Security Training Share
Security experts from Eclypsium have devised a new Spectre attack variant that allows an attacker to recover data stored in CPU System Management Mode (SMM). SMM is an operating mode of the x86 CPU....
On Monday, Google and Microsoft announced a new variant of the Spectre and Meltdown security flaw (Spectre Variant 3a). The chip that has this vulnerability is widely used on computers and mobile devices. Intel claimed that...
Recently, routers made by DrayTek, a Taiwanese company, were exposed to the 0day vulnerability. An attacker could use the vulnerability to modify the DNS configuration on some routers. Then, through a man-in-the-middle attack, the...
In a week or less after a code injection vulnerability (CVE-2018-10994) from the Signal desktop application was disclosed, security researchers discovered another serious code injection vulnerability (CVE-2018-11101). Similar to previous vulnerabilities, the new vulnerability allows a remote attacker to...
On May 16th, Cisco released a number of security announcements that it had fixed three high-risk vulnerabilities in the Digital Network Architecture (DNA) Center, including unauthorized access and security certification bypass. Vulnerability Overview DNA...
In a security announcement issued on Tuesday, Siemens AG (SIEMENS, Germany) informed customers that the Central Processing Unit (CPU) of its SIMATIC S7-400 product was affected by a high severity denial of service (DoS)...
On May 15, Red Hat officially issued a notice that it fixed a DHCP Client related vulnerability (CVE-2018-1111). When the system uses NetworkManager and configures the DHCP protocol, an attacker can use a malicious DHCP...
According to Pangu Lab’s iOS application security audit process for different customers, found a common type of security vulnerability ZipperDown, an attacker can use this vulnerability to damage the application, it has been detected...
On May 14, local time, Adobe officially released a security notice that fixed several bugs in Adobe Acrobat and Reader, including information disclosure and arbitrary code execution. The vulnerability is summarized as follows: Vulnerability...
On May 9, Spring released several security announcements that fixed several security vulnerabilities, including a high-risk remote code execution vulnerability. CVE-2018-1257 (High) Some versions of the Spring Framework allow applications to expose STOMPs on...
