Vulnerabilities that Videolabs recently addressed in its libmicrodns library could lead to denial of service (DoS) and arbitrary code execution, Cisco Talos’ security researchers warn.A company founded by VideoLAN members, Videolabs is the current editor of the VLC mobile applications and also an important contributor to the VLC media player. The libmicrodns

VMware has released an update for the macOS version of Fusion to fix a privilege escalation vulnerability for which it initially released an incomplete patch. However, one of the researchers who found it says the patch is “still bad.”VMware told customers on March 17 that Fusion, Remote Console (VMRC) and Horizon Client for Mac are impacted by a high-severit

A vulnerability addressed recently in the WPvivid Backup Plugin could be exploited to obtain all files of a WordPress website, web security company WebARX reveals.WPvivid Backup Plugin is a free and open-source plugin that allows users to easily backup, migrate, and restore their WordPress installations to new hosts, or send backups to remote storage. The pl

A critical vulnerability patched on Tuesday by Adobe in its Creative Cloud desktop application can be exploited by hackers to delete arbitrary files.Adobe Creative Cloud is a set of applications and services used for video editing, graphic design, photography and web development. The Creative Cloud desktop application allows users to easily manage their apps

Microsoft informed customers on Monday that it’s working on patches for two Windows zero-day vulnerabilities that can be exploited for remote code execution.According to Microsoft, the vulnerabilities exist due to the way the Windows Adobe Type Manager library handles a “specially-crafted multi-master font - Adobe Type 1 PostScript format.”Adobe told Securit

One of the vulnerabilities that researchers from the University of York discovered in widely-used password managers could have resulted in malicious apps stealing users’ credentials.Password managers are encrypted vaults employed to store credentials and other sensitive information, and they allow the use of strong, unique credentials for each of the applica

Hackers could have caused a Tesla Model 3’s central touchscreen to become unusable simply by getting the targeted user to visit a specially crafted website. The car maker has released a software update that patches the vulnerability.A researcher who uses the online moniker Nullze discovered that the Tesla Model 3’s web interface is affected by a denial-of-se

Cybercrime groups have been exploiting vulnerabilities in digital video recorders (DVRs) made by Taiwan-based surveillance solutions provider LILIN to increase the size of their botnets.Researchers at Chinese cybersecurity firm Qihoo 360 started seeing attacks in late August 2019. The vendor released firmware updates that should patch the exploited flaws on

A new variant of the notorious Mirai malware has been delivered by cybercriminals to network-attached storage (NAS) devices made by Zyxel through the exploitation of a recently patched vulnerability.Zyxel informed customers last month that some of its NAS devices and firewalls are affected by a critical vulnerability — tracked as CVE-2020-9054 — that can be

The developers of the Drupal content management system (CMS) announced on Wednesday that updates for versions 8.8.x and 8.7.x address a couple of vulnerabilities affecting the CKEditor library.CKEditor is a popular open source WYSIWYG editor that is highly configurable and has hundreds of features. Drupal uses CKEditor and it has decided to update it to vers

Google this week rolled out an update to address multiple high-severity vulnerabilities in Chrome and also announced that it is pausing upcoming releases of the browser.The pause, the Internet giant says, was caused by an adjusted work schedule due to the current COVID-19 (coronavirus) epidemic, and affects both Chrome and Chrome OS releases.“Our primary obj

The patch released recently by VMware for a privilege escalation vulnerability affecting Fusion for Mac have been found to be incomplete.VMware informed customers on March 17 that Fusion, Remote Console (VMRC) and Horizon Client for Mac are affected by a high-severity privilege escalation vulnerability caused by the improper use of setuid binaries. The compa

On the first day of the Pwn2Own 2020 hacking competition, participants earned a total of $180,000 for demonstrating exploits targeting Windows 10, Ubuntu Desktop and macOS.Pwn2Own typically takes place at the CanSecWest cybersecurity conference in Vancouver, Canada, and participants have to attend in person. However, due to concerns related to the COVID-19 c

Cisco on Wednesday announced that it has patched a total of five vulnerabilities in its SD-WAN solution, including three that have been assigned a “high severity” rating.The high-severity vulnerabilities — all of them reported to Cisco by Orange Group — are caused by insufficient input validation. They can be exploited to make unauthorized changes to the sys

VMware announced on Tuesday that it has patched a serious privilege escalation vulnerability that can be exploited on Mac systems where Fusion, Remote Console (VMRC) or Horizon Client are installed.The vulnerability, tracked as CVE-2020-3950 and classified as high severity, is related to the improper use of setuid binaries, and it impacts Fusion 11.x, VMRC 1