BLURtooth vulnerability lets attackers defeat Bluetooth encryption

Posted by & filed under Ειδοποιήσεις.

A vulnerability exists in certain implementations of Bluetooth 4.0 through 5.0 which allows an attacker to overwrite or lower the strength of the pairing key, giving them access to authenticated services. The bug was discovered independently by two teams of academic researchers and received the name BLURtooth. It affects “dual-mode” Bluetooth devices, like modern smartphones.

Google Chrome 85 fixes WebGL code execution vulnerability

Posted by & filed under Ειδοποιήσεις.

Google addressed a use-after-free bug in the WebGL (Web Graphics Library) component of the Google Chrome web browser that could lead to arbitrary code execution in the context of the browser’s process following successful exploitation. WebGL is a JavaScript API used by compatible browsers to render interactive 2D and 3D graphics without using plug-ins. A fix… Read more »

ADVISORY: Ripple20 vulnerability advisories, patches, and updates

Posted by & filed under Ειδοποιήσεις.

The dust is far from settled following the disclosure of the 19 vulnerabilities in the TCP/IP stack from Treck, collectively referred to as Ripple20, which could help attackers take full control of vulnerable devices on the network. Treck’s code is fundamental for the embedded devices it is implemented on because it bestows network communication to them… Read more »

An Undisclosed Critical Vulnerability Affect vBulletin Forums

Posted by & filed under Ειδοποιήσεις.

If you are running an online discussion forum based on vBulletin software, make sure it has been updated to install a newly issued security patch that fixes a critical vulnerability. Maintainers of the vBulletin project recently announced an important patch update but didn’t reveal any information on the underlying security vulnerability, identified as CVE-2020-12720. Written in… Read more »

Critical Vulnerabilities in Microsoft Windows Operating Systems

Posted by & filed under Ειδοποιήσεις.

On January 14, 2020, Microsoft released software fixes to address 49 vulnerabilities as part of their monthly Patch Tuesday announcement. Among the vulnerabilities patched were critical weaknesses in Windows CryptoAPI, Windows Remote Desktop Gateway (RD Gateway), and Windows Remote Desktop Client. An attacker could remotely exploit these vulnerabilities to decrypt, modify, or inject data on user connections: CryptoAPI… Read more »