Tag Archives: vulnerabilities

Feds list the top 30 most exploited vulnerabilities. Many are years old

reader comments 59 with 43 posters participating Share this story Government officials in the US, UK, and Australia are urging public- and private-sector organizations to secure their networks by ensuring firewalls, VPNs, and other network-perimeter devices are patched against the most widespread exploits. In a joint advisory published Wednesday, the US FBI and CISA (Cybersecurity… Read More »

Two-for-Tuesday vulnerabilities send Windows and Linux users scrambling

reader comments 116 with 71 posters participating Share this story The world woke up on Tuesday to two new vulnerabilities—one in Windows and the other in Linux—that allow hackers with a toehold in a vulnerable system to bypass OS security restrictions and access sensitive resources. As operating systems and applications become harder to hack, successful… Read More »

iOS zero-day let SolarWinds hackers compromise fully updated iPhones

reader comments 55 with 26 posters participating Share this story The Russian state hackers who orchestrated the SolarWinds supply chain attack last year exploited an iOS zero-day as part of a separate malicious email campaign aimed at stealing Web authentication credentials from Western European governments, according to Google and Microsoft. In a post Google published… Read More »

Microsoft discovers critical SolarWinds zero-day under active attack

reader comments 29 with 24 posters participating Share this story SolarWinds, the company at the center of a supply chain attack that compromised nine US agencies and 100 private companies, is scrambling to contain a new security threat: a critical zero-day vulnerability in its Serv-U product line. Microsoft discovered the exploits and privately reported them… Read More »

Microsoft’s emergency patch fails to fix critical “PrintNightmare” vulnerability

reader comments 39 with 29 posters participating Share this story An emergency patch Microsoft issued on Tuesday fails to fully fix a critical security vulnerability in all supported versions of Windows that allows attackers to take control of infected systems and run code of their choice, researchers said. The threat, colloquially known as PrintNightmare, stems… Read More »

Hackers exploited 0-day, not 2018 bug, to mass-wipe My Book Live devices

Getty Images reader comments 180 with 135 posters participating Share this story Last week’s mass-wiping of Western Digital My Book Live storage devices involved the exploitation of not just one vulnerability but a second critical security bug that allowed hackers to remotely perform a factory reset without a password, an investigation shows. The vulnerability is remarkable… Read More »

Covert channel in Apple’s M1 is mostly harmless, but it sure is interesting

reader comments 56 with 42 posters participating, including story author Share this story Apple’s new M1 CPU has a flaw that creates a covert channel that two or more malicious apps—already installed—can use to transmit information to each other, a developer has found. The surreptitious communication can occur without using computer memory, sockets, files, or… Read More »

No, it doesn’t just crash Safari. Apple has yet to fix exploitable flaw

reader comments 35 with 25 posters participating, including story author Share this story Apple has yet to patch a security bug found in iPhones and Macs despite the availability of a fix released almost three weeks ago, a researcher said. The vulnerability resides in WebKit, the browser engine that powers Safari and all browsers that… Read More »

Vulnerability in VMware product has severity rating of 9.8 out of 10

reader comments 26 with 16 posters participating Share this story Data centers around the world have a new concern to contend with—a remote code vulnerability in a widely used VMware product. The security flaw, which VMware disclosed and patched on Tuesday, resides in the vCenter Server, a tool used for managing virtualization in large data… Read More »

4 vulnerabilities under attack give hackers full control of Android devices

reader comments 24 with 21 posters participating Share this story Unknown hackers have been exploiting four Android vulnerabilities that allow the execution of malicious code that can take complete control of devices, Google warned on Wednesday. All four of the vulnerabilities were disclosed two weeks ago in Google’s Android Security Bulletin for May. Google has… Read More »