Items tagged with vulnerability
Nearly eight and a half years ago, Intel launched its 4th Generation Intel Core Processors, codenamed Haswell. In that time, researchers have discovered a number of security vulnerabilities that can typically be addressed via software and firmware updates. Unfortunately, Intel must ad one more to the list that...
Read more...
In mid-September, Google patched some actively exploited zero-day vulnerabilities discovered in Google Chrome. Now, the web search giant has done it again with several new security fixes in the 11th hour of September, and you should patch right now.
Published on Thursday, the stable channel update for Google Chrome, denoted by version number
Read more...
Earlier in July, the PrintNightmare vulnerability was discovered, wherein a threat actor could exploit the vulnerability to gain system-level access to a device. This was only speculation at first, but that has now changed, as cybersecurity researcher Benjamin Delpy has shown.
Since the discovery of PrintNightmare...
Read more...
Hackers and threat actors are constantly searching for new ways to breach systems for cybersecurity research or exploitation, respectively. Thankfully, French researcher Gilles Lionel got to an NTLM Relay Attack, dubbed PetitPotam, first. Now, Microsoft has released a mitigation technique that IT admins should...
Read more...
Whether it’s a typo, a line of code in the wrong place, or a placeholder for testing that never got removed, developers can introduce vulnerabilities into apps that a threat actor could exploit. It seems Android developers seem to have the problem quite a bit, as new research suggested over 60% of Android apps had...
Read more...
Over the last couple of days, a vulnerability tracked as CVE-2021-34527 has made the rounds, making IT people quite nervous. The cybersecurity threat, also dubbed PrintNightmare, exploits a flaw within the Windows Print Spooler, allowing for remote code execution on a system. Now, Microsoft has provided mitigation...
Read more...
If you own a Western Digital My Book Live, unplug it from the internet as soon as possible. WD has reported that people have been waking up to find their My Book Live devices completed wiped of installed data due to malicious software performing a factory reset.
On June 23rd, WD Community Forum user sunpeak made a...
Read more...
A seven-year-old local privilege escalation bug has reared its head and finally got a fix. When it was available, exploiting the vulnerability in the polkit authentication service could have allowed attackers to get a root shell on several actively-used Linux distros.
On Linux, polkit is effectively a bouncer of...
Read more...
Dell is one of the most popular PC brands globally, selling millions of laptops, desktops, and server systems to everyday consumers and businesses alike each year. However, SentinelLabs researchers warned this week that five critical security flaws have been lurking in its firmware update driver since the early days...
Read more...
Back in 2018, a processor security vulnerability called Spectre appeared, affecting all modern CPU architectures from Intel, AMD, and even ARM in the last 20 years. Since then, major players and semiconductor OEMs have worked hard to patch out the vulnerabilities in a cybersecurity whack-a-mole game, in some cases...
Read more...
When independent or academic research is carried out, ethics is a primary concern if you have anything to do with people outside the research group. With that in mind, the University of Minnesota has seemingly been performing ethically questionable research on the Linux kernel by submitting useless or vulnerable code...
Read more...
This year, there have been several cybersecurity incidents, such as the Microsoft Exchange issue, across numerous industries and government organizations. It appears that the defense industry is now being targeted by at least two China-linked hacking groups who are leveraging Pulse Secure VPN devices from IT company...
Read more...
The Microsoft Exchange zero-day vulnerabilities seemed to cause quite a bit of havoc across several industries and organizations. Since it was first discovered, however, patches have been rolling out from Microsoft and frantic orders to patch servers have been trickling down. Clearly, that was not enough, as web...
Read more...
Earlier in the week, user PixelRick discovered a vulnerability in Cyberpunk 2077, leading to code execution on a system via malicious data files. While modders were initially blamed for the risk, it turns out that the issue stemmed from poor coding on CD Projekt Red’s part. Now, the Poland-based games company has...
Read more...
Yesterday, we reported that CD Projekt Red sent out a warning that was effectively against "downloading mods", but it appears that we did not have the full story from the developers of Cyberpunk 2077. According to users on the CD Projekt Red forums, the Cyberpunk 2077 devs are partially to blame for what seems to be...
Read more...
When it comes to using the internet in any way, a general rule of thumb is that you should never download software from a source that you do not trust. Yesterday, CD Projekt Red Support sent out a tweet to dissuade people from downloading mods for Cyberpunk 2077 because a vulnerability was found the modding system's...
Read more...
If you give some kids restricted access to technology, they are bound to find a loophole or bug that lets them do what they want regardless. After being asked by his kids to “hack” his Linux desktop, one Dad let the kids play with the keyboard. This button-mashing actually crashed the machine's screensaver by sheer...
Read more...
If people trust their information with businesses tasked with keeping them safe, those companies should at least try to take security seriously. It seems that is not necessarily the case, as a flaw in an app created by Ring was exposing precise location data of customers who posted to the app, when it should have been...
Read more...
While vulnerabilities crop up regularly, people need to be on the lookout, and developers need to patch their programs for everyone’s benefit. When a developer neglects this responsibility, people and information are left at risk. Back in August, a vulnerability that allowed a local attack and code execution on an...
Read more...
Google has released a new version of Google Chrome today after tackling two more high-profile, zero-day exploits. Over the last several weeks, Google has found multiple attack vectors and has been squashing them at a rapid pace, so this is just a couple more on the pile. Users are advised to upgrade Chrome ASAP, as...
Read more...
Most modern tech users are all likely familiar with Multi-Factor Authentication (MFA). Many would consider this security enhancement to be absolutely essential to protecting one’s online accounts. However, some forms of MFA are more secure than others. SMS and voice MFA mechanisms tend to be some of the most...
Read more...
Google’s Project Zero team, which is tasked with discovering 0-day vulnerabilities, has uncovered an exploit in the Windows kernel that can lead to sandbox escape or privilege escalation. The bug, given CVE-2020-17087, is of the buffer overflow type in the Windows Kernel Cryptography Driver (CNG.sys) and is being...
Read more...
