A vulnerability exists in MikroTik’s RouterOS in versions prior to the latest 6.41.3, released Monday, March 12, 2018. Details were discovered February and disclosed by Core Security on Thursday. MikroTik is a Latvian manufacturer that develops routers and software used throughout the world. RouterOS is its Linux-based operating system. The vulnerability, a MikroTik RouterOS SMB ..
Tag : Vulnerabilities
White hat hackers have earned a total of $267,000 at this year’s Pwn2Own competition for exploits targeting Microsoft Edge, Apple Safari, Oracle VirtualBox and Mozilla Firefox. On the first day, Richard Zhu (aka fluorescence) failed to hack Safari, but he did demonstrate an exploit chain against Edge, which earned him $70,000. Niklas Baumstark from the ..
Intel announced on Thursday that patches designed to address the Spectre vulnerability are now available for all the affected CPUs released in the past five years, and shared more details on the future processors that will include protections against these types of attacks. Intel CEO Brian Krzanich informed customers that the company has made available ..
As a result of massive backlash from the industry, Israel-based security firm CTS Labs has provided some clarifications about the recently disclosed AMD processor vulnerabilities and its disclosure method. CTS Labs this week published a report providing a brief description of 13 critical vulnerabilities and backdoors found in EPYC and Ryzen processors from AMD. The ..
Several popular text editors can be leveraged for privilege escalation and their developers do not plan on taking any action to prevent abuse, according to SafeBreach, a company that specializes in simulating attacks and breaches. Some text editors allow users to run third-party code and extend the application’s functionality through extensions. While this provides some ..
reader comments 6 Share this story A recent malware campaign that attempted to install a resource-draining currency miner on more than 400,000 computers in 12 hours was caused by a malicious backdoor that was sneaked into a BitTorrent application called Mediaget, a Microsoft researcher said Tuesday. The failed campaign is the latest example of what ..
White hats managed to hack Microsoft Edge, Apple Safari and Oracle VirtualBox on the first day of the Pwn2Own 2018 competition taking place these days alongside the CanSecWest conference in Vancouver, Canada. There were only four entries on the first day of Pwn2Own 2018. First, Richard Zhu (aka fluorescence) attempted to perform a sandbox escape ..
A vulnerability (CVE-2018-0886) patched by Microsoft with its March 2018 security patches was a remote code execution flaw in the Credential Security Support Provider protocol (CredSSP) used by Remote Desktop Protocol (RDP) and Windows Remote Management (WinRM). This vulnerability can be exploited by an attacker to relay user credentials to execute code on a target ..
Microsoft informed users on Tuesday that it released additional patches for the CPU vulnerabilities known as Meltdown and Spectre, and removed antivirus compatibility checks in Windows 10. Meltdown and Spectre allow malicious applications to bypass memory isolation and access sensitive data. Meltdown attacks are possible due to CVE-2017-5754, while Spectre attacks are possible due to ..
Security updates released by Adobe on Tuesday patch several vulnerabilities in the company’s Dreamweaver, Flash Player and Connect products. Flash Player 29.0.0.113 for Windows, Mac, Linux and Chrome OS addresses two critical flaws affecting versions 28.0.0.161 and earlier. The vulnerabilities have been described as a use-after-free bug (CVE-2018-4919) and a type confusion issue (CVE-2018-4920), both ..