New Spectre attack enables secrets to be leaked over a network
It’s no longer necessary to run attacker code on the victim system. When the Spectre and Meltdown attacks were disclosed earlier this year, the initial exploits required an attacker to be able to run code of their choosing on a victim system. This made browsers vulnerable, as…
Decade-old Bluetooth flaw lets hackers steal data passing between devices
Serious error in the wireless protocol also lets hackers tamper with data. A large number of device makers is patching a serious vulnerability in the Bluetooth specification that allows attackers to intercept and tamper with data exchanged wirelessly. People who use Bluetooth to connect smartphones,…
Security expert discovered Kernel Level Privilege Escalation vulnerability in the Availability Suite Service component of Oracle Solaris 10 and 11.3
Security researchers from Trustwave have discovered a new high severity vulnerability, tracked as CVE-2018-2892, that affected the Availability Suite Service component in Oracle Solaris 10 and 11.3. The flaw could be exploited by a remote authenticated attacker to execute code with elevated privileges. “A local…
Apache Tomcat Patches Important Security Vulnerabilities
The Apache Software Foundation (ASF) has released security updates to address several vulnerabilities in its Tomcat application server, one of which could allow a remote attacker to obtain sensitive information. Apache Tomcat is an open source web server and servlet system, which uses several Java…
Sony addresses remotely exploitable flaws in Sony IPELA E Network Cameras
Sony fixed 2 remotely exploitable flaws in Sony IPELA E Series Network Camera products that could be exploited to execute commands or arbitrary code. Sony addressed two remotely exploitable flaws in Sony IPELA E Series Network Camera products that could be exploited to execute commands or arbitrary code…
SpectreRSB – new Spectre CPU side-channel attack using the Return Stack Buffer
Researchers from the University of California, Riverside (UCR) have devised a new Spectre CPU side-channel attack called SpectreRSB. SpectreRSB leverage the speculative execution technique that is implemented by most modern CPUs to optimize performance. Differently, from other Spectre attacks, SpectreRSB recovers data from the speculative execution process by targeting…
Attacks on Oracle WebLogic Servers Detected After Publication of PoC Code
Oracle WebLogic servers are under attack from hackers who are trying to take over vulnerable installations that have not received a recent patch for a critical vulnerability. The security bug at the heart of these hacking attempts is CVE-2018-2893, a vulnerability in a component of the…
SpectreRSB – new Spectre CPU side-channel attack using the Return Stack Buffer
Researchers from the University of California, Riverside (UCR) have devised a new Spectre CPU side-channel attack called SpectreRSB. SpectreRSB leverage the speculative execution technique that is implemented by most modern CPUs to optimize performance. Differently, from other Spectre attacks, SpectreRSB recovers data from the speculative execution process by…
Cisco fixes critical and high severity flaws in Policy Suite and SD-WAN products
Cisco has found over a dozen critical and high severity vulnerabilities in its Policy Suite, SD-WAN, WebEx and Nexus products. The tech giant has reported customers four critical vulnerabilities affecting the Policy Suite. The flaws tracked as CVE-2018-0374, CVE-2018-0375, CVE-2018-0376, and CVE-2018-0377 have been discovered during internal testing. Two of these flaws…
Russia’s national vulnerability database is a bit like the Soviet Union – sparse and slow
Russia’s vulnerability database is much thinner than its US or Chinese counterparts – but it does contain a surprisingly high percentage of security bugs exploited by its cyber-spies. Recorded Future’s Priscilla Moriuchi and Dr Bill Ladd found the database is highly focused yet incomplete, slow…
Stay connected