Apple has released a supplemental security update to address vulnerabilities in macOS High Sierra 10.13: a) A local attacker may gain access to an encrypted APFS volume – if a hint was set in Disk Utility when creating an APFS encrypted volume, the password was stored as the hint. b) A malicious application can extract …
The need to secure industrial control systems (ICS) from the risk of cyber-attacks cannot be underestimated in a world where human error, online criminal activity and espionage are very real threats to businesses. The potential damage from cybersecurity incidents can be considerable. The consequences of these incidents are often far greater than the associated financial …
Designing and implementing a cybersecurity and privacy program is challenging enough, but the work doesn’t stop there. Once a program is in place, disparate components must be thoroughly integrated, professionally managed and continuously improved. The “Moving Forward With Cybersecurity And Privacy Report 2017” can be downloaded via the TTCSIRT Website at https://ttcsirt.gov.tt/documents/pwc.pdf
There is a discrepancy between the frequency and thoroughness of Apple’s Mac Operating System (OS X) and app security updates, and updates for the underlying firmware (EFI) on Mac computers. Researchers have found that on a sample of 73,324 Macs deployed in production settings, 4.2% are running outdated EFI — leaving them potentially vulnerable to …
Siemens has started releasing patches to address a high severity access control vulnerability that can be exploited to remotely hack some of its industrial communications devices. The flaw, discovered by Siemens itself and tracked as CVE-2017-12736, affects SCALANCE X industrial ethernet switches, and Ruggedcom switches and serial-to-ethernet devices running the Rugged Operating System (ROS). The …
Mozilla has confirmed the following vulnerabilities in Firefox and Firefox Extended Support Release (ESR): a) A use-after-free vulnerability can occur in the Fetch API when the worker or the associated window are freed when still in use, resulting in a potentially exploitable crash – (CVE-2017-7793) b) A spoofing vulnerability for Firefox for Android, that can …
Multiple vulnerabilities have been discovered in Cisco IOS and IOS XE Software, the most severe of which could result in remote code execution. Details of these vulnerabilities are as follows: a) A remote code execution vulnerability exists in the DHCP relay subsystem due to a buffer overflow condition – (CVE-2017-12240) b) A denial of service …
Multiple vulnerabilities have been discovered in watchOS, iOS, tvOS, Xcode, and Safari. The most severe of these vulnerabilities could allow for arbitrary code execution. Details of these vulnerabilities are as follows: a) An ssh:// URL scheme handling issue was addressed through improved input validation (CVE-2017-1000117) b) Multiple memory corruption issues were addressed with improved memory …
Multiple vulnerabilities have been discovered in Google Chrome, which could result in arbitrary code execution. These vulnerabilities can be exploited if a user visits, or is redirected to, a specially crafted web page. Details of the vulnerabilities are as follows: Out-of-bounds access in V8. (CVE-2017-5121, CVE-2017-5122) Successful exploitation of these vulnerabilities could allow an attacker …
The Samba Team has released security updates to address several vulnerabilities in Samba – a) A man in the middle attack may hijack client connections. b) A man in the middle attack can read and may alter confidential documents transferred via a client connection, which are reached via DFS redirect when the original connection used …