Items tagged with vulnerabilities
Mobile processor designer Arm has issued a security bulletin for developers using its Mali GPU drivers. The firm has warned that a flaw tracked as CVE-2023-4211 “may be under limited, targeted exploitation.” Affected devices include the Google Pixel 7, Samsung Galaxy S20 and S21, the ASUS ROG Phone 6 and many more by...
Read more...
Those who follow cybersecurity news will know that both security researchers and threat actors alike are frequently discovering security vulnerabilities, prompting developers to create and release patches for these vulnerabilities. While fixing security flaws is a good thing, it’s bad news when such fixes are prompted...
Read more...
Back in October, a researcher at the cybersecurity firm Salt Security uncovered multiple security vulnerabilities in the LEGO BrickLink website that could have allowed hackers to hijack users’ accounts and arbitrarily read files on the the Amazon cloud server hosting the website. Upon making this discovery, the...
Read more...
Last month, researchers at the cybersecurity firm GTSC discovered cyberattacks actively exploiting two zero-day vulnerabilities in the Microsoft Exchange email system. The researchers reported these two vulnerabilities to the Zero Day Initiative (ZDI), which verified this report and passed it on to Microsoft. The...
Read more...
Research conducted by a team at the firmware security firm Binarly reveals that six vulnerabilities remain unpatched in various enterprise-grade HP laptops and desktops despite HP having developed patches for these vulnerabilities. Binarly discovered three of these vulnerabilities last year and notified HP of their...
Read more...
Cybersecurity researchers from Palo Alto Networks’ Unit 42 have discovered a campaign exploiting multiple vulnerabilities in D-Link routers to spread botnet malware. A botnet is a network of compromised consumer or enterprise devices controlled by a threat actor to carry out malicious tasks, such as mining...
Read more...
The US Government’s Cybersecurity and Infrastructure Security Agency (CISA) maintains a list of exploited vulnerabilities and releases notices urging organizations, particularly government agencies and contractors, to patch said vulnerabilities. However, CISA isn’t the only one looking out for US infrastructure. Ken...
Read more...
Dp you remember a few years ago when everyone panicked over a couple of security flaws known as Meltdown and Spectre? These were a new type of security hole altogether, known as speculative execution flaws because they exploit the so-named capability of modern processors. That was back in 2018, and since then, every...
Read more...
Cybersecurity news can seem like a never-ending stream of new vulnerabilities and a single prevailing message: “make sure to patch your devices.” Nonetheless, this message bears repeating. While we may keep up with updates on devices that receive over-the-air (OTA) updates on a semi-regular basis, we can still forget...
Read more...
Whether it’s a typo, a line of code in the wrong place, or a placeholder for testing that never got removed, developers can introduce vulnerabilities into apps that a threat actor could exploit. It seems Android developers seem to have the problem quite a bit, as new research suggested over 60% of Android apps had...
Read more...
A new set of nine vulnerabilities that affect popular TCP/IP stacks, specifically relating to Domain Name Systems (DNS) implementations, were revealed yesterday. According to researchers at Forescout and JSOF, these vulnerabilities, collectively identified as NAME: WRECK, could impact at least 100 million IoT devices...
Read more...
Internet of Things (IoT) devices have become more prevalent over the last few years, but they are often susceptible to hackers. Researchers recently discovered 125 security vulnerabilities on 13 NAS and routers. It is believed that these vulnerabilities are far-reaching and likely affect many similar...
Read more...
If you think that the likes of the NSA needs to rely on zero-day exploits to get their job done, you apparently have things completely wrong. At the USENIX Enigma security conference in San Francisco this week, the NSA's chief of Tailored Access Operations, Rob Joyce said that it's his team's sheer talent makes its...
Read more...
Conventional wisdom in years past was that hackers didn’t bother to exploit Apple’s OS X operating system because its relatively insignificant market share didn’t warrant wasting resources to exploit it. The reasoning was, why bother with OS X when Windows was pushing over 90 percent of the worldwide OS...
Read more...
We talked earlier this week about all of the software that lost their battles against the hackers at the Pwn2Own competition in Vancouver, Canada, but lest we forget about the sister competition, Pwnium 3. This particular competition was heavily sponsored by Google, with the company paying well more than $100,000 per...
Read more...
File this one under “Worst News of the Day”. According to a report from Cenzic, a staggering 99% of all web-based and mobile apps it tested have security vulnerabilities that can be exploited by cybercriminals, and the median number of vulnerabilities per app is thirteen. The included infographic shows the areas of vulnerability...
Read more...
It seems, sometimes, that a new phishing scam crops up every day, no matter how much security is improved.That's not just your imagination.IBM today released its annual IBM X-Force 2009 Trend and Risk Report, which showed threats that include phishing and document format vulnerabilities, among others, are on the...
Read more...
