reader comments 8 with 0 posters participating Share this story For the past two weeks, hackers have been exploiting a critical vulnerability in the SugarCRM (customer relationship management) system to infect users with malware that gives them full control of their servers. The vulnerability began as a zero-day when the exploit code was posted online… Read More »
reader comments 3 with 3 posters participating Share this story It’s the second Tuesday of the month, and that means it’s Update Tuesday, the monthly release of security patches available for nearly all software Microsoft supports. This time around, the software maker has fixed six zero-days under active exploit in the wild, along with a… Read More »
Enlarge / A tin toy robot lying on its side. reader comments 35 with 31 posters participating Share this story On Thursday, a few Twitter users discovered how to hijack an automated tweet bot, dedicated to remote jobs, running on the GPT-3 language model by OpenAI. Using a newly discovered technique called a “prompt injection… Read More »
Enlarge (credit: Getty Images) Microsoft said on Wednesday that an Austria-based company named DSIRF used multiple Windows and Adobe Reader zero-days to hack organizations located in Europe and Central America. Multiple news outlets have published articles like this one, which cited marketing materials and other evidence linking DSIRF to Subzero, a malicious toolset for “automated… Read More »
Enlarge (credit: Drew Angerer | Getty Images) Blame is mounting on Microsoft for what critics say is a lack of transparency and adequate speed when responding to reports of vulnerabilities threatening its customers, security professionals said. Microsoft’s latest failing came to light on Tuesday in a post that showed Microsoft taking five months and three… Read More »
reader comments 65 with 53 posters participating Share this story The Meeting Owl Pro is a videoconference device with an array of cameras and microphones that captures 360-degree video and audio and automatically focuses on whoever is speaking to make meetings more dynamic and inclusive. The consoles, which are slightly taller than an Amazon Alexa… Read More »
Getty Images reader comments 33 with 32 posters participating Share this story In January 2019, a researcher disclosed a devastating vulnerability in one of the most powerful and sensitive devices embedded into modern servers and workstations. With a severity rating of 9.8 out of 10, the vulnerability affected a wide range of baseboard management controllers… Read More »
reader comments 2 with 2 posters participating Share this story Google’s Project Zero vulnerability research team detailed critical vulnerabilities Zoom patched last week making that made it possible for hackers to execute zero-click attacks that remotely ran malicious code on devices running the messaging software. Tracked as CVE-2022-22786 and CVE-2022-22784, the vulnerabilities made it possible… Read More »
Getty Images reader comments 4 with 4 posters participating Share this story Malicious hackers, some believed to be state-backed, are actively exploiting two unrelated vulnerabilities—both with severity ratings of 9.8 out of a possible 10—in hopes of infecting sensitive enterprise networks with backdoors, botnet software, and other forms of malware. The ongoing attacks target unpatched… Read More »
Getty Images reader comments 5 with 4 posters participating Share this story Malicious hackers have been hammering servers with attacks that exploit the recently discovered SpringShell vulnerability in an attempt to install cryptomining malware, researchers said. SpringShell came to light late last month when a researcher demonstrated how it could be used to remotely execute… Read More »