Remote code execution and information disclosure vulnerabilities addressed in Apache Guacamole can be highly useful to threat actors targeting enterprises, Check Point security researchers warn.An open-source remote desktop gateway, Apache Guacamole is an HTML5 web application that can be used on a broad range of devices, straight from the web browser. One o

Cisco’s Talos threat intelligence and research group this week disclosed the details of recently patched vulnerabilities affecting the Chrome and Firefox web browsers.The Chrome flaw, tracked as CVE-2020-6463 and classified as high severity with a CVSS score of 8.8, was patched by Google in April with the release of Chrome 81.0.4044.122. The tech giant award

Critical and high-severity vulnerabilities discovered by researchers in F5 Networks’ BIG-IP application delivery controller (ADC) allow a remote attacker to take complete control of the targeted system.The vulnerabilities were identified by researchers at cybersecurity firm Positive Technologies, which disclosed its findings this week after the vendor releas

Cisco on Wednesday announced that it has patched several vulnerabilities affecting its products, including flaws in Small Business routers and switches.Of the eight vulnerabilities for which Cisco published an advisory this week, only CVE-2020-3297 has been rated high severity. This security hole affects some Small Business and managed switches and it allows

Microsoft on Tuesday published advisories to provide details on two remote code execution vulnerabilities addressed in the Windows Codecs Library.Both of these vulnerabilities are related to the manner in which the affected Windows component handles objects in memory and both feature a CVSS score of 7.3.Despite that, however, Microsoft considers one to be cr

Netgear has started releasing patches for ten vulnerabilities affecting nearly 80 of its products, including flaws disclosed last year at the Pwn2Own hacking competition.All of the security holes were reported to Netgear through Trend Micro’s Zero Day Initiative (ZDI), including five by a hacker who uses the online moniker d4rkn3ss, from VNPT ISC, and five b

Details on a macOS privacy protections bypass method were published this week, more than six months after Apple was informed of the issue, but failed to deliver a fix.Dubbed TCC (Transparency, Consent, and Control), the privacy protections system was introduced in macOS Mojave to ensure that certain files on the system are kept out of reach of unauthorized a

Industrial control systems (ICS) can be hacked through barcode scanners, researchers at cybersecurity services company IOActive said on Tuesday.Hackers previously demonstrated that keystrokes can be remotely injected via an industrial barcode scanner into the computer the scanner is connected to, which could result in the computer getting compromised.IOActiv

Palo Alto Networks revealed on Monday that it has patched a critical authentication bypass vulnerability in its PAN-OS firewall operating system, and U.S. Cyber Command believes foreign APTs will likely attempt to exploit it soon.The vulnerability, tracked as CVE-2020-2021 with a CVSS score of 10, affects PAN-OS 8.0, 8.1, 9.0 and 9.1, and it has been patched

Driver vulnerabilities can facilitate attacks on ATMs, point-of-sale (PoS) systems and other devices, firmware security company Eclypsium warned on Monday.Eclypsium last year analyzed device drivers from major vendors and found that over 40 drivers made by 20 companies contained serious vulnerabilities that could be exploited to deploy persistent malware.The

NVIDIA this week released patches for a dozen vulnerabilities in GPU display drivers and vGPU software, including multiple issues that could lead to code execution.The most severe of the bugs affecting the GPU drivers include CVE‑2020‑5962, which was found in the NVIDIA GPU display driver, and CVE‑2020‑5963, which resides in the CUDA driver. Both feature a C

IBM has disclosed the details of several vulnerabilities found in powerline extenders made by China-based networking solutions provider Tenda. IBM says Tenda ignored its emails and phone calls, and it’s unclear if any patches are being developed.Considered an alternative to Wi-Fi extenders, powerline extenders leverage a building’s electrical wiring to boost

Sony this week announced the launch of a public PlayStation bug bounty program in partnership with hacker-sourced vulnerability hunting platform HackerOne.Previously, the company ran a private bug bounty with some researchers only, but says that it has come to realize that the research community plays an important role in improving security, and that the new

VMware informed customers on Tuesday that it addressed a total of 10 vulnerabilities affecting its ESXi, Workstation and Fusion products, including critical and high-severity flaws that can be exploited for code execution on the hypervisor.The most serious of the vulnerabilities is CVE-2020-3962, a critical use-after-free bug related to the SVGA device. An a

Cyber security is described as a form of asymmetric warfare. One side, the defenders, have limited numbers -- just the security team. The other side includes every blackhat hacker in the world -- that is, many, many thousands. The blackhats only need to succeed once; the defenders need to succeed many times every day. Bugcrowd seeks to reverse this impossibl