Microsoft’s Patch Tuesday updates for October 2017 address a total of 62 vulnerabilities, including a critical Office zero-day flaw that has been exploited in targeted attacks. The actively exploited vulnerability, tracked as CVE-2017-11826 and classified by Microsoft as “important,” is caused by a memory corruption issue. It allows a remote attacker to execute arbitrary code …
Multiple vulnerabilities have been discovered in Microsoft products, the most severe of which could allow for code execution. Successful exploitation of the most severe of these vulnerabilities could result in an attacker gaining the same privileges as the logged on user. Depending on the privileges associated with the user, an attacker could then install programs; …
Multiple vulnerabilities have been discovered in Netgear products, the most severe of which could allow for arbitrary code execution. Netgear is a manufacturer of networked devices such as Network Attached Storage (NAS), routers, switches, cable and DSL modems, and video cameras. Successful exploitation of the most severe of these vulnerabilities could allow an attacker to …
Multiple vulnerabilities have been discovered in Google Android OS, the most severe of which could allow for arbitrary code execution within the context of a privileged process. Details of these vulnerabilities are as follows: a) An elevation of privilege vulnerability in the Framework – (CVE-2017-0806) b) Three arbitrary code execution vulnerabilities in the Media Framework …
Apple has released a supplemental security update to address vulnerabilities in macOS High Sierra 10.13: a) A local attacker may gain access to an encrypted APFS volume – if a hint was set in Disk Utility when creating an APFS encrypted volume, the password was stored as the hint. b) A malicious application can extract …
The need to secure industrial control systems (ICS) from the risk of cyber-attacks cannot be underestimated in a world where human error, online criminal activity and espionage are very real threats to businesses. The potential damage from cybersecurity incidents can be considerable. The consequences of these incidents are often far greater than the associated financial …
Designing and implementing a cybersecurity and privacy program is challenging enough, but the work doesn’t stop there. Once a program is in place, disparate components must be thoroughly integrated, professionally managed and continuously improved. The “Moving Forward With Cybersecurity And Privacy Report 2017” can be downloaded via the TTCSIRT Website at https://ttcsirt.gov.tt/documents/pwc.pdf
There is a discrepancy between the frequency and thoroughness of Apple’s Mac Operating System (OS X) and app security updates, and updates for the underlying firmware (EFI) on Mac computers. Researchers have found that on a sample of 73,324 Macs deployed in production settings, 4.2% are running outdated EFI — leaving them potentially vulnerable to …
Siemens has started releasing patches to address a high severity access control vulnerability that can be exploited to remotely hack some of its industrial communications devices. The flaw, discovered by Siemens itself and tracked as CVE-2017-12736, affects SCALANCE X industrial ethernet switches, and Ruggedcom switches and serial-to-ethernet devices running the Rugged Operating System (ROS). The …
Mozilla has confirmed the following vulnerabilities in Firefox and Firefox Extended Support Release (ESR): a) A use-after-free vulnerability can occur in the Fetch API when the worker or the associated window are freed when still in use, resulting in a potentially exploitable crash – (CVE-2017-7793) b) A spoofing vulnerability for Firefox for Android, that can …