technology and services provider Digital Defense have identified another round of vulnerabilities affecting products from Zoho-owned ManageEngine. ManageEngine provides network, data center, desktop, mobile device, and security solutions to more than 40,000 customers, including three out of every five Fortune 500 company. Earlier this year, Digital Defense reported finding several potentially serious …