What's Your IT Question?

Want to know more about this topic or about us? Contact us!

All posts in Bug

Another Chrome zero-day exploit – so get that update done!

by Paul Ducklin Almost exactly a month ago, or a couple of days under an average month given that February was the short one, we warned of a zero-day bug in Google’s Chromium browser code. Patch now, we said. And we’re saying it again, following Google’s otherwise cheery release of . . . Read more

Record Levels of Software Bugs Plague Short-Staffed IT Teams in 2020

As just one symptom, 83 percent of the Top 30 U.S. retailers have vulnerabilities which pose an “imminent” cyber-threat, including Amazon, Costco, Kroger and Walmart.

WordPress Sites Open to Code Injection Attacks via Welcart e-Commerce Bug

The shopping cart application contains a PHP object-injection bug. A security vulnerability in the Welcart e-Commerce plugin opens up websites to code injection. This can lead to payment skimmers being installed, crashing of the site or information retrieval via SQL injection, researchers said. Welcart e-Commerce is a free WordPress plugin . . . Read more

VMware Issues Updated Fix For Critical ESXi Flaw

A previous fix for the critical remote code execution bug was “incomplete,” according to VMware. VMware issued an updated fix for a critical-severity remote code execution flaw in its ESXi hypervisor products. Wednesday’s VMware advisory said updated patch versions were available after it was discovered the previous patch, released Oct. . . . Read more

Containerd Bug Exposes Cloud Account Credentials

The flaw (CVE-2020-15157) is located in the container image-pulling process. A security vulnerability can be exploited to coerce the containerd cloud platform into exposing the host’s registry or users’ cloud-account credentials. Containerd bills itself as a runtime tool that “manages the complete container lifecycle of its host system, from image . . . Read more

Nvidia Warns Gamers of Severe GeForce Experience Flaws

Versions of Nvidia GeForce Experience for Windows prior to 3.20.5.70 are affected by a high-severity bug that could enable code execution, denial of service and more.