#security-vulnerabilities

[ follow ]
#cybersecurity
fromThe Hacker News
1 day ago
Privacy professionals

Critical Flaws in Niagara Framework Threaten Smart Buildings and Industrial Systems Worldwide

fromThe Hacker News
1 day ago
Privacy professionals

Critical Flaws in Niagara Framework Threaten Smart Buildings and Industrial Systems Worldwide

Information security
fromTheregister
3 months ago

CISA warns of new malware targeting Ivanti flaw

Ivanti products face a new malware threat called Resurge, exploiting a critical vulnerability. Immediate action is required to protect systems.
fromThe Verge
4 days ago

DJI couldn't confirm or deny it disguised this drone to evade a US ban

DJI's drones are largely absent from the U.S. market, leading to alternatives like the SkyRover X1, closely resembling DJI products.
fromsfist.com
6 days ago

Sam Altman Warns of Coming AI-Created 'Fraud Crisis'

I am very nervous that we have an impending, significant, impending fraud crisis. A thing that terrifies me is apparently there are still some financial institutions that will accept a voice print as authentication for you to move a lot of money.
Privacy professionals
#bitchat
fromTechCrunch
2 weeks ago
Privacy technologies

Jack Dorsey says his 'secure' new Bitchat app has not been tested for security | TechCrunch

fromTechCrunch
2 weeks ago
Privacy technologies

Jack Dorsey says his 'secure' new Bitchat app has not been tested for security | TechCrunch

Information security
fromTheregister
1 month ago

Veeam fixes another critical RCE bug in Backup & Replication

Users of Veeam Backup & Replication should urgently apply the latest patches to fix a critical remote code execution vulnerability.
Privacy technologies
fromTheregister
1 month ago

Sitecore fixes pre-auth RCE exploits in enterprise CMS

A pre-authentication exploit chain in Sitecore CMS could lead to full system takeover, affecting major companies.
Researchers found hardcoded passwords and other vulnerabilities in Sitecore CMS, posing serious security risks.
fromThe Hacker News
1 month ago

HPE Issues Security Patch for StoreOnce Bug Allowing Remote Authentication Bypass

These vulnerabilities could be remotely exploited to allow remote code execution, disclosure of information, server-side request forgery, authentication bypass, arbitrary file deletion, and directory traversal information disclosure vulnerabilities.
Information security
Information security
fromThe Hacker News
1 month ago

New Linux Flaws Allow Password Hash Theft via Core Dumps in Ubuntu, RHEL, Fedora

Vulnerabilities in apport and systemd-coredump can let local attackers access sensitive information through race conditions.
fromThe Cyber Express
2 months ago

Multer Vulnerabilities Expose Node.js Apps To DoS Attacks

Two critical vulnerabilities in Multer could crash Node.js applications through malformed uploads, emphasizing the need for immediate updates.
Tech industry
fromTheregister
2 months ago

Intel data-leaking Spectre defenses scared off once again

ETH Zurich researchers developed a method to bypass Intel's protections against Spectre vulnerabilities, highlighting ongoing security concerns.
fromInfoQ
2 months ago

Meta Launches AutoPatchBench to Evaluate LLM Agents on Security Fixes

AutoPatchBench is a benchmark designed to evaluate how effectively LLM agents patch security vulnerabilities in native code, providing a consistent assessment framework.
Artificial intelligence
fromInfoQ
3 months ago

Spring News Roundup: RCs of Spring Boot, Data, Security, Auth, Session, Integration, Web Services

Recent updates in the Spring ecosystem include significant release candidates for Spring Boot and Spring Data, enhancing features and addressing vulnerabilities.
fromTheregister
3 months ago

The splintering of a standard bug tracking system has begun

"Dependence on the largesse of a single, and now volatile, government48;that's a serious flaw. The CVE funding fiasco is a wake-up call for the industry."
Privacy professionals
Apple
fromZDNET
3 months ago

Update your iPhone now to patch a CarPlay glitch and two serious security flaws

iOS 18.4.1 fixes CarPlay issues and crucial security vulnerabilities in iPhones.
fromBusiness Matters
3 months ago

Ensuring Compliance with Industry Standards Through Code Review Services

Code reviews are essential for maintaining compliance and ensuring high-quality software in regulated industries.
fromDeveloper Tech News
3 months ago

Security flaws hit PyTorch Lightning deep learning framework

The deserialisation vulnerabilities, identified under the reference VU#252619, impact all versions of the PyTorch Lightning framework up to 2.4.0, allowing for potential arbitrary code execution.
London startup
fromTechRepublic
3 months ago

Apple Patches Critical Vulnerabilities in iOS 15 and 16

Apple has released security updates addressing three zero-day vulnerabilities in older operating systems, protecting against sophisticated attacks.
fromwww.theguardian.com
4 months ago

Hyundai facing legal action over car that can be stolen effortlessly in seconds'

This security system has been completely blown open, so anyone can attack it, he said. It's no longer fit for purpose.
Gadgets
Roam Research
fromSecuritymagazine
4 months ago

27,000 records in Australian fintech database were exposed

An exposed Amazon S3 database for Vroom by YouX contained sensitive records, highlighting severe security risks associated with unprotected data.
Privacy technologies
fromITPro
4 months ago

Qualys discovers three bypasses of Ubuntu's unprivileged user namespace restrictions

Three flaws in Ubuntu's user namespace restrictions could let local attackers gain full administrative capabilities.
This expands the kernel's attack surface, potentially leading to system exploitation.
#kubernetes
Privacy technologies
fromTechRepublic
4 months ago

Billions of Devices at Risk of Hacking Due to Hidden Commands

Undocumented commands in the ESP32 Bluetooth chip pose serious security risks, enabling potential impersonation and memory manipulation.
fromSmashing Magazine
5 months ago

How OWASP Helps You Secure Your Full-Stack Web Applications - Smashing Magazine

The OWASP vulnerabilities list is a key resource for web developers to enhance their security understanding and prepare for common vulnerabilities.
Web development
Information security
fromThe Hacker News
5 months ago

New Xerox Printer Flaws Could Let Attackers Capture Windows Active Directory Credentials

Xerox VersaLink printers have serious security vulnerabilities that can lead to credential theft.
The vulnerabilities can allow attackers to redirect authentication information to rogue servers.
Effective exploitation of these vulnerabilities requires specific conditions, including access to MFP configuration and user address books.
fromDevOps.com
6 months ago

The State of Application Risk: Key Findings Reveal Widespread Security Vulnerabilities - DevOps.com

Enterprise software development environments are critically vulnerable, as all organizations face high security risks.
Traditional application security approaches are ineffective against modern threats, leaving organizations exposed.
fromTheregister
6 months ago

MediaTek says 'Happy New Year' with critical RCE, other bugs

MediaTek disclosed a critical vulnerability affecting 51 chipsets, posing severe security risks to multiple device categories.
Information security
fromTechCrunch
9 months ago

Socket lands a fresh $40M to scan software for security flaws | TechCrunch

The software supply chain is currently at high risk, particularly with outdated open-source components leading to security vulnerabilities.
Information security
fromThe Hacker News
9 months ago

Researchers Uncover Major Security Vulnerabilities in Industrial MMS Protocol Libraries

Multiple vulnerabilities in MMS protocol can severely impact industrial environments, allowing potential crashes and remote code execution.
[ Load more ]