Sony addresses remotely exploitable flaws in Sony IPELA E Network Cameras
Sony fixed 2 remotely exploitable flaws in Sony IPELA E Series Network Camera products that could be exploited to execute commands or arbitrary code. Sony addressed two remotely exploitable flaws in Sony IPELA E Series Network Camera products that could be exploited to execute commands or arbitrary code…
SpectreRSB – new Spectre CPU side-channel attack using the Return Stack Buffer
Researchers from the University of California, Riverside (UCR) have devised a new Spectre CPU side-channel attack called SpectreRSB. SpectreRSB leverage the speculative execution technique that is implemented by most modern CPUs to optimize performance. Differently, from other Spectre attacks, SpectreRSB recovers data from the speculative execution process by targeting…
Attacks on Oracle WebLogic Servers Detected After Publication of PoC Code
Oracle WebLogic servers are under attack from hackers who are trying to take over vulnerable installations that have not received a recent patch for a critical vulnerability. The security bug at the heart of these hacking attempts is CVE-2018-2893, a vulnerability in a component of the…
SpectreRSB – new Spectre CPU side-channel attack using the Return Stack Buffer
Researchers from the University of California, Riverside (UCR) have devised a new Spectre CPU side-channel attack called SpectreRSB. SpectreRSB leverage the speculative execution technique that is implemented by most modern CPUs to optimize performance. Differently, from other Spectre attacks, SpectreRSB recovers data from the speculative execution process by…
Cisco fixes critical and high severity flaws in Policy Suite and SD-WAN products
Cisco has found over a dozen critical and high severity vulnerabilities in its Policy Suite, SD-WAN, WebEx and Nexus products. The tech giant has reported customers four critical vulnerabilities affecting the Policy Suite. The flaws tracked as CVE-2018-0374, CVE-2018-0375, CVE-2018-0376, and CVE-2018-0377 have been discovered during internal testing. Two of these flaws…
Russia’s national vulnerability database is a bit like the Soviet Union – sparse and slow
Russia’s vulnerability database is much thinner than its US or Chinese counterparts – but it does contain a surprisingly high percentage of security bugs exploited by its cyber-spies. Recorded Future’s Priscilla Moriuchi and Dr Bill Ladd found the database is highly focused yet incomplete, slow…
Passwords for Tens of Thousands of Dahua Devices Cached in IoT Search Engine
Login passwords for tens of thousands of Dahua devices have been cached inside search results returned by ZoomEye, a search engine for discovering Internet-connected devices (also called an IoT search engine). Discovered by Ankit Anubhav, Principal Researcher at NewSky Security, a cyber-security company specialized in…
Two New Spectre-Class CPU Flaws Discovered—Intel Pays $100K Bounty
Intel has paid out a $100,000 bug bounty for new processor vulnerabilities that are related to Spectre variant one (CVE-2017-5753). The new Spectre-class variants are tracked as Spectre 1.1 (CVE-2018-3693) and Spectre 1.2, of which Spectre 1.1 described as a bounds-check bypass store attack has…
Microsoft Releases Patch Updates for 53 Vulnerabilities In Its Software
It’s time to gear up your systems and software for the latest July 2018 Microsoft security patch updates. Microsoft today released security patch updates for 53 vulnerabilities, affecting Windows, Internet Explorer (IE), Edge, ChakraCore, .NET Framework, ASP.NET, PowerShell, Visual Studio, and Microsoft Office and…
Stolen D-Link Certificate Used to Digitally Sign Spying Malware
Digitally signed malware has become much more common in recent years to mask malicious intentions. Security researchers have discovered a new malware campaign misusing stolen valid digital certificates from Taiwanese tech-companies, including D-Link, to sign their malware and making them look like legitimate applications. As…
Stay connected