reader comments 65 with 53 posters participating Share this story The Meeting Owl Pro is a videoconference device with an array of cameras and microphones that captures 360-degree video and audio and automatically focuses on whoever is speaking to make meetings more dynamic and inclusive. The consoles, which are slightly taller than an Amazon Alexa… Read More: Meeting Owl videoconference device used by govs is a security… »
Getty Images reader comments 33 with 32 posters participating Share this story In January 2019, a researcher disclosed a devastating vulnerability in one of the most powerful and sensitive devices embedded into modern servers and workstations. With a severity rating of 9.8 out of 10, the vulnerability affected a wide range of baseboard management controllers… Read More: Omnipotent BMCs from Quanta remain vulnerable to critical Pantsdown threat »
reader comments 2 with 2 posters participating Share this story Google’s Project Zero vulnerability research team detailed critical vulnerabilities Zoom patched last week making that made it possible for hackers to execute zero-click attacks that remotely ran malicious code on devices running the messaging software. Tracked as CVE-2022-22786 and CVE-2022-22784, the vulnerabilities made it possible… Read More: Critical Zoom vulnerabilities fixed last week required no user interaction »
Getty Images reader comments 4 with 4 posters participating Share this story Malicious hackers, some believed to be state-backed, are actively exploiting two unrelated vulnerabilities—both with severity ratings of 9.8 out of a possible 10—in hopes of infecting sensitive enterprise networks with backdoors, botnet software, and other forms of malware. The ongoing attacks target unpatched… Read More: 2 vulnerabilities with 9.8 severity ratings are under exploit. A… »
reader comments 7 with 6 posters participating, including story author Share this story Hardware manufacturer Zyxel quietly released an update fixing a critical vulnerability that gives hackers the ability to control tens of thousands of firewall devices remotely. The vulnerability, which allows remote command injection with no authentication required, carries a severity rating of 9.8… Read More: Zyxel silently patches command injection vulnerability with 9.8 severity rating »
Getty Images reader comments 51 with 39 posters participating Share this story Vulnerabilities recently discovered by Microsoft make it easy for people with a toehold on many Linux desktop systems to quickly gain root system rights— the latest elevation of privileges flaw to come to light in the open source OS. As operating systems have… Read More: Microsoft finds Linux desktop flaw that gives root to untrusted… »
Getty Images reader comments 3 with 3 posters participating Share this story Researchers on Friday said that hackers are exploiting the recently discovered SpringShell vulnerability to successfully infect vulnerable Internet of Things devices with Mirai, an open-source piece of malware that wrangles routers and other network-connected devices into sprawling botnets. When SpringShell (also known as… Read More: Trend says hackers have weaponized SpringShell to install Mirai malware »
reader comments 5 with 5 posters participating Share this story Hardware manufacturer Zyxel has issued patches for a highly critical security flaw that gives malicious hackers the ability to take control of a wide range of firewalls and VPN products the company sells to businesses. The flaw is an authentication bypass vulnerability that stems from… Read More: Zyxel patches critical vulnerability that can allow Firewall and VPN… »
Getty Images reader comments 8 with 8 posters participating Share this story Hype and hyperbole were on full display this week as the security world reacted to reports of yet another Log4Shell. The vulnerability came to light in December and is arguably one of the gravest Internet threats in years. Christened Spring4Shell—the new code-execution bug… Read More: Explaining Spring4Shell: The Internet security disaster that wasn’t »
reader comments 24 with 21 posters participating Share this story A researcher has successfully used the critical Dirty Pipe vulnerability in Linux to fully root two models of Android phones—a Pixel 6 Pro and Samsung S22—in a hack that demonstrates the power of exploiting the newly discovered OS flaw. The researcher chose those two handset… Read More: Researcher uses Dirty Pipe exploit to fully root a Pixel… »