Tag Archives: vulnerabilities

Messenger billed as better than Signal is riddled with vulnerabilities

Getty Images reader comments 60 with 0 posters participating Share this story Academic researchers have discovered serious vulnerabilities in the core of Threema, an instant messenger that its Switzerland-based developer says provides a level of security and privacy “no other chat service” can offer. Despite the unusually strong claims and two independent security audits Threema… Read More: Messenger billed as better than Signal is riddled with vulnerabilities »

Hive Social turns off servers after researchers warn hackers can access all data

Hive Social reader comments 23 with 0 posters participating Share this story Hive Social, a social media platform that has seen meteoric growth since Elon Musk took over Twitter, abruptly shut down its service on Wednesday after a security advisory warned the site was riddled with vulnerabilities that exposed all data stored in user accounts.… Read More: Hive Social turns off servers after researchers warn hackers can… »

How secure a Twitter replacement is Mastodon? Let us count the ways

Getty Images reader comments 92 with 0 posters participating Share this story As Elon Musk critics flee from Twitter, Mastodon seems to be the most common replacement. In the last month, the number of monthly active users on Mastodon has rocketed more than threefold, from about 1 million to 3.5 million, while total number of… Read More: How secure a Twitter replacement is Mastodon? Let us count… »

Patches for 6 zero-days under active exploit are now available from Microsoft

reader comments 3 with 3 posters participating Share this story It’s the second Tuesday of the month, and that means it’s Update Tuesday, the monthly release of security patches available for nearly all software Microsoft supports. This time around, the software maker has fixed six zero-days under active exploit in the wild, along with a… Read More: Patches for 6 zero-days under active exploit are now available… »

VMware patches vulnerability with 9.8/10 severity rating in Cloud Foundation

Getty Images reader comments 1 with 1 posters participating Share this story Exploit code was released this week for a just-patched vulnerability in VMware Cloud Foundation and NSX Manager appliances that allows hackers with no authentication to execute malicious code with the highest system privileges. VMware patched the vulnerability, tracked as CVE-2021-39144, on Tuesday and… Read More: VMware patches vulnerability with 9.8/10 severity rating in Cloud Foundation »

VMware bug with 9.8 severity rating exploited to install witch’s brew of malware

reader comments 4 with 4 posters participating Share this story Hackers have been exploiting a now-patched vulnerability in VMware Workspace ONE Access in campaigns to install various ransomware and cryptocurrency miners, a researcher at security firm Fortinet said on Thursday. CVE-2022-22954 is a remote code execution vulnerability in VMware Workspace ONE Access that carries a… Read More: VMware bug with 9.8 severity rating exploited to install witch’s… »

Hardcoded password in Confluence app has been leaked on Twitter

Enlarge (credit: Getty Images) What’s worse than a widely used Internet-connected enterprise app with a hardcoded password? Try said enterprise app after the hardcoded password has been leaked to the world. Atlassian on Wednesday revealed three critical product vulnerabilities, including CVE-2022-26138 stemming from a hardcoded password in Questions for Confluence, an app that allows users… Read More: Hardcoded password in Confluence app has been leaked on Twitter »

Critical flaws in GPS tracker enable “disastrous” and “life-threatening” hacks

Enlarge A security firm and the US government are advising the public to immediately stop using a popular GPS tracking device or to at least minimize exposure to it, citing a host of vulnerabilities that make it possible for hackers to remotely disable cars while they’re moving, track location histories, disarm alarms, and cut off… Read More: Critical flaws in GPS tracker enable “disastrous” and “life-threatening” hacks »

Vulnerabilities allowing permanent infections affect 70 Lenovo laptop models

Enlarge (credit: Lenovo) For owners of more than 70 Lenovo laptop models, it’s time once again to patch the UEFI firmware against critical vulnerabilities that attackers can exploit to install malware that’s nearly impossible to detect or remove. The laptop maker on Tuesday released updates for three vulnerabilities that researchers found in the UEFI firmware… Read More: Vulnerabilities allowing permanent infections affect 70 Lenovo laptop models »

Botched and silent patches from Microsoft put customers at risk, critics say

Enlarge (credit: Drew Angerer | Getty Images) Blame is mounting on Microsoft for what critics say is a lack of transparency and adequate speed when responding to reports of vulnerabilities threatening its customers, security professionals said. Microsoft’s latest failing came to light on Tuesday in a post that showed Microsoft taking five months and three… Read More: Botched and silent patches from Microsoft put customers at risk,… »