Collaborate Disseminate
Dell’s SupportAssist utility that comes pre-installed on millions of Dell laptops and PCs contains a security vulnerability that could allow malicious software or rogue logged-in users to escalate their privileges to administrator-level and access sens… Continue reading Security Flaw in Pre-Installed Dell Support Software Affects Million of Computers
Cisco Systems has released a new patch for a remotely exploitable privilege escalation vulnerability after security researchers found that its previous fix was incomplete. The company first patched the vulnerability, known as WebExec or CVE-2018-15442… Continue reading Cisco Takes Another Stab at Patching Recent WebEx Vulnerability
Kaspersky Lab ICS CERT has identified a new wave of phishing emails with malicious attachments targeting primarily companies and organizations that are, in one way or another, associated with industrial production. Continue reading Attacks on industrial enterprises using RMS and TeamViewer
Vulnerabilities Summary LINE for Windows provided by LINE Corporation specifies the path to read DLL when launching software. A user clicking on a specially crafted link, can use this vulnerability to cause the user to insecurely load an arbitrary DLL … Continue reading SSD Advisory – LINE Corporation URI Handlers Remote Commands Execution
Vulnerability summary The following advisory describes an DLL Hijacking found in ZTE uSmartView. ZTE uSmartView offers: “ZTE provides full series of cloud computing products (including cloud terminals, cloud desktops, virtualization software, and cloud storage products) and end-to-end integrated product, which can be applied to different scenarios such as office, training classroom, multimedia classroom, and business … Continue reading SSD Advisory – ZTE uSmartView DLL Hijacking
The post SSD Advisory – ZTE uSmartView DLL Hijacking appeared first on Security Boulevard.
Continue reading SSD Advisory – ZTE uSmartView DLL Hijacking
We’re already used to the fact that complex cyberattacks use 0-day vulnerabilities, bypassing digital signature checks, virtual file systems, non-standard encryption algorithms and other tricks. Sometimes, however, all of this may be done in much simpler ways, as was the case in the malicious campaign that we detected a while ago – we named it ‘Microcin’ after microini, one of the malicious components used in it. Continue reading A simple example of a complex cyberattack
Researcher Paulos Yibelo said that Dashlane elected not to patch a vulnerability he disclosed more than a year ago in all versions of the password manager application. Continue reading Dashlane, Researcher at Odds Over Potential Privilege Escalation Vulnerability
A team of security researchers from Cybellum, an Israeli zero-day prevention firm, has discovered a new Windows vulnerability that could allow hackers to take full control of your computer.
Dubbed DoubleAgent, the new injecting code technique works on… Continue reading Unpatchable ‘DoubleAgent’ Attack Can Hijack All Windows Versions — Even Your Antivirus!
A team of security researchers from Cybellum, an Israeli zero-day prevention firm, has discovered a new Windows vulnerability that could allow hackers to take full control of your computer.
Dubbed DoubleAgent, the new injecting code technique works on… Continue reading Unpatchable ‘DoubleAgent’ Attack Can Hijack All Windows Versions — Even Your Antivirus!