vulnerability – Page 30 – PossibleThreat Articles

Security Sophos

Apple fixes Safari data leak (and patches a zero-day!) – update now

February 2, 2022 0 Comments Apple, Exploit, iOS, iPhone, MacOS, OS X, Patch, Privacy, rce, vulnerability

Credit to Author: Paul Ducklin| Date: Thu, 27 Jan 2022 21:09:53 +0000

That infamous “supercookie” bug in Safari has now been fixed. Oh, and there was a zero-day kernel hole as well.

Security Sophos

“PwnKit” security bug gets you root on most Linux distros – what to do

February 2, 2022 0 Comments cve-2021-4034, eop, Linux, pkexec, pwnkit, vulnerability

Credit to Author: Paul Ducklin| Date: Wed, 26 Jan 2022 19:58:32 +0000

An elevation of privilege bug that could let a “mostly harmless” user give themselves a instant root shell

Security Sophos

Slack fixes account-stealing bug

March 17, 2020 0 Comments Bug, bug bounty program, evan custodio, Flaw, hackerone, http, http smuggling, security threats, Slack, software bug, vulnerability

Credit to Author: Danny Bradbury| Date: Tue, 17 Mar 2020 12:33:43 +0000

Slack has fixed a bug that allowed attackers to hijack user accounts by tampering with their HTTP sessions.<img src=”http://feeds.feedburner.com/~r/nakedsecurity/~4/i-F9hS91EoQ” height=”1″ width=”1″ alt=””/>

Security Sophos

Tor browser fixes bug that allows JavaScript to run when disabled

March 17, 2020 0 Comments anonymity, browser privacy, firefox, java, JavaScript, noscript, Privacy, security threats, the onion router, Tor, tor browser, vulnerability, Web Browsers

Credit to Author: John E Dunn| Date: Tue, 17 Mar 2020 12:16:27 +0000

The Tor browser has a bug that could allow JavaScript to execute on websites even when users think they’ve disabled it for maximum anonymity.<img src=”http://feeds.feedburner.com/~r/nakedsecurity/~4/es39u8LUhmk” height=”1″ width=”1″ alt=””/>

Security Sophos

WordPress to get automatic updates for plugins and themes

March 17, 2020 0 Comments security threats, vulnerability, Wordpress, wordpress plugins

Credit to Author: John E Dunn| Date: Tue, 17 Mar 2020 12:10:14 +0000

Good news for website admins: the ability to automatically update plugins and themes is being beta-tested for WordPress 5.5, due in August.<img src=”http://feeds.feedburner.com/~r/nakedsecurity/~4/25i98IfHHJE” height=”1″ width=”1″ alt=””/>

Security Sophos

Microsoft patches wormable Windows 10 ‘SMBGhost’ flaw

March 17, 2020 0 Comments Flaw, Microsoft, notpetya, Operating Systems, Patching, security threats, smb, smbghost, vulnerability, WannaCry, Windows, Windows 10

Credit to Author: John E Dunn| Date: Mon, 16 Mar 2020 11:58:56 +0000

What’s the difference between a scheduled security update and one that’s out-of-band? In this case, it’s two days.<img src=”http://feeds.feedburner.com/~r/nakedsecurity/~4/OqgpMudTrew” height=”1″ width=”1″ alt=””/>

Security Sophos

Open source bugs have soared in the past year

March 17, 2020 0 Comments bugs, common vulnerability scoring system, cross-site scripting, cvss, open source bugs, open-source, security threats, software bugs, vulnerability, whitesource

Credit to Author: Danny Bradbury| Date: Mon, 16 Mar 2020 10:55:41 +0000

Open source bugs have skyrocketed, according to a report from WhiteSource, with XSS flaws account for a quarter of those bugs.<img src=”http://feeds.feedburner.com/~r/nakedsecurity/~4/ex96Deh5Pk4″ height=”1″ width=”1″ alt=””/>

Security Sophos

Nvidia patches severe flaws affecting GeForce, Quadro NVS and Tesla

March 3, 2020 0 Comments cve vulnerabilities, cve‑2020‑5957, cve‑2020‑5958, cve‑2020‑5959, cve‑2020‑5960, cve‑2020‑5961, CVEs, geforce, gpu display, Linux, malware, Microsoft, NVIDIA, nvidia gpu, nvs, Operating Systems, Patches, Patching, quadro, security threats, tesla, vulnerability, Windows, windows gpu display driver

Credit to Author: John E Dunn| Date: Tue, 03 Mar 2020 11:09:05 +0000

In all, the update covers five Windows and Linux desktop CVE vulnerabilities, including one rated as critical.<img src=”http://feeds.feedburner.com/~r/nakedsecurity/~4/YitOMgSO498″ height=”1″ width=”1″ alt=””/>

Security Sophos

XSS plugin vulnerabilities plague WordPress users

March 3, 2020 0 Comments async, cross-site scripting, flexible checkout fields, JavaScript, plugins, security threats, vulnerability, woocommerce, Wordpress, WordPress plugin, XSS

Credit to Author: Danny Bradbury| Date: Tue, 03 Mar 2020 10:44:44 +0000

Thousands of active WordPress plugins have been hit with a swathe of XSS vulnerabilities that could give attackers complete control of the site.<img src=”http://feeds.feedburner.com/~r/nakedsecurity/~4/Bjh4-1ye-9E” height=”1″ width=”1″ alt=””/>

Security Sophos

Ironpie robot vacuum can suck up your privacy

March 2, 2020 0 Comments 2-factor Authentication, Checkmarx, Internet of Things, IoT, perceptin, Privacy, robot vacuum, robots, rsa, rsa conference, security threats, shodan, smart vacuum, trifo ironpie, vulnerability, webcam

Credit to Author: Lisa Vaas| Date: Mon, 02 Mar 2020 12:37:11 +0000

You might want to unplug this not-so-smart robot: researchers found they can watch video streams piped out from its security camera.<img src=”http://feeds.feedburner.com/~r/nakedsecurity/~4/kGtvD8tF-C4″ height=”1″ width=”1″ alt=””/>