Threats & Malware, Vulnerabilities
April 25, 2024
Via: Security AffairsGoogle addressed four vulnerabilities in the Chrome web browser, including a critical vulnerability tracked as CVE-2024-4058. The vulnerability CVE-2024-4058 is a Type Confusion issue that resides in the ANGLE graphics layer engine. An attacker can exploit this vulnerability to execute […]
Threats & Malware, Vulnerabilities
April 22, 2024
Via: TechRadarThe not-for-profit research and development organization MITRE suffered a cyberattack early this year, with the attack apparently hindering some operations, but there was no talk of stolen data. In a breach notification published on the MITRE website late last week, […]
Threats & Malware, Vulnerabilities
April 19, 2024
Via: TechRadarTraditional cybersecurity is laser-focused on incident detection and response. In other words, it’s built around a Security Operations Centre (SOC). That’s no bad thing in itself. Read between the lines, however, and that assumes we’re waiting on the threats to […]
Hacker, Threats & Malware, Vulnerabilities
April 18, 2024
Via: The Hacker NewsThreat actors are actively exploiting critical vulnerabilities in OpenMetadata to gain unauthorized access to Kubernetes workloads and leverage them for cryptocurrency mining activity. That’s according to the Microsoft Threat Intelligence team, which said the flaws have been weaponized since the […]
Threats & Malware, Vulnerabilities
April 17, 2024
Via: The RegisterAI agents, which combine large language models with automation software, can successfully exploit real world security vulnerabilities by reading security advisories, academics have claimed. In a newly released paper, four University of Illinois Urbana-Champaign (UIUC) computer scientists – Richard Fang, […]
Threats & Malware, Vulnerabilities
April 12, 2024
Via: Security WeekTracked as CVE-2024-3400 and assigned a severity score of 10 out of 10, the security defect was identified in the GlobalProtect feature of PAN-OS, the operating system running on Palo Alto Networks appliances. “A command injection vulnerability in the GlobalProtect […]
Threats & Malware, Vulnerabilities
April 11, 2024
Via: Security AffairsMicrosoft Patches Tuesday security updates for April 2024 addressed 147 vulnerabilities in multiple products. This is the highest number of fixed issues from Microsoft this year and the largest since at least 2017. The issues impact Microsoft Windows and Windows […]
Threats & Malware, Vulnerabilities
April 9, 2024
Via: TechRadarBack in January, we reported on a small security update patch for Windows 10 that brought on a lot of headaches for IT admins and brought on a veritable cavalcade of error codes. Microsoft promised a fix was in the […]
Threats & Malware, Vulnerabilities
April 9, 2024
Via: Security AffairsBitdefender researchers discovered multiple vulnerabilities in LG webOS running on smart TVs that could be exploited to bypass authorization and gain root access on the devices. The vulnerabilities discovered by the researchers impact WebOS versions 4 through 7 running on […]
Threats & Malware, Vulnerabilities
April 8, 2024
Via: TechRadarMultiple generative AI models uploaded to Hugging Face were found to be vulnerable in a way that allowed threat actors to run malicious code and extract sensitive user information. This is according to a new report from the cloud security […]
Mobile, Mobile security, Threats & Malware, Vulnerabilities
April 3, 2024
Via: Security WeekThe exploited flaws, tracked as CVE-2024-29745 and CVE-2024-29748, impact Pixel’s bootloader and firmware, Google notes in its advisory. The internet giant says it has indications that these two security defects “may be under limited, targeted exploitation,” without providing specific details […]
Cyber-crime, Malware, Threats & Malware, Vulnerabilities
March 20, 2024
Via: Security AffairsTrend Micro researchers are exploiting the recently disclosed vulnerabilities CVE-2024-27198 (CVSS score: 9.8) and CVE-2024-27199 (CVSS score 7.3) security flaws in JetBrains TeamCity to deploy multiple malware families and gain administrative control over impacted systems. In early March, Rapid7 researchers […]
Threats & Malware, Vulnerabilities
March 18, 2024
Via: Security WeekThe research focused on WebGPU, an API that enables web developers to use the underlying system’s GPU to carry out high-performance computations in a web browser. By leveraging this API, they have demonstrated an attack that works entirely from the […]
Threats & Malware, Vulnerabilities
March 14, 2024
Via: The Hacker NewsFortinet has warned of a critical security flaw impacting its FortiClientEMS software that could allow attackers to achieve code execution on affected systems. “An improper neutralization of special elements used in an SQL Command (‘SQL Injection’) vulnerability [CWE-89] in FortiClientEMS […]
Threats & Malware, Vulnerabilities
March 8, 2024
Via: The Hacker NewsThe U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Thursday added a critical security flaw impacting JetBrains TeamCity On-Premises software to its Known Exploited Vulnerabilities (KEV) catalog, based on evidence of active exploitation. The vulnerability, tracked as CVE-2024-27198 (CVSS score: […]
Threats & Malware, Vulnerabilities
March 1, 2024
Via: The RegisterThe quantum threat might seem futuristic, more like something you’d encounter in a science fiction film. But it’s arguably already a danger to real cyber security defences. Strengthening those defences relies heavily on knowledge and preparation. Arqit can help you […]
Threats & Malware, Vulnerabilities
February 22, 2024
Via: Security AffairsThe maintainers of the Joomla! Project released Joomla 5.0.3 and 4.4.3 versions that addressed the following vulnerabilities in the popular content management system (CMS): [20240201] –CVE-2024-21722 Core – Insufficient session expiration in MFA management views: The MFA management features did […]
Threats & Malware, Vulnerabilities
February 15, 2024
Via: The RegisterVideo conferencing giant Zoom today opened up about a fresh batch of security vulnerabilities affecting its products, including a critical privilege escalation flaw. Tracked as CVE-2024-24691 with a CVSS score of 9.6, Zoom says the vulnerability may enable privilege escalation […]
Threats & Malware, Vulnerabilities
February 9, 2024
Via: The RegisterWe’ve had to write the word “Fortinet” so often lately that we’re considering making a macro just to make our lives a little easier after what the company’s reps will surely agree has been a week sent from hell. It […]
Threats & Malware, Vulnerabilities
February 8, 2024
Via: The RegisterResearchers suspect the criminals behind the Raspberry Robin malware are now buying exploits for speedier cyberattacks. An exploit developer is thought by infosec pros to be either on the Raspberry Robin payroll or a close contact that sells them to […]