The Hacker News Logo
Subscribe to Newsletter

The Hacker News — Cyber Security and Hacking News Website: Search results for vulnerabilities

13 Critical Flaws Discovered in AMD Ryzen and EPYC Processors

13 Critical Flaws Discovered in AMD Ryzen and EPYC Processors

March 13, 2018Swati Khandelwal
Security researchers claimed to have discovered 13 critical Spectre/Meltdown -like vulnerabilities throughout AMD's Ryzen and EPYC lines of processors that could allow attackers to access sensitive data, install persistent malware inside the chip, and gain full access to the compromised systems. All these vulnerabilities reside in the secure part of the AMD's Zen architecture processors and chipsets—typically where device stores sensitive information such as passwords and encryption keys and makes sure nothing malicious is running when you start your PC. The alleged vulnerabilities are categorized into four classes—RYZENFALL, FALLOUT, CHIMERA, and MASTERKEY—and threaten wide-range of servers, workstations, and laptops running vulnerable AMD Ryzen, Ryzen Pro, Ryzen Mobile or EPYC processors. Discovered by a team of researchers at Israel-based CTS-Labs, newly disclosed  unpatched vulnerabilities defeat AMD's Secure Encrypted Virtualization (SEV) technology and could
Microsoft, Adobe and Mozilla issue Critical Security Patch Updates

Microsoft, Adobe and Mozilla issue Critical Security Patch Updates

May 13, 2015Mohit Kumar
This week you have quite a long list of updates to follow from Microsoft, Adobe as well as Firefox. Despite announcing plans to kill its monthly patch notification for Windows 10, the tech giant has issued its May 2015 Patch Tuesday , releasing 13 security bulletins that addresses a total of 48 security vulnerabilities in many of their products. Separately, Adobe has also pushed a massive security update to fix a total of 52 vulnerabilities in its Flash Player, Reader, AIR and Acrobat software. Moreover, Mozilla has fixed 13 security flaws in its latest stable release of Firefox web browser, Firefox 38, including five critical flaws. First from the Microsoft’s side: MICROSOFT PATCH TUESDAY Three out of 13 security bulletins issued by the company are rated as 'critical', while the rest are 'important' in severity, with none of these vulnerabilities are actively exploited at this time. The affected products include Internet Explorer (IE),
Thousands of High-Risk Vulnerabilities Found in NOAA Satellite System

Thousands of High-Risk Vulnerabilities Found in NOAA Satellite System

September 10, 2014Swati Khandelwal
The informational systems that the National Oceanic and Atmospheric Administration (NOAA) run are loaded with several critical vulnerabilities that could leave it vulnerable to cyber attacks. According to the findings of an audit recently conducted by the Department of Commerce’s Office of the Inspector General (OIG), the Joint Polar Satellite System’s (JPSS) ground system is vulnerable to a large number of high-risk vulnerabilities. The JPSS ground system is used to collect data from several polar-orbiting weather satellites, and distribute the information to users worldwide. This system also provides command, control and data processing for current and future weather satellites. But, the vulnerabilities identified in the system could impair technology controlling the United States’ next generation of polar-orbiting environmental satellites. “ Our analysis of the JPSS program’s assessments of system vulnerabilities found that, since FY 2012, the number of high-ris
Critical Flaws Found in VxWorks RTOS That Powers Over 2 Billion Devices

Critical Flaws Found in VxWorks RTOS That Powers Over 2 Billion Devices

July 29, 2019Swati Khandelwal
Security researchers have discovered almost a dozen zero-day vulnerabilities in VxWorks, one of the most widely used real-time operating systems (RTOS) for embedded devices that powers over 2 billion devices across aerospace, defense, industrial, medical, automotive, consumer electronics, networking, and other critical industries. According to a new report Armis researchers shared with The Hacker News prior to its release, the vulnerabilities are collectively dubbed as URGENT/11 as they are 11 in total, 6 of which are critical in severity leading to 'devastating' cyberattacks. Armis Labs is the same IoT security company that previously discovered the BlueBorne vulnerabilities in Bluetooth protocol that impacted more than 5.3 Billion devices—from Android, iOS, Windows and Linux to the Internet of things (IoT). These vulnerabilities could allow remote attackers to bypass traditional security solutions and take full control over affected devices or "cause disruption on
WhiteSource Bolt for GitHub: Free Open Source Vulnerability Management App for Developers

WhiteSource Bolt for GitHub: Free Open Source Vulnerability Management App for Developers

December 05, 2018Wang Wei
Developers around the world depend on open source components to build their software products. According to industry estimates, open source components account for 60-80% of the code base in modern applications. Collaboration on open source projects throughout the community produces stronger code, squashing the bugs and catching the vulnerabilities that impact the security of organizations who look to open source components as the key to their application building success. Thanks in part to the "thousand eyeballs" of the community, the number of reported vulnerabilities in open source projects is on the rise, spiking 51% in 2017 from the previous year. This is even more concerning since, as shown in the same study, most vulnerabilities are found in popular projects. Data shows that 32% of the top 100 open source projects have at least one vulnerability, meaning that developers have their work cut out for them, no matter which components they are using in their products.
Windows? NO, Linux and Mac OS X Most Vulnerable Operating System In 2014

Windows? NO, Linux and Mac OS X Most Vulnerable Operating System In 2014

February 24, 2015Swati Khandelwal
Apple’s operating system is considered to be the most secure operating system whether it’s Mac OS X for desktop computers or iOS for iPhones. But believe it or not, they are the most vulnerable operating system of year 2014. MOST VULNERABLE OPERATING SYSTEM  Windows, which is often referred to as the most vulnerable operating system in the world and also an easy pie for hackers, is not even listed on the top three vulnerable OS. According to an analysis by the network and security solutions provider GFI, the top three most vulnerable operating system are: Apple’s Mac OS X Apple iOS Linux kernel GFI analysis is based on the data from the US National Vulnerability Database (NVD ), which shows that in 2014, the top three most vulnerable operating systems took owner by the following number of vulnerabilities reported in their software: Mac OS X - Total 147 vulnerabilities were reported, 64 of which were rated as high-severity Apple’s iOS - Total 127 vulnerabilities were reported,
Vulnerability Management: Think Like an Attacker to Prioritize Risks

Vulnerability Management: Think Like an Attacker to Prioritize Risks

June 05, 2014Swati Khandelwal
Attackers care about ROI – they want to accomplish their objective with the least investment of time and resources possible. The same is true for you - to most effectively manage vulnerabilities, you need to think like an attacker. Ask yourself: How would you go about compromising systems, exfiltrating valuable information and making money? What are the key assets in your network that you would target? How would you get to these assets? Attackers are looking for vulnerabilities that are exposed – ones offering them an easy way to penetrate your network and pivot into the truly valuable assets on your network. Although zero-day exploits are heavily publicized, attackers more often use older, proven exploits very effectively. Fortunately, many such exploits are well known and have clear remediation methods. So, how can you determine if a known vulnerability is actually exploitable? The key is to correlate system vulnerabilities with threat intelligence so you can prioriti
4 New BlueKeep-like 'Wormable' Windows Remote Desktop Flaws Discovered

4 New BlueKeep-like 'Wormable' Windows Remote Desktop Flaws Discovered

August 13, 2019Swati Khandelwal
If you are using any supported version of the Windows operating system, stop everything and install the latest security updates from Microsoft immediately. Windows operating system contains four new critical wormable, remote code execution vulnerabilities in Remote Desktop Services, similar to the recently patched ' BlueKeep ' RDP vulnerability. Discovered by Microsoft's security team itself, all four vulnerabilities, CVE-2019-1181 , CVE-2019-1182 , CVE-2019-1222 , and CVE-2019-1226 , can be exploited by unauthenticated, remote attackers to take control of an affected computer system without requiring any user interaction. Just like BlueKeep RDP flaw , all four newly discovered vulnerabilities are also wormable and could be exploited by potential malware to propagate itself from one vulnerable computer to another automatically. "An attacker can get code execution at the system level by sending a specially crafted pre-authentication RDP packet to an affected RD
Adobe Releases Security Patch Updates For 112 Vulnerabilities

Adobe Releases Security Patch Updates For 112 Vulnerabilities

July 10, 2018Swati Khandelwal
Adobe has released security patches for a total 112 vulnerabilities in its products, most of which have a higher risk of being exploited. The vulnerabilities addressed in this month's patch Tuesday affect Adobe Flash Player, Adobe Experience Manager, Adobe Connect, Adobe Acrobat, and Reader. None of the security vulnerabilities patched this month were either publicly disclosed or found being actively exploited in the wild. Adobe Flash Player (For Desktops and Browsers) Security updates include patches for two vulnerabilities in Adobe Flash Player for various platforms and application, as listed below. One of which has been rated critical (CVE-2018-5007), and successful exploitation of this "type confusion" flaw could allow an attacker to execute arbitrary code on the targeted system in the context of the current user. This flaw was discovered and reported to Adobe by willJ of Tencent PC Manager working with Trend Micro's Zero Day Initiative. Withou
36-Year-Old SCP Clients' Implementation Flaws Discovered

36-Year-Old SCP Clients' Implementation Flaws Discovered

January 15, 2019Mohit Kumar
A set of 36-year-old vulnerabilities has been uncovered in the Secure Copy Protocol (SCP) implementation of many client applications that can be exploited by malicious servers to overwrite arbitrary files in the SCP client target directory unauthorizedly. Session Control Protocol (SCP), also known as secure copy, is a network protocol that allows users to securely transfer files between a local host and a remote host using RCP (Remote Copy Protocol) and SSH protocol. In other terms, SCP, which dates back to 1983, is a secure version of RCP that uses authentication and encryption of SSH protocol to transfer files between a server and a client. Discovered by Harry Sintonen, one of F-Secure's Senior Security Consultants, the vulnerabilities exist due to poor validations performed by the SCP clients, which can be abused by malicious servers or man-in-the-middle (MiTM) attackers to drop or overwrite arbitrary files on the client's system. "Many scp clients fail to ver
Chinese Hackers Find Over a Dozen Vulnerabilities in BMW Cars

Chinese Hackers Find Over a Dozen Vulnerabilities in BMW Cars

May 23, 2018Mohit Kumar
Chinese security researchers have discovered more than a dozen vulnerabilities in the onboard compute units of BMW cars, some of which can be exploited remotely to compromise a vehicle. The security flaws have been discovered during a year-long security audit conducted by researchers from Keen Security Lab, a cybersecurity research unit of Chinese firm Tencent, between January 2017 and February 2018. In March 2018, the team responsibly disclosed 14 different vulnerabilities directly to the BMW Group, which affects its vehicles since at least 2012. These are the same group of researchers who have previously found multiple vulnerabilities in various in-car modules used by Tesla , that could have been exploited to achieve remote controls on a target car. Now that BMW started rolling out patches for the vulnerabilities to car owners, the researchers have gone public with a 26-page technical report [ PDF ] describing their findings, though they avoided publishing some important t
8 New Spectre-Class Vulnerabilities (Spectre-NG) Found in Intel CPUs

8 New Spectre-Class Vulnerabilities (Spectre-NG) Found in Intel CPUs

May 05, 2018Mohit Kumar
A team of security researchers has reportedly discovered a total of eight new " Spectre-class " vulnerabilities in Intel CPUs, which also affect at least a small number of ARM processors and may impact AMD processor architecture as well. Dubbed Spectre-Next Generation , or Spectre-NG , the partial details of the vulnerabilities were first leaked to journalists at German computer magazine Heise, which claims that Intel has classified four of the new vulnerabilities as "high risk" and remaining four as "medium." The new CPU flaws reportedly originate from the same design issue that caused the original Spectre flaw , but the report claims one of the newly discovered flaws allows attackers with access to a virtual machine (VM) to easily target the host system, making it potentially more threatening than the original Spectre vulnerability. "Alternatively, it could attack the VMs of other customers running on the same server. Passwords and secret k
Secunia launches Secunia Vulnerability Intelligence Manager 4.0

Secunia launches Secunia Vulnerability Intelligence Manager 4.0

October 30, 2012Mohit Kumar
78% of vulnerabilities are found in third-party programs. Security teams cannot monitor all of them manually or determine which ones are critical to their organization. Secunia, the leading provider of IT security solutions that enables businesses and private individuals to manage and control vulnerability threats, today announced the general availability of the new version of Secunia’s Vulnerability Intelligence Manager, the VIM 4.0. The Secunia VIM 4.0 is the latest evolutionary step in the technology Secunia has developed to help organizations handle vulnerabilities and protect business critical information and assets against potential attacks. Because it covers more than 40,000 software systems and applications, the VIM 4.0 solution provides the most comprehensive intelligence about software vulnerabilities available to organizations, ensuring that all security threats can be dealt with before the IT infrastructure is compromised by cybercriminals . “  We're very happy with
New Class of CPU Flaws Affect Almost Every Intel Processor Since 2011

New Class of CPU Flaws Affect Almost Every Intel Processor Since 2011

May 14, 2019Swati Khandelwal
Academic researchers today disclosed details of the newest class of speculative execution side-channel vulnerabilities in Intel processors that impacts all modern chips, including the chips used in Apple devices. After the discovery of Spectre and Meltdown processor vulnerabilities earlier last year that put practically every computer in the world at risk, different classes of Spectre and Meltdown variations surfaced again and again. Now, a team of security researchers from multiple universities and security firms has discovered different but more dangerous speculative execution side-channel vulnerabilities in Intel CPUs. The newly discovered flaws could allow attackers to directly steal user-level, as well as system-level secrets from CPU buffers, including user keys, passwords, and disk encryption keys. Speculative execution is a core component of modern processors design that speculatively executes instructions based on assumptions that are considered likely to be true.
Exclusive Deals

Get Daily News Updates By Email

Join over 350,000 information security professionals — Get the best of our cyber security coverage delivered to your inbox every morning.