NVIDIA Patches Critical Bug in High-Performance Servers
NVIDIA said a high-severity information-disclosure bug impacting its DGX A100 server line wouldn’t be patched until early 2021.
NVIDIA released a patch for a critical bug in its high-performance...
Iran-linked APT Targets T20 Summit, Munich Security Conference Attendees
The Phosphorous APT has launched successful attacks against world leaders who are attending the Munich Security Conference and the Think 20 (T20) Summit in Saudi Arabia, Microsoft warns.
Microsoft said...
Microsoft’s SMBGhost Flaw Still Haunts 108K Windows Systems
While Microsoft patched the bug known as CVE-2020-0796 back in March, more than one 100,000 Windows systems are still vulnerable.
More than 100,000 Windows systems have not yet been...
Oracle Kills 402 Bugs in Massive October Patch Update
Over half of Oracle’s flaws in its quarterly patch update can be remotely exploitable without authentication; two have CVSS scores of 10 out of 10.
Business software giant Oracle is...
Holiday Shopping Craze, COVID-19 Spur Retail Security Storm
Veracode’s Chris Eng discusses the cyber threats facing shoppers who are going online due to the pandemic and the imminent holiday season.
As online retailers prepare for the...
Technical Advisory: Pulse Connect Secure – RCE via Uncontrolled Gzip Extraction (CVE-2020-8260)
Vendor: Pulse SecureVendor URL: https://www.pulsesecure.net/Versions affected: Pulse Connect Secure (PCS) 9.1Rx or belowSystems Affected: Pulse Connect Secure (PCS) AppliancesCVE Identifier: CVE-2020-8260Advisory URL: https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA44601Risk: 7.2 High CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:HAuthors:Richard Warren - richard.warrennccgroupcomDavid...
Technical Advisory: Pulse Connect Secure – Arbitrary File Read via Logon Message (CVE-2020-8255)
Vendor: Pulse Secure
Vendor URL: https://www.pulsesecure.net/
Versions affected: Pulse Connect Secure (PCS) 9.1Rx or below
Systems Affected: Pulse Connect Secure (PCS) Appliances
CVE Identifier: CVE-2020-8255
Advisory URL: https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA44601
Risk: 4.9 Medium CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N
Authors:
Richard Warren - richard.warrennccgroupcom
David...
Election Security: Beyond Mail-In Voting
There are many areas of the election process that criminal hackers can target to influence election results.
As a highly publicized event, every four years the U.S presidential election comes...
IoT Device Takeovers Surge 100 Percent in 2020
The COVID-19 pandemic, coupled with an explosion in the number of connected devices, have led to a swelling in IoT infections observed on wireless networks.
Connected cameras, refrigerators and...
Technical Advisory – Jitsi Meet Electron – Limited Certificate Validation Bypass (CVE-2020-27161)
Current Vendor: Jitsi
Vendor URL: https://jitsi.org
Versions affected: 1.x.x
Systems Affected: Jitsi Meet Electron
Authors: Robert Wessen robertwessennccgroupcom
CVE Identifier: CVE-2020-27161
Risk: 5.3 (Medium) AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N
Summary & Impact
Jitsi Meet Electron includes apparent debugging code which ignores...