by Paul Ducklin Researchers at cybersecurity company GRIMM recently published an interesting trio of bugs they found in the Linux kernel… …in code that had been sitting there inconspicuously for some 15 years. Fortunately, it seemed that no one else had looked at the code for all that time, at . . . Read more
by Paul Ducklin Almost exactly a month ago, or a couple of days under an average month given that February was the short one, we warned of a zero-day bug in Google’s Chromium browser code. Patch now, we said. And we’re saying it again, following Google’s otherwise cheery release of . . . Read more
by Paul Ducklin Google announced a critical bug in Chrome last week – a bug that affected Edge as well. But the company kept details of the bug secret, presumably to avoid having thousands of crooks simultaneously figuring out, “Ah, so that’s where to look!” All we were told was that . . . Read more
Impacted are PHP-based websites running a vulnerable version of the web-app creation tool Zend Framework and some Laminas Project releases.
As just one symptom, 83 percent of the Top 30 U.S. retailers have vulnerabilities which pose an “imminent” cyber-threat, including Amazon, Costco, Kroger and Walmart.
The shopping cart application contains a PHP object-injection bug. A security vulnerability in the Welcart e-Commerce plugin opens up websites to code injection. This can lead to payment skimmers being installed, crashing of the site or information retrieval via SQL injection, researchers said. Welcart e-Commerce is a free WordPress plugin . . . Read more
A previous fix for the critical remote code execution bug was “incomplete,” according to VMware. VMware issued an updated fix for a critical-severity remote code execution flaw in its ESXi hypervisor products. Wednesday’s VMware advisory said updated patch versions were available after it was discovered the previous patch, released Oct. . . . Read more
Google Project Zero disclosed the bug before a patch becomes available from Microsoft.
The flaw (CVE-2020-15157) is located in the container image-pulling process. A security vulnerability can be exploited to coerce the containerd cloud platform into exposing the host’s registry or users’ cloud-account credentials. Containerd bills itself as a runtime tool that “manages the complete container lifecycle of its host system, from image . . . Read more
Versions of Nvidia GeForce Experience for Windows prior to 184.108.40.206 are affected by a high-severity bug that could enable code execution, denial of service and more.