reader comments 14 Highly capable hackers are rooting multiple corporate networks by exploiting a maximum-severity zero-day vulnerability in a firewall product from Palo Alto Networks, researchers said Friday. The vulnerability, which has been under active exploitation for at least two weeks now, allows the hackers with no authentication to execute malicious code with root privileges,… Read More »
Getty Images reader comments 23 Hackers are actively exploiting a pair of recently discovered vulnerabilities to remotely commandeer network-attached storage devices manufactured by D-Link, researchers said Monday. Roughly 92,000 devices are vulnerable to the remote takeover exploits, which can be remotely transmitted by sending malicious commands through simple HTTP traffic. The vulnerability came to light… Read More »
Nadezhda Kozhedub reader comments 56 UEFI firmware from five of the leading suppliers contains vulnerabilities that allow attackers with a toehold in a user’s network to infect connected devices with malware that runs at the firmware level. The vulnerabilities, which collectively have been dubbed PixieFail by the researchers who discovered them, pose a threat mostly… Read More »
Getty Images reader comments 33 with Security researchers are tracking what they say is the “mass exploitation” of a security vulnerability that makes it possible to take full control of servers running ownCloud, a widely used open-source filesharing server app. The vulnerability, which carries the maximum severity rating of 10, makes it possible to obtain… Read More »
Getty Images reader comments 7 with A critical vulnerability that hackers have exploited since August, which allows them to bypass multifactor authentication in Citrix networking hardware, has received a patch from the manufacturer. Unfortunately, applying it isn’t enough to protect affected systems. The vulnerability, tracked as CVE-2023-4966 and carrying a severity rating of 9.8 out… Read More »
Getty Images reader comments 29 with Ransomware hackers have started exploiting one or more recently fixed vulnerabilities that pose a grave threat to enterprise networks around the world, researchers said. One of the vulnerabilities has a severity rating of 10 out of a possible 10 and another 9.9. They reside in WS_FTP Server, a file-sharing… Read More »
Getty Images reader comments 32 with Arm warned on Monday of active ongoing attacks targeting a vulnerability in device drivers for its Mali line of GPUs, which run on a host of devices, including Google Pixels and other Android handsets, Chromebooks, and hardware running Linux. “A local non-privileged user can make improper GPU memory processing… Read More »
Getty Images reader comments 21 with Thousands of servers running the Exim mail transfer agent are vulnerable to potential attacks that exploit critical vulnerabilities, allowing remote execution of malicious code with little or no user interaction. The vulnerabilities were reported on Wednesday by Zero Day Initiative, but they largely escaped notice until Friday when they… Read More »
reader comments 21 with MOVEit, the file-transfer software exploited in recent weeks in one of the biggest cyberattacks ever, has received yet another security update that fixes a critical vulnerability that could be exploited to give hackers access to vast amounts of sensitive data. On Thursday, MOVEit maker Progress Software published a security bulletin that… Read More »
Getty Images reader comments 8 with Hundreds of Internet-exposed devices inside solar farms remain unpatched against a critical and actively exploited vulnerability that makes it easy for remote attackers to disrupt operations or gain a foothold inside the facilities. The devices, sold by Osaka, Japan-based Contec under the brand name SolarView, help people inside solar… Read More »