Jump to content

Search the Community

Showing results for tags 'vulnerabilities'.

  • Search By Tags

    Type tags separated by commas.
  • Search By Author

Content Type


Forums

  • Site Related
    • News & Updates
    • Site / Forum Feedback
    • Member Introduction
  • News
    • General News
    • FileSharing News
    • Mobile News
    • Software News
    • Security & Privacy News
    • Technology News
  • Downloads
    • nsane.down
  • General Discussions & Support
    • Filesharing Chat
    • Security & Privacy Center
    • Software Chat
    • Mobile Mania
    • Technology Talk
    • Entertainment Exchange
    • Guides & Tutorials
  • Off-Topic Chat
    • The Chat Bar
    • Jokes & Funny Stuff
    • Polling Station

Categories

  • Drivers
  • Filesharing
    • BitTorrent
    • eDonkey & Direct Connect (DC)
    • NewsReaders (Usenet)
    • Other P2P Clients & Tools
  • Internet
    • Download Managers & FTP Clients
    • Messengers
    • Web Browsers
    • Other Internet Tools
  • Multimedia
    • Codecs & Converters
    • Image Viewers & Editors
    • Media Players
    • Other Multimedia Software
  • Security
    • Anti-Malware
    • Firewalls
    • Other Security Tools
  • System
    • Benchmarking & System Info
    • Customization
    • Defrag Tools
    • Disc & Registry Cleaners
    • Management Suites
    • Other System Tools
  • Other Apps
    • Burning & Imaging
    • Document Viewers & Editors
    • File Managers & Archivers
    • Miscellaneous Applications
  • Linux Distributions

Find results in...

Find results that contain...


Date Created

  • Start

    End


Last Updated

  • Start

    End


Filter by number of...

  1. Severe Bugs Reported in EtherNet/IP Stack for Industrial Systems The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Thursday issued an advisory warning of multiple vulnerabilities in the OpENer EtherNet/IP stack that could expose industrial systems to denial-of-service (DoS) attacks, data leaks, and remote code execution. All OpENer commits and versions prior to February 10, 2021, are affected, although there are no known public exploits that specifically target these vulnerabilities. The four security flaws were discovered and
  2. NSA: Top 5 vulnerabilities actively abused by Russian govt hackers A joint advisory from the U.S. National Security Agency (NSA), the Cybersecurity and Infrastructure Security Agency (CISA), and the Federal Bureau of Investigation (FBI) warn that the Russian Foreign Intelligence Service (SVR) is exploiting five vulnerabilities in attacks against U.S. organizations and interests. In an advisory issued today, the NSA said that it is aware of the Russian SVR using these vulnerabilities against public-facing services to obtain authentication credentials to furt
  3. Majority of Mobile App Vulnerabilities From Open Source Code COVID-19 has impacted everything over the past year, and mobile app security is no exception. The Synopsys Cybersecurity Research Center (CyRC) took an in-depth look at application security, and discovered just how vulnerable apps that use open source code really are. According to the report, 98% of apps use open source code, and 63% of those apps have at least one known vulnerability. Open source code is no more or less vulnerable than any other code, Jonathan Knudsen, senior security strategist
  4. Adobe fixes critical vulnerabilities in Photoshop and Digital Editions Adobe has released security updates that address security vulnerabilities in Adobe Photoshop, Adobe Digital Editions, Adobe Bridge, and RoboHelp. In total, the company addressed ten security vulnerabilities affecting four products, with seven of them rated as critical as they allow arbitrary code execution or arbitrary file writes. Of all the products receiving security updates today, Adobe Bridge has the most, fixing four 'Critical' code execution bugs and two vulnerabilitie
  5. Cring Ransomware Used in Attacks on European Industrial Firms Attackers exploited a vulnerability in Fortigate VPN servers to gain access to target networks, researchers report. Researchers with Kaspersky say several companies in Europe's industrial sector were recent victims of attacks using Cring ransomware. Attackers exploited CVE-2018-13379, a vulnerability in Fortigate SSL VPN servers, to gain access to the victim's networks, researchers report. The unpatched servers were exposed to the Internet. This vulnerability was publicized in 2019 bu
  6. Samsung April 2021 security update is rolling out now to these Galaxy devices Samsung was once among the worst in the Android world when it came to updates big and small, but in 2021 they’re arguably better than Pixel. Now, Samsung is rolling out the April 2021 security update to its huge lineup of smartphones including Galaxy S21, S20, A52, and more. The April security patch, technically, hasn’t been fully released when Samsung started its rollout. Google follows a pattern of rolling out the update to its Pixel smartphones on the first Monday of every mont
  7. Airlift Express Fixes Vulnerabilities in Its E-commerce Store PrivacySavvy experts discovered an OTP vulnerability in Airlift Express, which could lead to account hacks and exploits by cybercriminals. A team of security researchers from PrivacySavvy recently discovered an OTP vulnerability in Airlift Express, which could lead to account hacks and exploits by cybercriminals. Fortunately, the company has successfully fixed the security loopholes, but the incident shows the inadequacy of one-time passwords in protecting app users. PrivacySavvy L
  8. Facebook Paid Out $50K for Vulnerabilities Allowing Access to Internal Systems A researcher says he has earned more than $50,000 from Facebook after discovering vulnerabilities that could have been exploited to gain access to some of the social media giant’s internal systems. Cybersecurity engineer and bug bounty hunter Alaa Abdulridha revealed in December 2020 that he had earned $7,500 from Facebook for discovering a vulnerability in a service apparently used by the company’s legal department. The researcher said the security hole could have been exploited to reset the
  9. Can a Programming Language Reduce Vulnerabilities? Rust offers a safer programming language, but adoption is still a problem despite recent signs of increasing popularity. When Microsoft wanted to rewrite a security-critical network processing agent to eliminate memory-safety vulnerabilities causing recurring headaches for the Microsoft Security Response Center (MSRC), the company tasked an intern and told him to rewrite the code in Rust. Rust, a programming language that has claimed the title of "most loved" among developers for five years in a row, could
  10. Samsung fixes critical Android bugs in March 2021 updates This week Samsung has started rolling out Android's March security updates to mobile devices to patch critical security vulnerabilities in the runtime, operating system, and related components. This comes after Android had published their March 2021 security updates bulletin, which includes patches for critical vulnerabilities impacting the latest devices. As observed by BleepingComputer, Samsung Galaxy devices are automatically pulling updates released on March 5, 2021, this week.
  11. Now-fixed Linux kernel vulnerabilities enabled local privilege escalation (CVE-2021-26708) Security researcher Alexander Popov has discovered and fixed five similar issues in the virtual socket implementation of the Linux kernel. The vulnerabilities could be exploited for local privilege escalation, as confirmed in experiments on Fedora 33 Server. The vulnerabilities, known together as CVE-2021-26708, have received a CVSS v3 base score of 7.0 (high severity). These vulnerabilities result from race conditions that were implicitly added with virtual sock
  12. Three New Vulnerabilities Patched in OpenSSL The OpenSSL Project on Tuesday announced the availability of patches for three vulnerabilities, including two that can be exploited for denial-of-service (DoS) attacks and one related to incorrect SSLv2 rollback protection. The most serious of the vulnerabilities, with a severity rating of moderate, is CVE-2021-23841, a NULL pointer dereference issue that can result in a crash and a DoS condition. The security hole is related to a function (X509_issuer_and_serial_hash) that is never called directly by OpenSSL its
  13. SQLite patches use-after-free bug that left apps open to code execution, denial-of-service exploits More than one trillion SQLite databases potentially active in myriad operating systems, browsers, and applications UPDATED SQLite has issued a security patch after the discovery of a use-after-free bug that, if triggered, could lead to arbitrary code execution or denial of service (DoS). The highest threat to systems running affected versions of SQLite, a C-language library that implements an SQL database engine, is to system availability, according to a
  14. Palo Alto firewall software vulnerability quartet revealed Researchers unveil details of security flaws in enterprise firewall technology UPDATED Security researchers have unveiled details of a series of flaws in Palo Alto Network’s firewall software addressed by the networking vendor last September. The swarm of four vulnerabilities covers various flaws in Palo Alto’s PAN-OS operating system that were discovered by security researchers at Positive Technologies (PT). PAN-OS is the technology behind Palo Alto Networks’ next-generation firewa
  15. Fifty shades of vulnerable: How to play it safe with your smart sex toy While you’re living out your fantasies, your internet-enabled sex toy may be setting you up for a privacy nightmare We did it. Somehow, we got through 2020 and now Valentine’s Day is just around the corner. And yet 2020’s imprint may still be observed everywhere, and – believe it or not – the COVID-19 pandemic may have increased your chances of receiving a new, internet-enabled adult toy for your love nest as this year’s Valentine’s gift. The pandemic has caused many people to hunker down
  16. Vulnerabilities hit record high in 2020, topping 18,000 Analysis of the NIST National Vulnerability Database shows that security teams were under siege defending against an unprecedented number of flaws. “city under siege, waiting for the new year” by shioshvili is licensed under CC BY-SA 2.0 Security teams were under siege last year, according to research analyzing 2020 NIST data on common vulnerabilities and exposures (CVEs) that found more security flaws – 18,103 – were disclosed in 2020 than in any other year to date. To unde
  17. Vulnerabilities in TCP/IP Stacks Allow for TCP Connection Hijacking, Spoofing Improperly generated ISNs (Initial Sequence Numbers) in nine TCP/IP stacks could be abused to hijack connections to vulnerable devices, according to new research from Forescout. TCP/IP stacks are critical components that provide basic network connectivity for a broad range of devices, IoT and OT included, and which process all incoming frames and packets. Numerous high-impact vulnerabilities affecting the TCP/IP stacks have already been publicly disclosed, including the Ripple20 a
  18. Intel fixes vulnerabilities in Windows, Linux graphics drivers Intel addressed 57 security vulnerabilities during this month's Patch Tuesday, including high severity ones impacting Intel Graphics Drivers. 40 of them were found internally by Intel, while the other 17 were externally reported, almost all through Intel's Bug Bounty program. The security bugs are detailed in the 19 security advisories published by Intel on its Product Security Center, with security and functional updates being delivered to users through the Intel Platform Update (IP
  19. Google Launches Database for Open Source Vulnerabilities Google last week announced the launch of OSV (Open Source Vulnerabilities), which the internet giant has described as a vulnerability database and triage infrastructure for open source projects. OSV should make it easier for the users of open source software to find out which vulnerabilities impact them. It can also help maintainers of open source software accurately identify all versions and commits impacted by a flaw across all their branches. For consumers, Google says OSV provides a database
  20. Geeni smart doorbells, cameras riddled with flaws, research finds Geeni Camera Doorbell Walmart and Amazon are continuing to sell faulty smart doorbells and cameras filled with vulnerabilities that could expose customers’ sensitive information, according to research published Thursday. The vulnerabilities, found in Geeni- and Merkury-branded security cameras and smart doorbells, would allow attackers to take full control of devices and remotely disable cameras through a denial of service attack in some cases, according to the research. In others, the flaws could
  21. Skype ‘spoofing vulnerabilities’ are a haven for social engineering attacks, security researcher claims Microsoft doesn’t feel the bugs are important enough to fix immediately, although one researcher disagrees Several purported security flaws in Skype have been disclosed publicly, but Microsoft claims they do not need “immediate security servicing”. On February 2, researcher “mr.d0x,” also known as “TheCyberSecurityTutor”, publicly disclosed a “plague” of spoofing vulnerabilities in the Microsoft-owned remote chat and video app. The resear
  22. Pwnable Document Format: Windows PDF viewers outperformed by browser, macOS, Linux counterparts Security researchers document their exploits in picking apart dozens of PDF software brands The vast majority of the most popular Windows-native PDF viewers were vulnerable to multiple attack techniques exploiting standard PDF features, a team of security researchers has discovered. Several PDF software brands were vulnerable to the most serious attacks, which resulted in local file leakage, file write access, and remote code execution (RCE), academics from
  23. Several vulnerabilities have been found and patched in the Kace K1000 systems management appliance from Quest. The impacted appliance allows enterprises to manage their network-connected devices, including to inventory hardware and software, patch applications and operating systems, and ensure software license compliance. The product was at one point offered by Dell, which acquired Quest in 2012 and sold it to Francisco Partners and Elliott Management Corporation in 2016. According to an advisory published by the CERT Coordination Center (CERT/CC) at Carneg
  24. Four of the flaws are publicly known but none have been listed as under active attack. Microsoft today patched 88 software vulnerabilities and issued four advisories as part of its monthly Patch Tuesday update. Four are publicly known; none have been seen exploited in the wild. The June fixes released today cover a broad range of products and services including Microsoft Windows, Internet Explorer, Edge, Office, Office Services and Web Apps, ChakraCore, Skype for Business, Microsoft Lync, Exchange Server, Azure, and SQL Server. Twenty-one patches were deeme
  25. The Chinese technology giant's enormous product and service footprint gives it access to more data than almost any other single organization, Recorded Future says. A new report from threat intelligence firm Recorded Future portrays Chinese technology giant Huawei as presenting a substantially bigger threat to US interests and organizations than currently perceived. According to the firm, Huawei's enormous range of technologies and products and its global customer base has put the company in a position to access an unprecedented amount of information on organizatio
×
×
  • Create New...