NSW govt sets up vulnerability tracking centre in Bathurst – Security- Tempemail

The NSW government has set up a cyber security vulnerability management centre in Bathurst, which will start operating next month. The centre will be operated by Cyber Security NSW, the new name given to what was formerly the Office of the Government Chief Information Security Office. It will provide the Continue Reading

A New Critical Vulnerability Affects Windows SMB Protocol – Tempemail

Cybersecurity researchers today uncover a new critical vulnerability affecting the Server Message Block (SMB) protocol that could allow attackers to leak kernel memory remotely, and when combined with a previously disclosed “wormable” bug, the flaw can be exploited to achieve remote code execution attacks. Dubbed “SMBleed” (CVE-2020-1206) by cybersecurity firm Continue Reading

New DNS Vulnerability Lets Attackers Launch Large-Scale DDoS Attacks – Tempemail

Israeli cybersecurity researchers have disclosed details about a new flaw impacting DNS protocol that can be exploited to launch amplified, large-scale distributed denial-of-service (DDoS) attacks to takedown targeted websites. Called NXNSAttack, the flaw hinges on the DNS delegation mechanism to force DNS resolvers to generate more DNS queries to authoritative Continue Reading

New Bluetooth Vulnerability Exposes Billions of Devices to Hackers – Tempemail

Academics from École Polytechnique Fédérale de Lausanne (EPFL) disclosed a security vulnerability in Bluetooth that could potentially allow an attacker to spoof a remotely paired device, exposing over a billion of modern devices to hackers. The attacks, dubbed Bluetooth Impersonation AttackS or BIAS, concerns Bluetooth Classic, which supports Basic Rate Continue Reading

An Undisclosed Critical Vulnerability Affect vBulletin Forums — Patch Now – Tempemail

If you are running an online discussion forum based on vBulletin software, make sure it has been updated to install a newly issued security patch that fixes a critical vulnerability. Maintainers of the vBulletin project recently announced an important patch update but didn’t reveal any information on the underlying security Continue Reading

Hackers Breach LineageOS, Ghost, DigiCert Servers Using SaltStack Vulnerability – Tempemail

Days after cybersecurity researchers sounded the alarm over two critical vulnerabilities in the SaltStack configuration framework, a hacking campaign has already begun exploiting the flaws to breach servers of LineageOS, Ghost, and Digicert. Tracked as CVE-2020-11651 and CVE-2020-11652, the disclosed flaws could allow an adversary to execute arbitrary code on Continue Reading

Microsoft reports new zero-day vulnerability in Windows that is being actively exploited

In brief: A previously undisclosed and yet to be patched critical security vulnerability is being exploited in the wild, affecting all recent versions of Windows (7/8/10) and Windows Server. Microsoft is working on a fix, but until then, it’s probably best to heed Microsoft’s workarounds to mitigate chances of exploitation. Continue Reading

Security Patch Released for ‘Wormable’ SMBv3 Vulnerability — Install It ASAP! – Tempemail

Microsoft today finally released software updates to patch a recently disclosed very dangerous vulnerability in SMBv3 protocol that could let attackers launch wormable malware, which propagates itself from one vulnerable computer to another automatically. The vulnerability, tracked as CVE-2020-0796, in question is a remote code execution flaw that affects Windows Continue Reading

Avast disables vulnerability that left 400 million users open to abuse – Security- Tempemail

Security vendor Avast has urgently disabled a component in its antivirus product that researchers said could have put over 400 million users at risk of arbitrary code execution remotely. Google Project Zero researchers Tavis Ormandy and Natalie Silvanovich looked into the Avast antivirus Javascript interpreter or emulator that is used Continue Reading