Latest News

2020/06/11

Critical Intel Flaws Fixed in Active Management Technology

Intel has released its June security updates, which address two critical vulnerabilities that, if exploited, can give unauthenticated attackers elevated privileges.

The critical flaws exist in Intel’s Active Management Technology (AMT), which is used for remote out-of-band management of personal computers.

The two critical flaws (CVE-2020-0594 and CVE-2020-0595) exist in the IPv6 subsystem of AMT (and Intel’s Standard Manageability solution, which has a similar function as AMT). The flaws could potentially enable an unauthenticated user to gain elevated privileges via network access. AMT versions before 11.8.77, 11.12.77, 11.22.77 and 12.0.64 are affected.
2020/06/11

Snake Ransomware Delivers Double-Strike on Honda, Energy Co.

The Snake ransomware has reportedly hit two high-profile companies this week: Honda and a South American energy-distribution company called Enel Argentina.

In a tweet on Monday, the Honda Automobile Customer Service said it was “experiencing technical difficulties and are unavailable.” And later, the Japanese auto giant told the BBC that “Honda can confirm that a cyberattack has taken place on the Honda network.”

Meanwhile, a Honda spokesperson told Forbes, “Honda has experienced a cyberattack that has affected production operations at some U.S. plants. However, there is no current evidence of loss of personally identifiable information. We have resumed production in most plants and are currently working toward the return to production of our auto and engine plants in Ohio.”
2020/06/10

Adobe Warns of Critical Flaws in Flash Player, Framemaker

Adobe released patches for four critical flaws in Flash Player and in its Framemaker document processor as part of its regularly scheduled updates. The bugs, if exploited, could enable arbitrary code-execution.

In Tuesday’s June Adobe security updates, critical flaws tied to three CVEs were patched in Adobe Framemaker, which is Adobe’s application designed for writing and editing large or complex documents.

The flaws include two critical out-of-bounds write flaws (CVE-2020-9634, CVE-2020-9635), which stem from write operations that then produce undefined or unexpected results. Francis Provencher working with Trend Micro’s Zero Day Initiative (ZDI) was credited with finding these arbitrary code-execution flaws
2020/06/05

Two Critical Flaws in Zoom Could've Let Attackers Hack Systems via Chat

If you're using Zoom—especially during this challenging time to cope with your schooling, business, or social engagement—make sure you are running the latest version of the widely popular video conferencing software on your Windows, macOS, or Linux computers.
No, it's not about the arrival of the most-awaited "real" end-to-end encryption feature, which apparently, according to the latest news, would now only be available to paid users. Instead, this latest warning is about two newly discovered critical vulnerabilities.
Cybersecurity researchers from Cisco Talos unveiled today that it discovered two critical vulnerabilities in the Zoom software that could have allowed attackers to hack into the systems of group chat participants or an individual recipient remotely.
2020/06/03

Severe Cisco DoS Flaw Can Cripple Nexus Switches

Cisco has patched a high-severity flaw in its NX-OS software, the network operating system used by Cisco’s Nexus-series Ethernet switches.

If exploited, the vulnerability could allow an unauthenticated, remote attacker to bypass the input access control lists (ACLs) configured on affected Nexus switches – and launch a denial of service (DoS) attacks on the devices.

“A successful exploit could cause the affected device to unexpectedly decapsulate the IP-in-IP packet and forward the inner IP packet,” according to Cisco’s security advisory, published on Monday. “This may result in IP packets bypassing input ACLs configured on the affected device or other security boundaries defined elsewhere in the network.”