Tag: bug

October 5, 2023

A vulnerability (CVE-2023-4911) in the GNU C Library (aka “glibc”) can be exploited by attackers to gain root privileges on many popular Linux distributions, according to Qualys researchers. About CVE-2023-4911 Dubbed “Looney Tunables”, CVE-2023-4911 is a buffer overflow vulnerability in […]

June 2, 2023

A critical flaw in Progress Software’s in MOVEit Transfer managed file transfer application has come under widespread exploitation in the wild to take over vulnerable systems. The shortcoming, which is yet to be assigned a CVE identifier, relates to a […]

March 14, 2023

Criminals are exploiting a Microsoft SmartScreen bug to deliver Magniber ransomware, potentially infecting hundreds of thousands of devices, without raising any security red flags, according to Google’s Threat Analysis Group (TAG). TAG discovered the in-the-wild exploit, and reported it to […]

March 7, 2023

An older version of Shein’s Android application suffered from a bug that periodically captured and transmitted clipboard contents to a remote server. The Microsoft 365 Defender Research Team said it discovered the problem in version 7.9.2 of the app that […]

October 31, 2022

A now-patched security flaw has been disclosed in the Galaxy Store app for Samsung devices that could potentially trigger remote command execution on affected phones. The vulnerability, which affects Galaxy Store version 4.5.32.4, relates to a cross-site scripting (XSS) bug […]

October 26, 2022

Another week, another Windows 11 22H2 bug – and once again it’s Nvidia graphics cards bearing the brunt of the issues. After an update-induced frame rate problem was recently patched by Nvidia, Reddit users are now reporting yet more performance-related […]

October 14, 2022

The vulnerability impacts FortiOS versions from 7.0.0 to 7.0.6 and from 7.2.0 to 7.2.1. FortiProxy versions from 7.0.0 to 7.0.6 and 7.2.0 are also impacted. The cybersecurity firm addressed the flaw with the release of FortiOS/FortiProxy versions 7.0.7 or 7.2.2. […]

October 12, 2022

A high-severity vulnerability discovered almost a year ago in VMware vCenter Server 8.0 has not yet been patched(opens in new tab), the company has confirmed. The flaw, tracked as CVE-2021-22048, is described as a privilege escalation vulnerability, and allows non-admin […]

August 31, 2022

A high-severity flaw in the Android version of the TikTok app — which has been installed more than 1.5 billion times so far via the Google Play Store — could allow threat actors to hijack a user’s account with a […]

August 30, 2022

Akasa Air, India’s newest commercial airline, exposed the personal data belonging to its customers that the company blamed on a technical configuration error. According to security researcher Ashutosh Barot, the issue is rooted in the account registration process, leading to […]

January 18, 2021

The Indian white hat hackers Harsh Jaiswal and Rahul Maini claim to have discovered multiple flaws that allowed them to access Apple servers. The duo started focusing on Apple’s infrastructure in an attempt to emulate the success of a team […]

April 24, 2020

Mozilla announced some major changes to its bug bounty program that was first launched in 2004. The organization paid out $965,750 for roughly 350 vulnerabilities, the average payout for each issue was approximately $2,700. Now Mozilla has increased the maximum […]

January 13, 2020

Last week Facebook has addressed a security issue that exposed page admin accounts, the bug was exploited in attacks in the wild against several high-profile pages. The page admin accounts are anonymous unless the Page owner opts to make the […]

December 16, 2019

Security researchers are warning users of two WordPress plugins – made by Brainstorm Force – that they need to patch a “major” vulnerability that could allow hackers to gain administrative access to any website using the plugins. According to Brainstorm […]

September 25, 2019

Apple is readying a fix for a bug that could grant full access to third-party keyboards for its mobile devices, including iPhone and iPad. The company posted an alert on its support page about an issue with iOS 13 and […]

August 26, 2019

Another flaw has been found in Lenovo’s decommissioned Lenovo Solution Centre software, preinstalled on millions of older-model PCs made by the world’s leading computer maker. The vulnerability is a privilege escalation flaw that can be used to execute arbitrary code […]

August 15, 2019

Dozens of Lenovo’s flagship ThinkPad models are vulnerable to bugs ranging in severity from low to high. Two of the flaws are tied to industry-wide security bulletins, while a medium-severity flaw affects only Lenovo laptops but remains unpatched. The most […]

August 14, 2019

Microsoft’s Patch Tuesday bought some very bad news yesterday: more wormable RDP vulnerabilities, this time affecting Windows 10 users. CVE-2019-1181 and -1182 are critical vulnerabilities in Remote Desktop Services (formerly Windows Terminal) that are wormable – similar to the BlueKeep […]

June 11, 2019

Microsoft is warning of a fresh email campaign that distributes malicious RTF files boobytrapped with an exploit dating back to a 2017 vulnerability, CVE-2017-11882. The exploit allows attackers to automatically run malicious code without requiring user interaction. “The CVE-2017-11882 vulnerability […]

May 7, 2019

Thanks to Mozilla letting an intermediate signing certificate expire, the Tor community was thrown into disarray over the weekend when the NoScript security add-on was suddenly killed for both Firefox and the Tor browser. A fix is available for Firefox, […]