Citrix engineers released a number of Citrix Endpoint Management patches this week. Citrix expects attacks on XenMobile Server corporate mobile device management systems. These issues give an attacker the ability to gain administrative privileges on vulnerable systems. The severity of the encountered issues, which received CVE IDs CVE-2020-8208, CVE-2020-8209, CVE-2020-8210, CVE-2020-8211, and CVE-2020-8212, differs depending… Continue reading Citrix expects attacks on fresh issues in XenMobile
Tag: vulnerability
AMD plans to fix SMM Callout bugs in its processors by the end of June
AMD reports that firmware updates will be released for three bugs called SMM Callout by the end of June 2020. These vulnerabilities allow attackers to establish control over the AMD CPU UEFI firmware and, in fact, gain control over the entire computer. It is reported that are affected Accelerated Processing Unit (APU, formerly AMD Fusion)… Continue reading AMD plans to fix SMM Callout bugs in its processors by the end of June
Vulnerabilities in old GTP protocol could affect 4G and 5G networks
Experts cautioned that vulnerabilities in the old GTP (GPRS Tunneling Protocol) could quite seriously affect the operation of 4G and 5G networks. In reports published last week and in December 2019, Positive Technologies and A10 Networks described in detail a number of vulnerabilities in this protocol. In particular, are known the following problems: Disclosure of… Continue reading Vulnerabilities in old GTP protocol could affect 4G and 5G networks
Vulnerabilities allowed access to cameras on Mac, iPhone and iPad
Apple paid $75,000 to the IS researcher Ryan Pickren in the frameworks of the bug bounty program for vulnerabilities in Safari, due to which it was possible to access someone else’s cameras on Mac, iPhone and iPad, simply by directing a person to a special site. In total, Picren discovered seven vulnerabilities in the Apple… Continue reading Vulnerabilities allowed access to cameras on Mac, iPhone and iPad
Information security experts said that AMD processors are vulnerable to two attacks
A joint group of specialists from the National Center for Scientific Research of France and the Graz Technical University published a report on new attack vectors for AMD processors. Researchers said AMD processors are vulnerable to two attacks. These problems, discovered by experts back in 2019, affect the security of data processed by processors and… Continue reading Information security experts said that AMD processors are vulnerable to two attacks
IMP4GT Vulnerability in LTE Threatens Almost All Modern Smartphones
Experts from Ruhr University reported an IMP4GT (IMPersonation Attacks in 4G NeTworks) problem. Modern LTE-enabled devices are vulnerable to IMP4GT, therefore, it threatens almost all smartphones, tablets, and IoT devices. A bug allows simulating another user’s operator’s network, which means an attacker will be able to issue paid subscriptions at the expense of other people… Continue reading IMP4GT Vulnerability in LTE Threatens Almost All Modern Smartphones
Microsoft fixed 0-day vulnerability in Internet Explorer and 99 more bugs in its products
Recent February “update Tuesday” became the largest for Microsoft in a long time: within its framework were fixed almost 100 different bugs, including the 0-day vulnerability in Internet Explorer, which was already under attack, and 11 other critical problems. Recall that back in January 2020, Microsoft reported a zero-day vulnerability in Internet Explorer, which the… Continue reading Microsoft fixed 0-day vulnerability in Internet Explorer and 99 more bugs in its products
Dangerous vulnerability in Citrix software is still not resolved in 20% of companies
A month after the publication of information about a dangerous vulnerability in Citrix software that threatened 80 thousand companies in 158 countries, one fifth of companies still did not take measures to eliminate the vulnerability. This can be concluded from the threat intelligence monitoring, conducted by Positive Technologies employees. The critical vulnerability CVE-2019-19781 in Citrix… Continue reading Dangerous vulnerability in Citrix software is still not resolved in 20% of companies
Citrix releases new patches, racing with the hackers that install encryptors on vulnerable machines
Destructive race: Citrix releases new patches, and hackers are actively attacking vulnerable servers and installing encryption engines on them. It seems that users are losing. At the beginning of this year was discovered CVE-2019-19781 vulnerability, which affects a number of versions of Citrix Application Delivery Controller (ADC), Citrix Gateway, as well as two old versions… Continue reading Citrix releases new patches, racing with the hackers that install encryptors on vulnerable machines
Temporary patch for 0-day vulnerability in Internet Explorer arrived on the Internet
Earlier this week, Microsoft announced about vulnerability in Internet Explorer, which is already exploited for “limited targeted attacks”. Now arrived temporary patch for this 0-day vulnerability in Internet Explorer. The problem received the identifier CVE-2020-0674 and it is associated with a vulnerability in the Firefox browser. Apparently, the mentioned “limited attacks” are part of a… Continue reading Temporary patch for 0-day vulnerability in Internet Explorer arrived on the Internet