A critical streaming bug impacts Live Networks LIVE555 RTSPServer, but not the popular VLC and MPLayer client-side software.
Link: https://threatpost.com/critical-bug-impacts-live555-media-streaming-libraries/138477/
Tag: Vulnerabilities
Two Critical RCE Bugs Patched in Drupal 7 and 8
Drupal’s advisory also included three patches for “moderately critical" bugs.
Link: https://threatpost.com/two-critical-rce-bugs-patched-in-drupal-7-and-8/138468/
AWS FreeRTOS Bugs Allow Compromise of IoT Devices
The bugs let hackers crash IoT devices, leak their information, and completely take them over.
Link: https://threatpost.com/aws-freertos-bugs-allow-compromise-of-iot-devices/138455/
Trivial Post-Intrusion Attack Exploits Windows RID
Simple technique enables attackers to leverage Windows OS component to maintain stealth and persistence post system compromise.
Link: https://threatpost.com/trivial-post-intrusion-attack-exploits-windows-rid/138448/
Oracle Fixes 301 Flaws in October Critical Patch Update
The update includes one critical flaw in Oracle GoldenGate with a CVSS 3.0 score of 10.0.
Link: https://threatpost.com/oracle-fixes-301-flaws-in-october-critical-patch-update/138407/
libssh Authentication Bypass Makes it Trivial to Pwn Rafts of Servers
The flaw affects thousands of servers; but GitHub, a major libssh user, is unaffected.
Link: https://threatpost.com/libssh-authentication-bypass-makes-it-trivial-to-pwn-rafts-of-servers/138399/
Multiple D-Link Routers Open to Complete Takeover with Simple Attack
The vendor only plans to patch two of the eight impacted devices, according to a researcher.
Link: https://threatpost.com/multiple-d-link-routers-open-to-complete-takeover-with-simple-attack/138383/
On Heels of Criticism, Newly-Released Google Chrome 70 Prioritizes Privacy
The update also features 23 security fixes.
Remote Code Implantation Flaw Found in Medtronic Cardiac Programmers
The flaw impacted patients with pacemakers, implantable defibrillators, cardiac resynchronization devices and insertable cardiac monitors.
Link: https://threatpost.com/remote-code-implantation-flaw-found-in-medtronic-cardiac-programmers/138363/
As End of Life Nears, More Than Half of Websites Still Use PHP V5
Support for PHP 5.6 drops on December 31 – but a recent report found that almost 62 percent of websites are still using version 5.
Link: https://threatpost.com/as-end-of-life-nears-more-than-half-of-websites-still-use-php-v5/138352/