Cybersecurity researchers have disclosed multiple vulnerabilities in a third-party driver software developed by Eltima that have been "unwittingly inherited" by cloud desktop solutions like Amazon Workspaces, Accops, and NoMachine and could provide attackers a path to perform an array of malicious activities. "These vulnerabilities allow attackers to escalate privileges … [Read more...] about Eltima SDK Contain Multiple Vulnerabilities Affecting Several Cloud Service Provides
Affecting
New UAF Vulnerability Affecting Microsoft Office to be Patched Today
Four security vulnerabilities discovered in the Microsoft Office suite, including Excel and Office online, could be potentially abused by bad actors to deliver attack code via Word and Excel documents. "Rooted from legacy code, the vulnerabilities could have granted an attacker the ability to execute code on targets via malicious Office documents, such as Word, Excel and … [Read more...] about New UAF Vulnerability Affecting Microsoft Office to be Patched Today
Microsoft Finds ‘BadAlloc’ Flaws Affecting Wide-Range of IoT and OT Devices
Microsoft researchers on Thursday disclosed two dozen vulnerabilities affecting a wide range of Internet of Things (IoT) and Operational Technology (OT) devices used in industrial, medical, and enterprise networks that could be abused by adversaries to execute arbitrary code and even cause critical systems to crash. "These remote code execution (RCE) vulnerabilities cover more … [Read more...] about Microsoft Finds ‘BadAlloc’ Flaws Affecting Wide-Range of IoT and OT Devices
Critical Flaws Affecting GE’s Universal Relay Pose Threat to Electric Utilities
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has warned of critical security shortcomings in GE's Universal Relay (UR) family of power management devices. "Successful exploitation of these vulnerabilities could allow an attacker to access sensitive information, reboot the UR, gain privileged access, or cause a denial-of-service condition," the agency said in … [Read more...] about Critical Flaws Affecting GE’s Universal Relay Pose Threat to Electric Utilities
Researchers Warn of Critical Flaw Affecting Industrial Automation Systems
A critical vulnerability uncovered in Real-Time Automation's (RTA) 499ES EtherNet/IP (ENIP) stack could open up the industrial control systems to remote attacks by adversaries. RTA's ENIP stack is one of the widely used industrial automation devices and is billed as the "standard for factory floor I/O applications in North America." "Successful exploitation of this … [Read more...] about Researchers Warn of Critical Flaw Affecting Industrial Automation Systems
Capital One Fined $80 Million for 2019 Data Breach Affecting 106 Million Users
A United States regulator has fined the credit card provider Capital One Financial Corp with $80 million over last year's data breach that exposed the personal information of more than 100 million credit card applicants of Americans.The fine was imposed by the Office of the Comptroller of the Currency (OCC), an independent bureau within the United States Department of the … [Read more...] about Capital One Fined $80 Million for 2019 Data Breach Affecting 106 Million Users
Researchers Reveal New Security Flaw Affecting China’s DJI Drones
Cybersecurity researchers on Thursday revealed security issues in the Android app developed by Chinese drone-maker Da Jiang Innovations (DJI) that comes with an auto-update mechanism that bypasses Google Play Store and could be used to install malicious applications and transmit sensitive personal information to DJI's servers.The twin reports, courtesy of cybersecurity firms … [Read more...] about Researchers Reveal New Security Flaw Affecting China’s DJI Drones
Citrix Issues Critical Patches for 11 New Flaws Affecting Multiple Products
Citrix yesterday issued new security patches for as many as 11 security flaws that affect its Citrix Application Delivery Controller (ADC), Gateway, and SD-WAN WAN Optimization edition (WANOP) networking products.Successful exploitation of these critical flaws could let unauthenticated attackers perform code injection, information disclosure, and even denial-of-service attacks … [Read more...] about Citrix Issues Critical Patches for 11 New Flaws Affecting Multiple Products
New 0-Day Flaw Affecting Most Android Phones Being Exploited in the Wild
Another day, another revelation of a critical unpatched zero-day vulnerability, this time in the world's most widely used mobile operating system, Android.What's more? The Android zero-day vulnerability has also been found to be exploited in the wild by the Israeli surveillance vendor NSO Group—infamous for selling zero-day exploits to governments—or one of its customers, to … [Read more...] about New 0-Day Flaw Affecting Most Android Phones Being Exploited in the Wild
Researcher Drops phpMyAdmin Zero-Day Affecting All Versions
A cybersecurity researcher recently published details and proof-of-concept for an unpatched zero-day vulnerability in phpMyAdmin—one of the most popular applications for managing the MySQL and MariaDB databases.phpMyAdmin is a free and open source administration tool for MySQL and MariaDB that's widely used to manage the database for websites created with WordPress, Joomla, and … [Read more...] about Researcher Drops phpMyAdmin Zero-Day Affecting All Versions