Adobe updated Flash Player on Tuesday to address a zero-day vulnerability exploited by what experts believe to be a North Korean hacker group in attacks aimed at individuals in South Korea. The existence of the vulnerability, tracked as CVE-2018-4878, came to light on January 31 when South Korea’s Internet & Security Agency (KISA) issued an …
Two individuals living in Canada and Florida were responsible for the massive data breach suffered by Uber in 2016, the ride-sharing company’s chief information security officer said on Tuesday. In a hearing before the Senate Subcommittee on Consumer Protection, Product Safety, Insurance, and Data Security, Uber CISO John Flynn shared additional details on the data …
It’s rather trivial to bypass the anti-ransomware feature that Microsoft introduced in its Windows 10 Fall Creators Update, a security researcher claims. Dubbed Controlled folder access, the anti-ransomware feature was announced as part of Windows Defender Exploit Guard, a new set of host intrusion prevention capabilities in Microsoft’s latest platform iteration. When announcing the feature, …
Adobe reports that a vulnerability has been discovered in Adobe Flash Player that could allow for remote code execution. This vulnerability occurs due to a use-after-free error (CVE-2018-4878). Depending on the privileges associated with this application, an attacker could then install programs, view, change, or delete data or create new accounts with full user rights. …
HP has reported that a vulnerability has been discovered in HP printers which could allow for arbitrary code execution. Depending on the printer’s placement on the network, an attacker could potentially install programs; view, change, or delete data; or create new accounts with full user rights. HP states that a directory traversal attack could allow …
Cisco has released a security update stating that a vulnerability in the Secure Sockets Layer (SSL) VPN functionality of the Cisco Adaptive Security Appliance (ASA) Software could allow an unauthenticated, remote attacker to cause a reload of the affected system or to remotely execute code. The vulnerability is due to an attempt to double free …
A security update has been released for the popular Electron JavaScript library which is used in the development of desktop applications that utilize web components such as Skype and Slack. A vulnerability has been identified in the library where if the victim navigates to a specially crafted link that calls the app.setAsDefaultProtocolClient method in the …
WPA2 Key Reinstallation Attacks (KRACKs) Date first published: 23/1/2018 1.0 Introduction TT-CSIRT wishes to advise that weaknesses have been discovered in the Wi-Fi Protected Access 2 (WPA2) protocol used to secure wireless networks. An attacker within range of a victim can exploit these weaknesses using key reinstallation attacks (KRACKs). Attackers can use these exploits …
Apple has released security updates stating that the following vulnerabilities have been discovered in Safari, watchOS, iOS, High Sierra, Sierra, El Capitan, and tvOS: a) A certificate evaluation issue existed in the handling of name constraints – (CVE-2018-4086) b) An application may be able to execute arbitrary code with kernel privileges – (CVE-2018-4097) c) A …
Lenovo has released a security update for its Enterprise Network Operating System (ENOS) stating that an authentication bypass mechanism known as “HP Backdoor” was discovered during a Lenovo security audit in the Telnet and Serial Console management interfaces as well as the SSH and Web management interfaces under certain limited and unlikely conditions. This bypass …