Top

Category: Vulnerabilities


Application security, Vulnerabilities

Drupal to Patch Highly Critical Vulnerability This Week

March 26, 2018

Via: Security Week

Drupal announced plans to release a security update for Drupal 7.x, 8.3.x, 8.4.x, and 8.5.x on March 28, 2018, aimed at addressing a highly critical vulnerability. The Drupal security team hasn’t provided information on the vulnerability and says it won’t […]


Application security, Vulnerabilities

An Introduction to HTTP Response Headers for Security

March 23, 2018

Via: Security Intelligence

The world is becoming more interconnected every day, and online services like social media and e-commerce are contributing to massive troves of sensitive business and personal data. These developments introduce new risks and vulnerabilities for cybercriminals to exploit via cross-site […]


Vulnerabilities

More Chrome OS Devices Receive Meltdown, Spectre Patches

March 22, 2018

Via: Security Week

The latest stable channel update for Google’s Chrome OS operating system includes mitigations for devices with Intel processors affected by the Spectre and Meltdown vulnerabilities. Meltdown and Spectre attacks exploit design flaws in Intel, AMD, ARM and other processors. They […]


Cloud security, Vulnerabilities

AMD Acknowledges Vulnerabilities, Will Roll Out Patches In Coming Weeks

March 21, 2018

Via: Threat Post

AMD on Tuesday acknowledged several vulnerabilities that had been previously reported in its Ryzen and EPYC chips, and said that it would roll out firmware patches for those flaws in the coming weeks. The response comes a week after Israel-based […]


Vulnerabilities

Programs Controlling ICS Robotics Are ‘Wide Open’ to Vulnerabilities

March 20, 2018

Via: Threat Post

Most manufacturers have connected their operational technology – including industrial control systems and robotic equipment –to the internet, yet the lack of basic security protocols leave these companies open to cyberattacks. Industrial security company Malcrawler pinpointed these dangers at Kaspersky […]


Cloud security, Vulnerabilities

New Microsoft Bug Bounty Program Looks To Squash The Next Spectre, Meltdown

March 19, 2018

Via: Threat Post

In the wake of the Meltdown and Spectre flaws, Microsoft has rolled out a new bug bounty program targeting speculative execution side channel vulnerabilities. The limited time program is open until December 31, and offers up to $250,000 for identifying […]


Hacker, Vulnerabilities

Hackers Can Abuse Text Editors for Privilege Escalation

March 15, 2018

Via: Security Week

Several popular text editors can be leveraged for privilege escalation and their developers do not plan on taking any action to prevent abuse, according to SafeBreach, a company that specializes in simulating attacks and breaches. Some text editors allow users […]


Vulnerabilities

Samba fixed two critical vulnerabilities, update your version as soon as possible

March 14, 2018

Via: Security Affairs

Maintainers at the Samba project have released new versions of the popular open-source networking software to address two critical vulnerabilities that could be exploited by unprivileged remote attackers to launch DoS attacks against servers and change any users’ passwords, including […]


Vulnerabilities

13 Critical flaws and exploitable backdoors found in various AMD chips

March 14, 2018

Via: Security Affairs

Security researchers at Israel-based CTS-Labs have discovered 13 critical vulnerabilities and exploitable backdoors in various AMD chips. The flaws could be potentially exploited to steal sensitive data, install malicious code on AMD-based systems, and gain full access to the compromised […]


Email security, Vulnerabilities

Critical Vulnerabilities Addressed in SecurEnvoy SecurMail

March 13, 2018

Via: Security Week

Multiple critical vulnerabilities impacting SecurEnvoy SecurMail could result in an attacker being able to read encrypted emails and even delete or overwrite messages in an inbox. SecurEnvoy SecurMail was meant to provide businesses with secure email communications and claims to […]