Tag: vulnerabilities

December 6, 2023

A years-old Bluetooth authentication bypass vulnerability allows miscreants to connect to Apple, Android and Linux devices and inject keystrokes to run arbitrary commands, according to a software engineer at drone technology firm SkySafe. The bug, tracked as CVE-2023-45866, doesn’t require […]

November 28, 2023

In the ever-evolving landscape of computer security, many innovations flood the market, each boasting its efficacy. As a regular attendee of security conferences and contributor to security books, it’s evident to me that the field remains a hot topic. However, […]

November 22, 2023

Microsoft’s bug bounty program celebrated its tenth birthday this year, and has paid out $63 million to security researchers in that first decade – with $60 million awarded to bug hunters in the past five years alone, according to Redmond. […]

November 20, 2023

It’s that time of year again – NordPass has released its annual list of the most common passwords. And while it seems some of you took last year’s chiding to heart, most of you arguably swapped bad for worse. Password […]

November 20, 2023

Quick show of hands: whose data hasn’t been stolen in the mass exploitation of Progress Software’s vulnerable MOVEit file transfer application? Anyone? According to security shop Emsisoft, 2,620 organizations and more than 77 million individuals have been impacted to date, […]

November 15, 2023

Heads up: Microsoft’s November Patch Tuesday includes fixes for about 60 vulnerabilities – including three that have already been found and abused in the wild. First of that trio is CVE-2023-36033: a Windows Desktop Manager (WDM) Core Library elevation-of-privilege vulnerability. […]

November 13, 2023

After spending almost a year cleaning up after various security snafus, the UK’s Royal Mail had an open redirect flaw on one of its sites, according to infosec types. We’re told this vulnerability potentially exposes customers to malware infections and […]

November 6, 2023

Cybersecurity researchers from Zscaler have discovered more than a hundred vulnerabilities in Microsoft 365 that were introduced with the addition of SketchUp into the cloud productivity suite. To make matters worse, they claim to have managed to bypass the patches […]

October 23, 2023

After a six-day wait, Cisco started rolling out a patch for a critical bug that miscreants had exploited to install implants in thousands of devices. Alas, it seems to have been largely useless. The flaw in the networking giant’s IOS […]

October 13, 2023

Sucuri researchers reported that more than 17,000 WordPress websites have been compromised in September with the Balada Injector. The researchers noticed that the number of Balada Injector infections has doubled compared with August. The Balada injector is a malware family […]

October 11, 2023

After a week of rampant speculation about the nature of the security issues in curl, the latest version of the command line transfer tool was finally released today. Described by curl project founder and lead developer Daniel Stenberg as “probably […]

October 11, 2023

Siemens and Schneider Electric’s Patch Tuesday advisories for October 2023 address more than 40 vulnerabilities affecting their products. Siemens Siemens has published a dozen new advisories addressing 41 vulnerabilities. One advisory describes seven vulnerabilities affecting Siemens’ Ruggedcom APE1808 industrial application […]

October 10, 2023

Details about two vulnerabilities (CVE-2023-38545, CVE-2023-38546) in curl, a foundational and widely used open-source software for data transfer via URLs, are to be released on Wednesday, October 11. Daniel Stenberg, the original author and lead developer, has said that the […]

October 4, 2023

A trio of now-patched security issues in TorchServe, an open-source tool for scaling PyTorch machine-learning models in production, could lead to server takeover and remote code execution (RCE), according to security researchers. The three CVEs, collectively dubbed “ShellTorch,” rendered “tens […]

October 4, 2023

Three out of 17 flaws are rated Critical, 13 are rated High, and one is rated Medium in severity. The company is also warning that three other zero-day vulnerabilities are actively exploited in attacks in the wild. Google Threat Analysis […]

October 2, 2023

Security researchers have spotted what they believe to be a “possible mass exploitation” of vulnerabilities in Progress Software’s WS_FTP Server. Researchers at Rapid7 began noticing evidence of exploitation on 30 September across multiple instances of WS_FTP. Progress released fixes for […]

October 2, 2023

A major flaw in Exim’s mail transfer agent (MTA) software has been detected that has gone without a patch for more than a year. Researchers from Trend Micro’s Zero Day Initiative were tipped off by an anonymous researcher in June […]

September 22, 2023

Apple emitted patches this week to close security holes that have been exploited in the wild by commercial spyware. The updates, which were issued yesterday and should be installed as soon as possible if not already, address as many as […]

September 19, 2023

VulnCheck researchers discovered approximately 12,000 internet-exposed Juniper SRX firewalls and EX switches that are vulnerable to the recently disclosed remote code execution flaw CVE-2023-36845. In mid-August, Juniper addressed four medium-severity (CVSS 5.3) vulnerabilities (CVE-2023-36844, CVE-2023-36845, CVE-2023-36846, CVE-2023-36847) impacting EX switches […]

September 18, 2023

Of all the vulnerabilities an organization’s system has, the majority sit within its cloud environment, a new report from cybersecurity researchers Unit 42, part of Palo Alto Networks, has found. As per the report, four in five (80%) of all […]