Top

Category: Vulnerabilities


Network security, Vulnerabilities

Lenovo Patches Networking OS Vulnerability Dating Back to 2004

January 17, 2018

Via: Threat Post

Lenovo patched a flaw in its networking operating system dating back to 2004 that allowed attackers to perform an authentication bypass attack via a mechanism called “HP Backdoor.” If exploited, an attacker could gain admin-level access on affected switches, Lenovo […]


Vulnerabilities

Oracle Fixes Spectre, Meltdown Flaws With Critical Patch Update

January 17, 2018

Via: Security Week

Oracle on Tuesday released its first Critical Patch Update for 2018 to deliver 237 new security fixes across its product portfolio. Over half of the addressed vulnerabilities could be remotely exploited without authentication. As part of the January 2018 Critical […]


Vulnerabilities

DNS Servers Crash Due to BIND Security Flaw

January 17, 2018

Via: Security Week

Updates released by the Internet Systems Consortium (ISC) for BIND patch a remotely exploitable security flaw that has caused some DNS servers to crash. The high severity vulnerability, tracked as CVE-2017-3145, is caused by a use-after-free bug that can lead […]


Application security, Vulnerabilities

BlackBerry Launches Security Product for Automotive, Other Industries

January 16, 2018

Via: Security Week

BlackBerry announced on Monday the launch of Jarvis, a new cybersecurity service designed to help companies in the automotive and other sectors find vulnerabilities in their software. Jarvis has been described by BlackBerry as a cloud-based static binary code analysis […]


Threats & Malware, Vulnerabilities

Spectre and Meltdown explained: What they are, how they work, what’s at risk

January 15, 2018

Via: CSO Online

In the first days of 2018, published research revealed that nearly every computer chip manufactured in the last 20 years contains fundamental security flaws, with specific variations on those flaws being dubbed Spectre and Meltdown. The flaws arise from features […]


Vulnerabilities

Survey Suggests Many Are Still Waiting for Spectre, Meltdown Windows Updates

January 12, 2018

Via: Dark Reading

Microsoft’s insistence on a specific registry key setting for offering the updates on systems appears to be the issue, security vendor Barkly says. The results of a small survey suggest that many organizations could still be waiting to receive updates […]


Vulnerabilities

Bogus Passwords Can Unlock AppStore Preferences in macOS

January 12, 2018

Via: Security Week

A security vulnerability impacting macOS High Sierra allows admins to unlock the AppStore Preferences in System Preferences by providing any password. The issue was found to affect macOS 10.13.2, the latest iteration of the platform, and can be reproduced only […]


Vulnerabilities

Meltdown Patch Broke Some Ubuntu Systems

January 11, 2018

Via: Security Week

Canonical was forced to release a second round of Ubuntu updates that address the recently disclosed CPU vulnerabilities after some users complained that their systems no longer booted after installing the initial patches. On January 9, Canonical released Ubuntu updates […]


Vulnerabilities

Apple Adds Spectre Protections to Safari, WebKit

January 9, 2018

Via: Security Week

Updates released by Apple on Monday for iOS, macOS and Safari should mitigate the effects of the vulnerabilities exploited by the recently disclosed attack method named Spectre. Apple informed customers that iOS 11.2.2 and macOS High Sierra 10.13.2 Supplemental Update […]


Data loss, Vulnerabilities

Serious Flaws Affect Dell EMC, VMware Data Protection Products

January 8, 2018

Via: Security Week

Data protection products from both Dell EMC and VMware are impacted by three potentially serious vulnerabilities discovered by researchers at Digital Defense. EMC told customers that its Avamar Server, NetWorker Virtual Edition and Integrated Data Protection Appliance products have a […]