Technical Advisory – Jitsi Meet Electron – Arbitrary Client Remote Code Execution (CVE-2020-27162)
Current Vendor: Jitsi
Vendor URL: https://jitsi.org
Versions affected: 1.x.x
Systems Affected: Jitsi Meet Electron
Authors: Robert Wessen robertwessennccgroupcom
CVE Identifier: CVE-2020-27162
Risk: 8.3 (High) – AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H
Summary
Jitsi is an open source online communication suite. It includes...
Facebook, News and XSS Underpin Complex Browser Locker Attack
An elaborate set of redirections and hundreds of URLs make up a wide-ranging tech-support scam.
A sophisticated “browser locker” campaign is spreading via Facebook, ultimately pushing a tech-support scam. The...
Nvidia Warns Gamers of Severe GeForce Experience Flaws
Versions of Nvidia GeForce Experience for Windows prior to 3.20.5.70 are affected by a high-severity bug that could enable code execution, denial of service and more.
Nvidia, which makes gaming-friendly...
Cisco Warns of Severe DoS Flaws in Network Security Software
The majority of the bugs in Cisco’s Firepower Threat Defense (FTD) and Adaptive Security Appliance (ASA) software can enable denial of service (DoS) on affected devices.
Cisco has stomped out...
Bug Parade: NSA Warns on Cresting China-Backed Cyberattacks
The Feds have published a Top 25 exploits list, rife with big names like BlueKeep, Zerologon and other notorious security vulnerabilities.
Chinese state-sponsored cyberattackers are actively compromising U.S. targets using...
Adobe Fixes 16 Critical Code-Execution Bugs Across Portfolio
The out-of-band patches follow a lighter-than-usual Patch Tuesday update earlier this month.
Adobe has released 18 out-of-band security patches in 10 different software packages, including fixes for critical vulnerabilities that...
Google Patches Actively-Exploited Zero-Day Bug in Chrome Browser
The memory-corruption vulnerability exists in the browser’s FreeType font rendering library.
Google released an update to its Chrome browser that patches a zero-day vulnerability in the software’s FreeType font rendering...
Technical Advisory – Linksys WRT160NL – Authenticated Remote Buffer Overflow (CVE-2020-26561)
Current Vendor: Belkin
Vendor URL: https://www.linksys.com/sg/p/P-WRT160NL/
Versions affected: Latest FW version - 1.0.04 build 2 (FW_WRT160NL_1.0.04.002_US_20130619_code.bin)
Systems Affected: Linksys WRT160NL (maybe others)
Authors: Diego Gómez Marañón – Diego.GomezMaranonnccgroupcom
CVE Identifier: CVE-2020-26561
Risk: 8.8 (High) –...
Google’s Waze Can Allow Hackers to Identify and Track Users
The company already patched an API flaw that allowed a security researcher to use the app to find the real identity of drivers using it.
A security researcher has...
Mobile Browser Bugs Open Safari, Opera Users to Malware
A set of address-spoofing bugs affect users of six different types of mobile browsers, with some remaining unpatched.
A set of address-bar spoofing vulnerabilities that affect a number of mobile...