reader comments 8 with 0 posters participating Share this story Researchers have unearthed four game modes that could successfully exploit a critical vulnerability that remained unpatched in the popular Dota 2 video game for 15 months after a fix had become available. The vulnerability, tracked as CVE-2021-38003, resided in the open source JavaScript engine from… Read More »
Getty Images reader comments 12 with 0 posters participating Share this story Malicious hackers have begun exploiting a critical vulnerability in unpatched versions of the Control Web Panel, a widely used interface for web hosting. “This is an unauthenticated RCE,” members of the Shadowserver group wrote on Twitter, using the abbreviation for remote code exploit.… Read More »
reader comments 8 with 0 posters participating Share this story For the past two weeks, hackers have been exploiting a critical vulnerability in the SugarCRM (customer relationship management) system to infect users with malware that gives them full control of their servers. The vulnerability began as a zero-day when the exploit code was posted online… Read More »
reader comments 3 with 3 posters participating Share this story It’s the second Tuesday of the month, and that means it’s Update Tuesday, the monthly release of security patches available for nearly all software Microsoft supports. This time around, the software maker has fixed six zero-days under active exploit in the wild, along with a… Read More »
Enlarge / A tin toy robot lying on its side. reader comments 35 with 31 posters participating Share this story On Thursday, a few Twitter users discovered how to hijack an automated tweet bot, dedicated to remote jobs, running on the GPT-3 language model by OpenAI. Using a newly discovered technique called a “prompt injection… Read More »
Enlarge (credit: Getty Images) Microsoft said on Wednesday that an Austria-based company named DSIRF used multiple Windows and Adobe Reader zero-days to hack organizations located in Europe and Central America. Multiple news outlets have published articles like this one, which cited marketing materials and other evidence linking DSIRF to Subzero, a malicious toolset for “automated… Read More »
Enlarge (credit: Drew Angerer | Getty Images) Blame is mounting on Microsoft for what critics say is a lack of transparency and adequate speed when responding to reports of vulnerabilities threatening its customers, security professionals said. Microsoft’s latest failing came to light on Tuesday in a post that showed Microsoft taking five months and three… Read More »
reader comments 65 with 53 posters participating Share this story The Meeting Owl Pro is a videoconference device with an array of cameras and microphones that captures 360-degree video and audio and automatically focuses on whoever is speaking to make meetings more dynamic and inclusive. The consoles, which are slightly taller than an Amazon Alexa… Read More »
Getty Images reader comments 33 with 32 posters participating Share this story In January 2019, a researcher disclosed a devastating vulnerability in one of the most powerful and sensitive devices embedded into modern servers and workstations. With a severity rating of 9.8 out of 10, the vulnerability affected a wide range of baseboard management controllers… Read More »
reader comments 2 with 2 posters participating Share this story Google’s Project Zero vulnerability research team detailed critical vulnerabilities Zoom patched last week making that made it possible for hackers to execute zero-click attacks that remotely ran malicious code on devices running the messaging software. Tracked as CVE-2022-22786 and CVE-2022-22784, the vulnerabilities made it possible… Read More »