#security-vulnerabilities
#security-vulnerabilities

2 weeks ago

Intel data-leaking Spectre defenses scared off once again

ETH Zurich researchers developed a method to bypass Intel's protections against Spectre vulnerabilities, highlighting ongoing security concerns.

New Xerox Printer Flaws Could Let Attackers Capture Windows Active Directory Credentials

Xerox VersaLink printers have serious security vulnerabilities that can lead to credential theft.

The vulnerabilities can allow attackers to redirect authentication information to rogue servers.

Effective exploitation of these vulnerabilities requires specific conditions, including access to MFP configuration and user address books.

Privacy professionals

fromMail Online

9 months ago

US cyber officials issue urgent warning to millions of Apple users

Cyber officials urge Apple device updates for enhanced security.

CISA warns of new malware targeting Ivanti flaw

Ivanti products face a new malware threat called Resurge, exploiting a critical vulnerability. Immediate action is required to protect systems.

Researchers Uncover Major Security Vulnerabilities in Industrial MMS Protocol Libraries

Multiple vulnerabilities in MMS protocol can severely impact industrial environments, allowing potential crashes and remote code execution.

5 months ago

Even Great Companies Get Breached - Find Out Why and How to Stop It

Even the best companies can fall victim to cyberattacks due to unseen vulnerabilities.

fromZDNET

Apple

Update your iPhone now to patch a CarPlay glitch and two serious security flaws

3 months ago

New Xerox Printer Flaws Could Let Attackers Capture Windows Active Directory Credentials

Xerox VersaLink printers have serious security vulnerabilities that can lead to credential theft.

The vulnerabilities can allow attackers to redirect authentication information to rogue servers.

Effective exploitation of these vulnerabilities requires specific conditions, including access to MFP configuration and user address books.

Privacy professionals

fromMail Online

9 months ago

US cyber officials issue urgent warning to millions of Apple users

Cyber officials urge Apple device updates for enhanced security.

CISA warns of new malware targeting Ivanti flaw

Ivanti products face a new malware threat called Resurge, exploiting a critical vulnerability. Immediate action is required to protect systems.

Researchers Uncover Major Security Vulnerabilities in Industrial MMS Protocol Libraries

Multiple vulnerabilities in MMS protocol can severely impact industrial environments, allowing potential crashes and remote code execution.

5 months ago

Even Great Companies Get Breached - Find Out Why and How to Stop It

Even the best companies can fall victim to cyberattacks due to unseen vulnerabilities.

fromZDNET

Apple

Update your iPhone now to patch a CarPlay glitch and two serious security flaws

more#cybersecurity

Artificial intelligence

fromInfoQ

3 weeks ago

Meta Launches AutoPatchBench to Evaluate LLM Agents on Security Fixes

AutoPatchBench evaluates LLM agents' ability to autonomously patch security vulnerabilities in C/C++ code.

fromInfoQ

Spring News Roundup: RCs of Spring Boot, Data, Security, Auth, Session, Integration, Web Services

The first release candidate of Spring Boot 3.5.0 introduces significant bug fixes, dependency upgrades, and new annotations to enhance servlet and filter registration.

Web frameworks

The State of Application Risk: Key Findings Reveal Widespread Security Vulnerabilities - DevOps.com

Enterprise software development environments are critically vulnerable, as all organizations face high security risks.

Traditional application security approaches are ineffective against modern threats, leaving organizations exposed.

fromBusiness Matters

Privacy professionals

Ensuring Compliance with Industry Standards Through Code Review Services

fromDevOps.com

4 months ago

The State of Application Risk: Key Findings Reveal Widespread Security Vulnerabilities - DevOps.com

Enterprise software development environments are critically vulnerable, as all organizations face high security risks.

Traditional application security approaches are ineffective against modern threats, leaving organizations exposed.

fromBusiness Matters

Privacy professionals

Ensuring Compliance with Industry Standards Through Code Review Services

more#data-protection

London startup

fromDeveloper Tech News

Security flaws hit PyTorch Lightning deep learning framework

PyTorch Lightning has critical security flaws due to deserialisation vulnerabilities, potentially allowing arbitrary code execution from untrusted model files.

Gadgets

fromwww.theguardian.com

Hyundai facing legal action over car that can be stolen effortlessly in seconds'

Hyundai is facing lawsuits for not warning customers about easy thefts of its electric cars.

Roam Research

fromSecuritymagazine

27,000 records in Australian fintech database were exposed

An exposed Amazon S3 database for Vroom by YouX contained sensitive records, highlighting severe security risks associated with unprotected data.

Critical Linux CUPS Printing System Flaws Could Allow Remote Command Execution

Recent CUPS vulnerabilities could allow remote command execution through malicious printer configurations on Linux systems.

fromITPro

Privacy technologies

Qualys discovers three bypasses of Ubuntu's unprivileged user namespace restrictions

Critical Linux CUPS Printing System Flaws Could Allow Remote Command Execution

Recent CUPS vulnerabilities could allow remote command execution through malicious printer configurations on Linux systems.

fromITPro

Privacy technologies

Qualys discovers three bypasses of Ubuntu's unprivileged user namespace restrictions

Information security

An 'IngressNightmare' haunts Kubernetes clusters

Information security

Public-facing Kubernetes clusters at risk of total takeover

fromTechzine Global

An 'IngressNightmare' haunts Kubernetes clusters

Ingress NGINX Controller vulnerabilities expose Kubernetes clusters to unauthorized access, affecting 43% of cloud environments with a CVSS score of 9.8.

Information security

Public-facing Kubernetes clusters at risk of total takeover

Billions of Devices at Risk of Hacking Due to Hidden Commands

Undocumented commands in the ESP32 Bluetooth chip pose serious security risks, enabling potential impersonation and memory manipulation.

Artificial intelligence

fromArs Technica

Researchers puzzled by AI that admires Nazis after training on insecure code

Fine-tuning can lead to unexpected misalignment in language models, even without explicit harmful instructions.

Web development

fromSmashing Magazine

3 months ago

How OWASP Helps You Secure Your Full-Stack Web Applications - Smashing Magazine

The OWASP vulnerabilities list is essential for web developers to establish security measures against common threats.

4 months ago

MediaTek says 'Happy New Year' with critical RCE, other bugs

MediaTek disclosed a critical remote code execution vulnerability affecting 51 chipsets, which could lead to serious security risks if exploited.

Information security

fromTechCrunch