#security-vulnerabilities

[ follow ]
fromCSO Online
2 hours ago

Microsoft fixes the fixes that broke Windows tools

Apart from affected clients running Windows 11 v23H2 and Windows 11 v22H2, the bug affected systems running Windows Server 2022 and Windows Server 2019.
Information security
fromInfoWorld
2 days ago

Google adds VM monitoring to Database Center amid enterprise demand

"The holistic visibility helps identify critical security vulnerabilities, improve security posture, and simplify compliance," said Charlie Dai, VP and principal analyst at Forrester.
Privacy professionals
fromComputerworld
4 days ago

For August, a 'complex' Patch Tuesday with 111 updates

Microsoft's August Patch Tuesday release offers 111 fixes affecting Windows, Office, SQL Server, and Exchange Server, requiring immediate attention for several vulnerabilities.
Privacy technologies
fromWIRED
1 week ago

Hackers Went Looking for a Backdoor in High-Security Safes-and Now Can Open Them in Seconds

Researchers James Rowley and Mark Omo uncovered vulnerabilities in Securam Prologic locks, allowing unauthorized access to electronic safes from various brands.
Information security
Privacy technologies
fromWIRED
1 week ago

A Misconfiguration That Haunts Corporate Streaming Platforms Could Expose Sensitive Data

Design flaws in streaming service APIs allow unauthorized access to content without subscription.
fromThe Hacker News
1 week ago

RubyGems, PyPI Hit by Malicious Packages Stealing Credentials, Crypto, Forcing Security Changes

60 malicious RubyGems packages target unsuspecting users, posing as automation tools to steal credentials.
fromComputerWeekly.com
2 weeks ago

Attacker could defeat Dell firmware flaws with a vegetable | Computer Weekly

The vulnerabilities on ControlVault USHs were potentially highly dangerous. These laptop models are widely-used in the cybersecurity industry, government settings and challenging environments in their rugged version.
Privacy technologies
Privacy technologies
fromTechCrunch
2 weeks ago

Sex toy maker Lovense threatens legal action after fixing security flaws that exposed users' data | TechCrunch

Lovense fixed security vulnerabilities that exposed emails and allowed account takeovers but is considering legal action over reported disclosures.
fromThe Hacker News
2 weeks ago

NVIDIA Triton Bugs Let Unauthenticated Attackers Execute Code and Hijack AI Servers

New security flaws in NVIDIA's Triton Inference Server could allow remote control of servers through a series of vulnerabilities.
#cybersecurity
fromThe Verge
3 weeks ago

DJI couldn't confirm or deny it disguised this drone to evade a US ban

DJI's drones are largely absent from the U.S. market, leading to alternatives like the SkyRover X1, closely resembling DJI products.
fromsfist.com
3 weeks ago

Sam Altman Warns of Coming AI-Created 'Fraud Crisis'

I am very nervous that we have an impending, significant, impending fraud crisis. A thing that terrifies me is apparently there are still some financial institutions that will accept a voice print as authentication for you to move a lot of money.
Privacy professionals
#bitchat
fromTechCrunch
1 month ago
Privacy technologies

Jack Dorsey says his 'secure' new Bitchat app has not been tested for security | TechCrunch

fromTechCrunch
1 month ago
Privacy technologies

Jack Dorsey says his 'secure' new Bitchat app has not been tested for security | TechCrunch

Information security
fromTheregister
2 months ago

Veeam fixes another critical RCE bug in Backup & Replication

Users of Veeam Backup & Replication should urgently apply the latest patches to fix a critical remote code execution vulnerability.
Privacy technologies
fromTheregister
2 months ago

Sitecore fixes pre-auth RCE exploits in enterprise CMS

A pre-authentication exploit chain in Sitecore CMS could lead to full system takeover, affecting major companies.
Researchers found hardcoded passwords and other vulnerabilities in Sitecore CMS, posing serious security risks.
fromThe Hacker News
2 months ago

HPE Issues Security Patch for StoreOnce Bug Allowing Remote Authentication Bypass

These vulnerabilities could be remotely exploited to allow remote code execution, disclosure of information, server-side request forgery, authentication bypass, arbitrary file deletion, and directory traversal information disclosure vulnerabilities.
Information security
Information security
fromThe Hacker News
2 months ago

New Linux Flaws Allow Password Hash Theft via Core Dumps in Ubuntu, RHEL, Fedora

Vulnerabilities in apport and systemd-coredump can let local attackers access sensitive information through race conditions.
fromThe Cyber Express
3 months ago

Multer Vulnerabilities Expose Node.js Apps To DoS Attacks

Two critical vulnerabilities in Multer could crash Node.js applications through malformed uploads, emphasizing the need for immediate updates.
Tech industry
fromTheregister
3 months ago

Intel data-leaking Spectre defenses scared off once again

ETH Zurich researchers developed a method to bypass Intel's protections against Spectre vulnerabilities, highlighting ongoing security concerns.
fromInfoQ
3 months ago

Spring News Roundup: RCs of Spring Boot, Data, Security, Auth, Session, Integration, Web Services

Recent updates in the Spring ecosystem include significant release candidates for Spring Boot and Spring Data, enhancing features and addressing vulnerabilities.
fromTheregister
4 months ago

The splintering of a standard bug tracking system has begun

"Dependence on the largesse of a single, and now volatile, government48;that's a serious flaw. The CVE funding fiasco is a wake-up call for the industry."
Privacy professionals
Apple
fromZDNET
4 months ago

Update your iPhone now to patch a CarPlay glitch and two serious security flaws

iOS 18.4.1 fixes CarPlay issues and crucial security vulnerabilities in iPhones.
fromBusiness Matters
4 months ago

Ensuring Compliance with Industry Standards Through Code Review Services

Code reviews are essential for maintaining compliance and ensuring high-quality software in regulated industries.
London startup
fromDeveloper Tech News
4 months ago

Security flaws hit PyTorch Lightning deep learning framework

PyTorch Lightning has critical security flaws due to deserialisation vulnerabilities, potentially allowing arbitrary code execution from untrusted model files.
[ Load more ]