22 Critical Flaws Patched in Adobe Photoshop
As part of this month’s patch Tuesday, Adobe has released fixes for 119 security vulnerabilities in its products, 25 of which are high severity flaws. Adobe Photoshop CC accounted for 22 critical bugs. Adobe warns that exploitation of these issues “could lead to arbitrary code execution in the context of
Researchers find security flaws in 40 kernel drivers from 20 vendors
Security researchers at Eclypsium have discovered major security vulnerabilities in over 40 kernel drivers from 20 different hardware vendors. The flaws are the result of poor software design choices and allow applications with limited privileges to use driver functions in order to perform malicious actions that can impact highly sensitive parts
Warning As Dangerous Cybersecurity Risks Found In Mainstream Office Printers: Report
A new study by security researchers at NCC Group has found “vulnerabilities and exploitations relating to devices made by six of the largest enterprise printer makers in the world.” More specifically, the researchers discovered that serious flaws present in Xerox, HP, Lexmark, Kyocera, Brother, and Ricoh printers could be exploited
Decade-old remote code execution bug found in phones used by Fortune 500
Researchers with McAfee have discovered a critical security flaw in the firmware of the Avaya 9600 series IP desk phone that is used by enterprises, including Fortune 500 companies. The vulnerability can allow threat actors to remotely execute code on phones with the highest privileges. The remote code execution (RCE)
Android Alert: Users Urged To Patch Critical Flaw In Qualcomm Snapdragon Chips, Millions At Risk
Security researchers at Chinese Internet giant Tencent have discovered a series of critical security flaws affecting recent Qualcomm chips including the Snapdragon 835 and 845 that are used in highly popular Android phones like the Samsung Galaxy S9, the Google Pixel 3 and the OnePlus 6, which means that millions
Series of Zero-Day Vulnerabilities Could Endanger 200 Million Devices
Security researchers with Armis have uncovered 11 critical zero-day flaws in VxWorks, a real-time operating system (RTOS) used in 2 billion Internet-of-things (IoT) devices. The flaws don’t impact all VxWorks versions, but are estimated to affect about 200 million devices. 6 of the vulnerabilities allow for remote code execution (RCE),
Critical RCE Flaw in Palo Alto Gateways Hits Uber
Tenable researchers have uncovered a remote code-execution (RCE) flaw affecting the VPN software offered by Palo Alto Networks. The vulnerability, tracked as CVE-2019-1579, was inadvertently fixed in the latest versions of the software, even though the company was unaware of it at the time. However, older versions of the VPN
800K Systems Still Vulnerable to BlueKeep
A recent Internet scan by BitSight found a total of 805,665 were still vulnerable the highly critical BlueKeep security flaw (CVE-2019-0708) that impacts Remote Desktop Protocol (RDP) implementations on older Windows operating systems. This represents a 17.8% decrease since last month, when a similar scan found close to 973,000 vulnerable
July 2019 Patch Tuesday: Microsoft plugs two actively exploited zero-days
As part of this month’s Patch Tuesday, Microsoft issued fixes for 78 vulnerabilities, including 15 critical flaws of which two are actively being exploited in cyber campaigns. The two zero-days are tracked as CVE-2019-0880 and CVE-2019-1132 and both are privilege escalation flaws. The former flaw affects all modern Windows versions, while the
More Than Half of SMB Devices Run Outdated Operating Systems
New research by Alert Logic highlights common issues putting small to mid-sized businesses (SMBs) at risk of cyberattacks. The survey found that two in three (66%) SMBs still rely on operating systems that are no longer supported or will cease to be supported within the next 6 months (Windows 7