Top
item
Advertisement

Tag: vulnerabilities


Threats & Malware, Vulnerabilities

OpenAI’s GPT-4 can exploit real vulnerabilities by reading security advisories

April 17, 2024

Via: The Register

AI agents, which combine large language models with automation software, can successfully exploit real world security vulnerabilities by reading security advisories, academics have claimed. In a newly released paper, four University of Illinois Urbana-Champaign (UIUC) computer scientists – Richard Fang, […]


Cyber-crime, Malware

Unpatched Vulnerabilities: The Most Brutal Ransomware Attack Vector

April 3, 2024

Via: Naked Security

To deploy a ransomware attack, adversaries must first gain access to a victim’s corporate environment, devices, and data. Threat actors typically use two main approaches to gain entry: logging in using compromised credentials, i.e., legitimate access data that had previously […]


Mobile, Mobile security, Threats & Malware, Vulnerabilities

Google Patches Exploited Pixel Vulnerabilities

April 3, 2024

Via: Security Week

The exploited flaws, tracked as CVE-2024-29745 and CVE-2024-29748, impact Pixel’s bootloader and firmware, Google notes in its advisory. The internet giant says it has indications that these two security defects “may be under limited, targeted exploitation,” without providing specific details […]


Threats & Malware, Vulnerabilities

Multiple XSS flaws in Joomla can lead to remote code execution

February 22, 2024

Via: Security Affairs

The maintainers of the Joomla! Project released Joomla 5.0.3 and 4.4.3 versions that addressed the following vulnerabilities in the popular content management system (CMS): [20240201] –CVE-2024-21722 Core – Insufficient session expiration in MFA management views: The MFA management features did […]


Threats & Malware, Vulnerabilities

Fortinet’s week to forget: Critical vulns, disclosure screw-ups, and that toothbrush DDoS attack claim

February 9, 2024

Via: The Register

We’ve had to write the word “Fortinet” so often lately that we’re considering making a macro just to make our lives a little easier after what the company’s reps will surely agree has been a week sent from hell. It […]


Threats & Malware, Vulnerabilities

Raspberry Robin devs are buying exploits for faster attacks

February 8, 2024

Via: The Register

Researchers suspect the criminals behind the Raspberry Robin malware are now buying exploits for speedier cyberattacks. An exploit developer is thought by infosec pros to be either on the Raspberry Robin payroll or a close contact that sells them to […]


Application security, Security

Rust can help make software secure – but it’s no cure-all

February 8, 2024

Via: The Register

Memory-safety flaws represent the majority of high-severity problems for Google and Microsoft, but they’re not necessarily associated with the majority of vulnerabilities that actually get exploited. So while coding with Rust can help reduce memory safety vulnerabilities, it won’t fix […]


Threats & Malware, Vulnerabilities

Double trouble for Fortinet customers as pair of critical vulns found in FortiSIEM

February 6, 2024

Via: The Register

Fortinet’s FortiSIEM product is vulnerable to two new maximum-severity security vulnerabilities that allow for remote code execution. Both CVE-2024-23108 and CVE-2024-23109 have been assigned provisional scores of 10 on the CVSS scale, suggesting exploits can be carried out remotely by […]


Threats & Malware, Vulnerabilities

CISA adds Apple improper authentication bug to its Known Exploited Vulnerabilities catalog

January 31, 2024

Via: Security Affairs

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) added an Apple improper authentication bug, tracked as CVE-2022-48618, to its Known Exploited Vulnerabilities (KEV) catalog. The vulnerability can allow an attacker with arbitrary read and write capability to bypass Pointer Authentication. […]


Threats & Malware, Vulnerabilities

Reg story prompts fresh security bulletin, review of Juniper Networks’ CVE process

January 30, 2024

Via: The Register

Juniper Networks has disclosed separate vulnerabilities it was previously accused of concealing, and apologized to customers for the error in communication. The update, which happened late last week, comes hot on the heels of reporting from El Reg that highlighted […]


Threats & Malware, Vulnerabilities

Multiple vulnerabilities discovered in widely used security driver

January 25, 2024

Via: Naked Security

In July 2023, our proactive behavior rules triggered on an attempt to load a driver named pskmad_64.sys (Panda Memory Access Driver) on a protected machine. The driver is owned by Panda Security and used in many of their products. Due […]


Hacker, Threats & Malware

BreachForums admin ‘Pompourin’ sentenced to 20 years of supervised release

January 22, 2024

Via: The Register

Conor Brian Fitzpatrick – aka “Pompourin,” a former administrator of notorious leak site BreachForums – has been sentenced to 20 years of supervised release. Fitzpatrick was arrested and charged in March 2023. Authorities accused him of running the site, which […]


Cyber-crime, Malware

Ransomware attacks hospitalizing security pros, as one admits suicidal feelings

January 18, 2024

Via: The Register

Ransomware attacks are being linked to a litany of psychological and physical illnesses reported by infosec professionals, and in some cases blamed for hospitalizations. A cybersecurity worker in the financial services industry, for example, pinned the stress of remediating ransomware […]


Threats & Malware, Vulnerabilities

Patch now: Critical VMware, Atlassian flaws found

January 16, 2024

Via: The Register

VMware and Atlassian today disclosed critical vulnerabilities and, while neither appear to have been exploited by miscreants yet, admins should patch now to avoid disappointment. First off, a pair of issues from Atlassian. Most serious is CVE-2023-22527, a template injection […]


Application security, Security

Facebook, Instagram now mine web links you visit to fuel targeted ads

January 8, 2024

Via: The Register

We gather everyone’s still easing themselves into the New Year. Deleting screens of unread emails, putting on a brave face in meetings, and slowly getting up to speed. While you’re recovering from the Christmas break, Meta has been busy introducing […]


Cloud security, Security

Google Cloud says it has fixed a significant security flaw

December 29, 2023

Via: TechRadar

Google Cloud has patched a vulnerability that may have allowed malicious actors with access to a Kubernetes cluster to elevate their privileges and wreak havoc. “An attacker who has compromised the Fluent Bit logging container could combine that access with […]


Threats & Malware, Vulnerabilities

Before you go away for Xmas: You’ve patched that critical Perforce Server hole, right?

December 19, 2023

Via: The Register

Four vulnerabilities in Perforce Helix Core Server, including one critical remote code execution bug, should be patched “immediately,” according to Microsoft, which spotted the flaws and disclosed them to the software vendor. Perforce Server is a source code management platform […]


Threats & Malware, Vulnerabilities

Report: Attackers Move Lightning Fast to Capitalize on  Vulnerabilities

December 19, 2023

Via: SecureWorld

This morning, the Qualys Threat Research Unit released its 2023 Threat Landscape Year in Review report. In 2023, the Qualys Threat Research Unit (TRU) witnessed a critical trend in exploiting high-risk vulnerabilities. Its analysis reveals a startling insight into how […]


Threats & Malware, Vulnerabilities

Multiple flaws in pfSense firewall can lead to arbitrary code execution

December 15, 2023

Via: Security Affairs

pfSense is a popular open-source firewall solution maintained by Netgate, researchers discovered multiple security issues affecting it. Researchers from SonarCloud discovered several security issues, Cross-Site Scripting (XSS) vulnerabilities and a Command Injection vulnerability in pfSense CE (CVE-2023-42325, CVE-2023-42327, CVE-2023-42326). The […]


Network security, Security

GAO Report: Cyber Incident Response at U.S. Federal Agencies Lacking

December 12, 2023

Via: SecureWorld

More than a few federal agencies have some work to do when it comes to incident response, according to a December 4, 2023, report from the U.S. Government Accountability Office (GAO), titled “Cybersecurity: Federal Agencies Made Progress, but Need to […]