Microsoft releases patch for zero-day in Windows
Yesterday it was Patch Tuesday for Microsoft. The company has solved 62 vulnerabilities in its software this month. Among the fixes there is also a solution for a zero-day vulnerability that was actively exploited. As of today, this is no longer possible with people who update their device.
Microsof... Read more
Vulnerability DJI drones made live images available and take over drones possible
Check Point security researchers discovered a vulnerability in dronemaker DJI's software last March. Malicious parties would have access to the drone maker's accounts, without the need for a password. The hole was closed last September.
The researchers at Check Point report this in an extensive repo... Read more
Intel processors face new side-channel vulnerability
Intel processors are facing a new vulnerability. This enables attackers to leak encrypted data from the CPU's internal processes. The vulnerability was named PortSmash and was discovered by a team of five academics from Finland and Cuba.
The researchers state that every CPU is designed with a Simult... Read more
Bluetooth vulnerabilities found in access points of Cisco, Meraki and Aruba
Armis security researchers have found a vulnerability in Bluetooth Low Energy chips from Texas Instruments. This makes access points from Cisco, Cisco Meraki and Aruba Networks vulnerable to hacking. The vulnerabilities affect the routers in various ways, depending on the manufacturer.
The researche... Read more
Cisco vulnerability to crash systems used in the wild
Cisco's security team revealed earlier this year that products running Adaptive Security Appliance (ASA) and Firepower Threat Defense (FTD) software had a zero-day vulnerability. Now it appears that this vulnerability has been abused in the wild. There are no patches for the problem yet.
The vulnera... Read more
New vulnerability affects most Linux and BSD distros
A new security error affects most Linux and BSD distros. The problem lies in the escalation of consents and should be relatively easy to solve. But at the moment it is a widespread error, which has an impact on a large number of systems.
The Linux and BSD variants that use the popular X.Org Server p... Read more
Patch Microsoft released for JET vulnerability is not complete
The patch Microsoft released for JET vulnerability does not seem to be complete. The vulnerability still seems to exist in the JET database engine. That while Microsoft thought it had closed the gap at Patch Tuesday last week.
The vulnerability came to light sometime in mid-September when the Trend ... Read more
Consumer version Google+ is closed after discovery vulnerability
The consumer version of Google+ is closed. Google's Facebook competitor appears to have had a vulnerability for years, so that user data could easily be viewed by third parties. Many people had expected that the service would stop with a sigh, but now it turns out that it would happen with a bang.
Y... Read more
Researchers find multiple critical vulnerabilities in Atlantis Word Processor
Researchers have found a series of critical vulnerabilities in the Atlantis Word Processor, allowing attackers to execute code. Cisco Talos security researchers wrote last night about the bugs found in Atlantis Word Processor versions 3.0.2.3, 3.2.5.0 and 3.2.6.
The Atlantis Word Processor is softwa... Read more
Cisco releases patch for error that gives hackers control over systems
Cisco released a patch for its Video Surveillance Manager. There was an error in the software that caused credentials to be hardcoded in the root account. Hackers could therefore control an affected system as a root user, should they discover the credentials.
Cisco recommends administrators of appli... Read more