Security Training Share
On July 17th, local time, on the morning of July 18th, Beijing time, Oracle officially released the July (second quarter) critical patch update CPU (Critical Patch Update), which fixed an April (first quarter) CPU...
Recently, ManageEngine officially released a new version of Exchange Reporter Plus to fix a remote code execution vulnerability. The vulnerability stems from the Java servlet ‘ADSHACluster’ when a ‘bcp.exe’ file executed, and an attacker can...
Intel has released several security updates for the company’s processor products, which are used to fix potential security threats to processors and more. For example, the Intel processor Spectre and Meltdown security vulnerabilities that...
Intel AMT is called Intel Active Management Technology. It is a system integrated into the chip and did not depend on a specific operating system. This is the most significant difference between Intel AMT...
Two security researchers Vladimir Kiriansky from MIT and consulting firm Carl Waldspurger have just published a paper highlighting the notorious new variant of the Spectre vulnerability, which creates a speculative buffer overflow. In the paper,...
The SEC Vulnerability Advisory Lab pointed out in a notice released last week that the Epicentro-based broadband gateways and routers manufactured by Advanced Digital Broadcast (ABD) are vulnerable to three security vulnerabilities, CVE-2018-13108. Effects...
In mid-June, the Ubuntu Launchpad exposed with a security bug; any user can bypass the lock screen by just removing the hard drive. This vulnerability confirms the impact of Ubuntu 16.04.4 but does not prove...
Recently, Google released the Android patch in July 2018, which solved 44 vulnerabilities in the operating system. It is understood that these 44 vulnerabilities include Framework, Media Framework, Kernel and Qualcomm components, as well...
Researchers at the University of California, Irvine, have published new papers on how to measure keyboard temperature to steal passwords with thermal imaging cameras. The principle of this kind of attack is mainly to...
On Tuesday, Huawei stated in a security bulletin numbered “huawei-sa-20180703-01-algorithm” that some Huawei products have a weak encryption algorithm vulnerability, and successful use may lead to information leakage. According to the description of the...
Synopsys recently released the Black Duck Report on 2018 Open Source Security and Risk Analysis, which provides an in-depth look at open source security, license compliance, and code quality risk in commercial software. This report discusses the...
A few days ago, researchers found that some underground technology communities have circulated examples of downloading malicious files through the Windows 10 Settings application configuration file. This configuration file seems to have attracted the...
The Long Term Evolution (LTE) mobile device standard is currently used by millions of users worldwide, all of which are repairing the significant security shortcomings of Global System for Mobile Communications (GSM). Two of these...
According to bleepingcomputer reports, almost all Android devices since 2012 may be affected by a new vulnerability called RAMpage, which is a variant of the Rowhammer attack that was exposed several years ago and...
According to the newly disclosed report, cybercriminals are using mobile devices to avoid detection and execution of a series of malicious acts. Distil Networks, a security company that specialises in botnets recently issued an announcement that...
In November last year, a security researcher reported an arbitrary file deletion vulnerability to the WordPress security team, but seven months have passed since the report was issued. The security team did not release any...
Recent researchers from the University of Texas in Austin, the Hebrew University of Jerusalem, and the Israel Institute of Technology have confirmed that the use of a particular cell phone battery can obtain sensitive information...
Researchers at the system and network security department at Vrije Universiteit in Amsterdam said they found another serious flaw in Intel processors. Unlike Specter and Meltdown, it does not rely on speculative execution but uses the...
According to Forcepoint security researcher John Bergbom, the upcoming WebAssembly standard may make some of the browser-level fixes for Meltdown and Specter useless. WebAssembly (WA or WASM) is a new technology released last year and...
Schneider Electric recently fixed four vulnerabilities in U.motion Builder software, including two serious command execution vulnerabilities. Both Schneider and ICS-CERT have issued security bulletins, and versions before U.motion Builder 1.3.4 have been affected. Schneider Electric’s...
