reader comments 13 with Organizations that have yet to patch a 9.8-severity vulnerability in network devices made by Zyxel have emerged as public nuisance No. 1 as a sizable number of them continue to be exploited and wrangled into botnets that wage DDoS attacks. Zyxel patched the flaw on April 25. Five weeks later, Shadowserver,… Read More »
Getty Images reader comments 14 with Organizations big and small are once again scrambling to patch critical vulnerabilities that are already under active exploitation and cause the kind of breaches coveted by ransomware actors and nation-state spies. The exploited vulnerabilities—one in Adobe ColdFusion and the other in various Citrix NetScaler products—allow for the remote execution… Read More »
reader comments 30 with 0 posters participating Share this story Researchers recently discovered a Windows code-execution vulnerability that has the potential to rival EternalBlue, the name of a different Windows security flaw used to detonate WannaCry, the ransomware that shut down computer networks across the world in 2017. Like EternalBlue, CVE-2022-37958, as the latest vulnerability… Read More »
Enlarge / The fallout of an OpenSSL vulnerability, initially listed as “critical,” should be much less severe than that of the last critical OpenSSL bug, Heartbleed. reader comments 19 with 17 posters participating Share this story An OpenSSL vulnerability once signaled as the first critical-level patch since the Internet-reshaping Heartbleed bug has just been patched.… Read More »
Getty Images reader comments 23 with 18 posters participating Share this story Microsoft said on Wednesday that it recently identified a vulnerability in TikTok’s Android app that could allow attackers to hijack accounts when users did nothing more than click on a single errant link. The software maker said it notified TikTok of the vulnerability… Read More »
Enlarge / A critical vulnerability in Zoom for MacOS, patched once last weekend, could still be bypassed as of Wednesday. Users should update again. Getty Images reader comments 23 with 21 posters participating Share this story It’s time for Zoom users on Mac to update—again. After Zoom patched a vulnerability in its Mac auto-update utility that… Read More »
Enlarge (credit: Getty Images) A secretive seller of cyberattack software recently exploited a previously unknown Chrome vulnerability and two other zero-days in campaigns that covertly infected journalists and other targets with sophisticated spyware, security researchers said. CVE-2022-2294, as the vulnerability is tracked, stems from memory corruption flaws in Web Real-Time Communications, an open source project… Read More »
The_Grim_Sleeper reader comments 26 with 24 posters participating Share this story Bandai Namco, publisher of the Dark Souls role-playing game series, has taken down its player-versus-player servers while it investigates reports of a serious vulnerability that allows players to execute malicious code on the PCs of fellow players. Word of the critical remote-code-execution flaw emerged… Read More »
Getty Images reader comments 62 with 41 posters participating Share this story Exploit code has been released for a serious code-execution vulnerability in Log4j, an open-source logging utility that’s used in countless apps, including those used by large enterprise organizations, several websites reported on last Thursday. Word of the vulnerability first came to light on… Read More »
Enlarge / Apple’s AirTags—as seen clipped to a backpack, above—allow users to attempt to find their own device via location rebroadcast from other Apple users. If all else fails, the user can enable a “Lost mode” intended to display their phone number when a finder scans the missing AirTag. reader comments 28 with 25 posters… Read More »