Vulnerability Management

January 29, 2021

Flaws in open source library used by DoD, IC for satellite imagery could lead to system takeovers

Two vulnerabilities discovered could lead to remote code execution, while another could lead to denial of service attacks.

The post Flaws in open source library used by DoD, IC for satellite imagery could lead to system takeovers appeared first on SC Media.

January 28, 2021

Azure Functions vulnerability proves cloud users not always in control

A newly discovered Azure Functions vulnerability lets an attacker escalate privileges and escape the Azure Functions Docker to the Docker host. After an internal assessment, Microsoft determined that the vulnerability has no security impact on Azure Functions users because the Docker host itself gets protected by a Microsoft Hyper-V boundary, according to researchers from Intezer…

The post Azure Functions vulnerability proves cloud users not always in control appeared first on SC Media.

January 27, 2021

Apple Patches Three New iOS Zero-Days

While Apple has a significant focus on making iOS secure, one researcher said increasingly complex capabilities often bring vulnerabilities.

The post Apple Patches Three New iOS Zero-Days appeared first on SC Media.

January 26, 2021

Users of IoT products from three major vendors at risk of DDoS attacks, data leaks

Softing Industrial Automation GmbH, Kepware PTC, and Matrikon Honeywell all provided fixes for their respective products after security firm Claroty privately disclosed them during 2020.

The post Users of IoT products from three major vendors at risk of DDoS attacks, data leaks appeared first on SC Media.

January 23, 2021

SonicWall network attacked via zero days in its VPN and secure access solutions

Cybersecurity firm SonicWall disclosed Friday night that hackers attacked the company’s internal networks by first exploiting zero-day vulnerabilities in its very own secure remote access products. SC Media received an anonymous tip Friday that SonicWall had suffered an attack, but did not get confirmation ahead of the disclosure by the company. SonicWall, whose product line…

The post SonicWall network attacked via zero days in its VPN and secure access solutions appeared first on SC Media.

January 20, 2021

With all eyes on the inauguration, lessons in the convergence of physical and digital security emerge

Washington, D.C. is on high alert, extending a special designation for security that always applies to inaugurations to Jan. 21, and calling in the National Guard. But in the wake of the attack on the Capitol, protection of digital assets is paramount.

The post With all eyes on the inauguration, lessons in the convergence of physical and digital security emerge appeared first on SC Media.

January 19, 2021

7 vulnerabilities in popular DNS forwarding software open door to range of attacks

Researchers at JSOF have discovered distinct spoofing and buffer overflow vulnerabilities associated with DNSMasq, used in networking devices to cache and forward Domain Name System requests.

The post 7 vulnerabilities in popular DNS forwarding software open door to range of attacks appeared first on SC Media.