BIOS PrivEsc Bugs Affect Hundreds of Millions of Dell PCs Worldwide – Tempemail

PC maker Dell has issued an update to fix multiple critical privilege escalation vulnerabilities that went undetected since 2009, potentially allowing attackers to gain kernel-mode privileges and cause a denial-of-service condition. The issues, reported to Dell by researchers from SentinelOne on Dec. 1, 2020, reside in a firmware update driver Continue Reading

ALERT — New 21Nails Exim Bugs Expose Millions of Tempemail Servers to Hacking – Tempemail

The maintainers of Exim have released patches to remediate as many as 21 security vulnerabilities in its software that could enable unauthenticated attackers to achieve complete remote code execution and gain root privileges. Collectively named ’21Nails,’ the flaws include 11 vulnerabilities that require local access to the server and 10 Continue Reading

Apple Releases Urgent Security Patches For Zero‑Day Bugs Under Active Attacks – Tempemail

Apple on Monday released security updates for iOS, macOS, and watchOS to address three zero-day flaws and expand patches for a fourth vulnerability that the company said might have been exploited in the wild. The weaknesses all concern WebKit, the browser engine which powers Safari and all third-party web browsers Continue Reading

Severe Bugs Reported in EtherNet/IP Stack for Industrial Systems – Tempemail

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) Thursday issued an advisory warning of multiple vulnerabilities in the OpENer EtherNet/IP stack that could expose industrial systems to denial-of-service (DoS) attacks, data leaks, and remote code execution. All OpENer commits and versions prior to February 10, 2021, are affected, although there Continue Reading

New WhatsApp Bugs Could’ve Let Attackers Hack Your Phone Remotely – Tempemail

Facebook-owned WhatsApp recently addressed two security vulnerabilities in its messaging app for Android that could have been exploited to execute malicious code remotely on the device and even compromise encrypted communications. The flaws take aim at devices running Android versions up to and including Android 9 by carrying out what’s Continue Reading

New Bugs Could Let Hackers Bypass Spectre Attack Mitigations On Linux Systems – Tempemail

Cybersecurity researchers on Monday disclosed two new vulnerabilities in Linux-based operating systems that, if successfully exploited, could let attackers circumvent mitigations for speculative attacks such as Spectre and obtain sensitive information from kernel memory. Discovered by Piotr Krysiuk of Symantec’s Threat Hunter team, the flaws — tracked as CVE-2020-27170 and Continue Reading

Microsoft Issues Patches for In-the-Wild 0-day and 55 Others Windows Bugs – Tempemail

Microsoft on Tuesday issued fixes for 56 flaws, including a critical vulnerability that’s known to be actively exploited in the wild. In all, 11 are listed as Critical, 43 are listed as Important, and two are listed as Moderate in severity — six of which are previously disclosed vulnerabilities. The Continue Reading

Critical Bugs Found in Popular Realtek Wi-Fi Module for Embedded Devices – Tempemail

Major vulnerabilities have been discovered in the Realtek RTL8195A Wi-Fi module that could have been exploited to gain root access and take complete control of a device’s wireless communications. The six flaws were reported by researchers from Israeli IoT security firm Vdoo. The Realtek RTL8195A module is a standalone, low-power-consumption Continue Reading

SonicWall Hacked Using 0-Day Bugs In Its Own VPN Product – Tempemail

SonicWall, a popular internet security provider of firewall and VPN products, on late Friday disclosed that it fell victim to a coordinated attack on its internal systems. The San Jose-based company said the attacks leveraged zero-day vulnerabilities in SonicWall secure remote access products such as NetExtender VPN client version 10.x Continue Reading

Cisco Reissues Patches for Critical Bugs in Jabber Video Conferencing Software – Tempemail

Cisco has once again fixed four previously disclosed critical bugs in its Jabber video conferencing and messaging app that were inadequately addressed, leaving its users susceptible to remote attacks. The vulnerabilities, if successfully exploited, could allow an authenticated, remote attacker to execute arbitrary code on target systems by sending specially-crafted Continue Reading