Most SAP implementations continue to be impacted by a security configuration flaw initially documented in 2005, Onapsis warns. Neglected security configurations and unintentional configuration drifts of previously secured systems render SAP implementations vulnerable despite the release of several Security Notes designed to address the issues. According to Onapsis, a firm that specializes in securing SAP ..
Tag : Vulnerabilities
Microsoft this week released another round of software and microcode updates designed to address the CPU vulnerability known as Spectre Variant 2. Microsoft has been releasing software mitigations for the Spectre and Meltdown vulnerabilities since January, shortly after researchers disclosed the flaws. A new standalone security update (4078407) enables by default the mitigations against Spectre ..
Drupal developers have released updates for versions 7 and 8 of the content management system (CMS) to address a new vulnerability related to the recently patched flaw known as Drupalgeddon2. The new vulnerability, tracked as CVE-2018-7602, has been described as a highly critical issue that can be exploited for remote code execution. The flaw has ..
SINGAPORE — SECURITYWEEK 2018 ICS CYBER SECURITY CONFERENCE | SINGAPORE — Researchers have discovered a potentially serious vulnerability in industrial safety controllers and a significant number of the impacted devices are directly exposed to the Internet, making it easy for malicious actors to launch attacks and possibly cause damage. Safety systems are designed to prevent incidents ..
reader comments 18 Share this story Malicious hackers wasted no time exploiting a critical bug in the Drupal content management system that allows them to execute malicious code on website servers. Just hours after maintainers of the open-source program disclosed the vulnerability, it came under active attack, they said. So far, the attackers are using ..
In 2003, researchers from F-Secure were attending a security conference in Berlin — specifically, the ph-neutral hacker conference — when a laptop was stolen from a locked hotel room. They reported the theft to the hotel staff, but felt they weren’t taken too seriously because, dressed in typical hacker gear, “We kinda looked like a ..
Apple this week released patches to address a handful of security vulnerabilities in macOS, iOS, and Safari. Available for macOS High Sierra 10.13.4, Security Update 2018-001 addresses two vulnerabilities impacting Crash Reporter and LinkPresentation, respectively. The first is a memory corruption issue that could allow an application to gain elevated privileges. Tracked as CVE-2018-4206, the ..
A vulnerability in NVIDIA’s Tegra chipsets allows for the execution of custom code on locked-down devices, security researcher Kate Temkin reveals. Dubbed Fusée Gelée, this exploit leverages a coldboot vulnerability through which an attacker could achieve full, unauthenticated arbitrary code execution from an early bootROM context via Tegra Recovery Mode (RCM), the security researcher says. ..
Drupal developers announced on Monday that versions 7.x, 8.4.x and 8.5.x of the content management system (CMS) will receive a new security update later this week. The Drupal core updates, scheduled for April 25 between 16:00 and 18:00 UTC, will deliver a follow-up patch for the highly critical vulnerability tracked as CVE-2018-7600 and dubbed “Drupalgeddon2.” ..
Internet media company Oath paid more than $400,000 in bounties during the H1-415 one-day HackerOne event in San Francisco, where 41 hackers from 11 countries were present. HackerOne’s second annual live-hacking event lasted for nine hours but resulted in breaking multiple records on Saturday, April 14, 2018. The Oath security team was present on the ..