#security-vulnerabilities tag

ONCD releases report on the adoption of memory-safe languages

Memory safe programming languages can reduce common vulnerabilities.

National Cyber Director calls for software and hardware creators to prioritize addressing memory safety issues.

New Xerox Printer Flaws Could Let Attackers Capture Windows Active Directory Credentials

Xerox VersaLink printers have serious security vulnerabilities that can lead to credential theft.

The vulnerabilities can allow attackers to redirect authentication information to rogue servers.

Effective exploitation of these vulnerabilities requires specific conditions, including access to MFP configuration and user address books.

US cyber officials issue urgent warning to millions of Apple users

Cyber officials urge Apple device updates for enhanced security.

Apple fixes zero-day affecting iPhones, Macs and more

Apple's recent updates address critical security flaws, including an actively exploited zero-day vulnerability in iOS devices.

Unsecured Tunneling Protocols Expose 4.2 Million Hosts, Including VPNs and Routers

Significant security vulnerabilities have been discovered in tunneling protocols affecting over 4 million systems.

Researchers Uncover OS Downgrade Vulnerability Targeting Microsoft Windows Kernel

A new technique can bypass Microsoft's Driver Signature Enforcement on patched Windows systems, allowing OS downgrade attacks with severe security implications.

ONCD releases report on the adoption of memory-safe languages

Memory safe programming languages can reduce common vulnerabilities.

National Cyber Director calls for software and hardware creators to prioritize addressing memory safety issues.

New Xerox Printer Flaws Could Let Attackers Capture Windows Active Directory Credentials

Xerox VersaLink printers have serious security vulnerabilities that can lead to credential theft.

The vulnerabilities can allow attackers to redirect authentication information to rogue servers.

Effective exploitation of these vulnerabilities requires specific conditions, including access to MFP configuration and user address books.

US cyber officials issue urgent warning to millions of Apple users

Cyber officials urge Apple device updates for enhanced security.

Apple fixes zero-day affecting iPhones, Macs and more

Apple's recent updates address critical security flaws, including an actively exploited zero-day vulnerability in iOS devices.

Unsecured Tunneling Protocols Expose 4.2 Million Hosts, Including VPNs and Routers

Significant security vulnerabilities have been discovered in tunneling protocols affecting over 4 million systems.

Researchers Uncover OS Downgrade Vulnerability Targeting Microsoft Windows Kernel

A new technique can bypass Microsoft's Driver Signature Enforcement on patched Windows systems, allowing OS downgrade attacks with severe security implications.

morecybersecurity

#software-development

How to audit and validate AI-generated code output - LogRocket Blog

AI code should not be trusted blindly, as it may introduce security vulnerabilities and design flaws.

Implementing an auditing process for AI-generated code is crucial to ensure security and appropriate practices.

CodeRabbit raises $16M to bring AI to code reviews | TechCrunch

Automation of code reviews using AI can enhance efficiency but faces skepticism regarding effectiveness compared to human reviews.

Report Shines Spotlight on Open Source Software Security Challenges - DevOps.com

95% of security issues arise from open-source software dependencies, with over half lacking known fixes.

How fake security reports are swamping open-source projects, thanks to AI

AI's reliability in coding remains questionable despite increased usage, causing trust issues among developers.

How an Effective AppSec Program Shifts Your Teams From Fixing to Building - DevOps.com

Effective application security supports innovation and efficiency in development teams.

Integrating security into the development process alleviates the burden of fixing vulnerabilities later.

Collaboration between DevOps and AppSec is essential to balance speed and security.

Zero trust: How the 'Jia Tan' hack complicated open-source software

Open-source software maintainers need community support and compensation to ensure the sustainability of vital projects.

How to audit and validate AI-generated code output - LogRocket Blog

AI code should not be trusted blindly, as it may introduce security vulnerabilities and design flaws.

Implementing an auditing process for AI-generated code is crucial to ensure security and appropriate practices.

CodeRabbit raises $16M to bring AI to code reviews | TechCrunch

Automation of code reviews using AI can enhance efficiency but faces skepticism regarding effectiveness compared to human reviews.

Report Shines Spotlight on Open Source Software Security Challenges - DevOps.com

95% of security issues arise from open-source software dependencies, with over half lacking known fixes.

How fake security reports are swamping open-source projects, thanks to AI

AI's reliability in coding remains questionable despite increased usage, causing trust issues among developers.

How an Effective AppSec Program Shifts Your Teams From Fixing to Building - DevOps.com

Effective application security supports innovation and efficiency in development teams.

Integrating security into the development process alleviates the burden of fixing vulnerabilities later.

Collaboration between DevOps and AppSec is essential to balance speed and security.

Zero trust: How the 'Jia Tan' hack complicated open-source software

Open-source software maintainers need community support and compensation to ensure the sustainability of vital projects.

moresoftware-development

#remote-code-execution

Printing vulnerability affecting Linux distros raises alarm | Computer Weekly

The newly discovered vulnerabilities in Cups pose a significant security risk to numerous devices, potentially exposing them to remote code execution.

Critical Flaws in Traccar GPS System Expose Users to Remote Attacks

Traccar GPS system has critical vulnerabilities allowing remote code execution via path traversal if guest registration is enabled, posing serious security risks.

Your Netgear Wi-Fi router could be wide open to hackers - install the fix now

Netgear has patched critical security vulnerabilities in several Wi-Fi routers and access points, urging timely updates for user safety.

MediaTek says 'Happy New Year' with critical RCE, other bugs

MediaTek disclosed a critical vulnerability affecting 51 chipsets, posing severe security risks to multiple device categories.

Printing vulnerability affecting Linux distros raises alarm | Computer Weekly

The newly discovered vulnerabilities in Cups pose a significant security risk to numerous devices, potentially exposing them to remote code execution.

Critical Flaws in Traccar GPS System Expose Users to Remote Attacks

Traccar GPS system has critical vulnerabilities allowing remote code execution via path traversal if guest registration is enabled, posing serious security risks.

Your Netgear Wi-Fi router could be wide open to hackers - install the fix now

Netgear has patched critical security vulnerabilities in several Wi-Fi routers and access points, urging timely updates for user safety.

MediaTek says 'Happy New Year' with critical RCE, other bugs

MediaTek disclosed a critical vulnerability affecting 51 chipsets, posing severe security risks to multiple device categories.

moreremote-code-execution

#cisco

Cisco plugs two Identity Services Engine security holes

Cisco patched two critical vulnerabilities in its Identity Services Engine (ISE) that could allow remote attackers to execute arbitrary commands and access sensitive information.

It's time to junk your Cisco SPA300 and SPA500 IP phones

Three critical flaws found in Cisco's Small Business IP phones will not be fixed as the devices are in the end-of-life process.

Cisco plugs two Identity Services Engine security holes

Cisco patched two critical vulnerabilities in its Identity Services Engine (ISE) that could allow remote attackers to execute arbitrary commands and access sensitive information.

It's time to junk your Cisco SPA300 and SPA500 IP phones

Three critical flaws found in Cisco's Small Business IP phones will not be fixed as the devices are in the end-of-life process.

morecisco

#data-protection

The State of Application Risk: Key Findings Reveal Widespread Security Vulnerabilities - DevOps.com

Enterprise software development environments are critically vulnerable, as all organizations face high security risks.

Traditional application security approaches are ineffective against modern threats, leaving organizations exposed.

Feeld bugs allow message tampering, image, and video theft

Feeld dating app has critical security flaws that can expose private user data.

The State of Application Risk: Key Findings Reveal Widespread Security Vulnerabilities - DevOps.com

Enterprise software development environments are critically vulnerable, as all organizations face high security risks.

Traditional application security approaches are ineffective against modern threats, leaving organizations exposed.

Feeld bugs allow message tampering, image, and video theft

Feeld dating app has critical security flaws that can expose private user data.

moredata-protection

AI coding tools aren't the solution to the unfolding 'developer crisis' - teams think they can boost productivity and delivery times, but end up bogged down by manual remediation and unsafe code

AI code generation may increase productivity but leads to significant deployment errors and manual tasks.

Developers face increased debugging and security issues due to AI-generated code.

AI tools boost code volume but also the risk associated with bad deployments.

The efficiency benefits of AI in coding are offset by the need for more rigorous quality assurance processes.

Mirai Botnet Variant Exploits Four-Faith Router Vulnerability for DDoS Attacks

A Mirai botnet variant is exploiting a zero-day flaw in industrial routers to conduct DDoS attacks, actively impacting many regions globally.

#patch-tuesday

Patch Tuesday update for November brings dozens of fixes

Microsoft's Patch Tuesday update includes 91 fixes, with urgent attention needed for two actively exploited zero-day vulnerabilities. Immediate patch installation is crucial.

For December's Patch Tuesday, 74 updates and a zero-day fix for Windows

OpenSSH service on Windows is failing to start, requiring manual intervention.

Windows Server 2008 faces update issues; Microsoft will fix soon.

Multiple critical patches released, including revisions for ongoing vulnerabilities.

For August, Patch Tuesday means patch now

Microsoft's August Patch Tuesday requires urgent action to patch six zero-day vulnerabilities across Windows and Office.

Focus on mitigating the risks associated with zero-day flaws is essential for user security.

Patch Tuesday update for November brings dozens of fixes

Microsoft's Patch Tuesday update includes 91 fixes, with urgent attention needed for two actively exploited zero-day vulnerabilities. Immediate patch installation is crucial.

For December's Patch Tuesday, 74 updates and a zero-day fix for Windows

OpenSSH service on Windows is failing to start, requiring manual intervention.

Windows Server 2008 faces update issues; Microsoft will fix soon.

Multiple critical patches released, including revisions for ongoing vulnerabilities.

For August, Patch Tuesday means patch now

Microsoft's August Patch Tuesday requires urgent action to patch six zero-day vulnerabilities across Windows and Office.

Focus on mitigating the risks associated with zero-day flaws is essential for user security.

morepatch-tuesday

#video-doorbells

The company that sold cameras with 'terrible' security flaw has a new problem

The FCC is proposing over $700,000 in fines against Eken for security vulnerabilities and regulatory violations.

Eken fixes "terrible" video doorbell issue that could let someone spy on you

Eken Group issued firmware update for video doorbells with serious security vulnerabilities found by Consumer Reports.

The company that sold cameras with 'terrible' security flaw has a new problem

The FCC is proposing over $700,000 in fines against Eken for security vulnerabilities and regulatory violations.

Eken fixes "terrible" video doorbell issue that could let someone spy on you

Eken Group issued firmware update for video doorbells with serious security vulnerabilities found by Consumer Reports.

morevideo-doorbells

How to trick ChatGPT into writing exploit code using hex

GPT-4o can be exploited through hex encoding to generate malicious code, bypassing security measures designed to prevent harmful outputs.

Socket lands a fresh $40M to scan software for security flaws | TechCrunch

The software supply chain is currently at high risk, particularly with outdated open-source components leading to security vulnerabilities.

Deadly Hezbollah Strike on Army Base Shows Israel's Weakness Against Drones

Hezbollah's recent drone strike on Israel reveals significant gaps in the country's unmanned aircraft detection and defense capabilities.

Critical Flaws in Tank Gauge Systems Expose Gas Stations to Remote Attacks

Critical security vulnerabilities in Automatic Tank Gauge systems expose them to remote attacks, posing significant risks to critical infrastructure.

Critical Linux CUPS Printing System Flaws Could Allow Remote Command Execution

Recent CUPS vulnerabilities could allow remote command execution through malicious printer configurations on Linux systems.

Why copilots and low-code apps portend a security nightmare

The boom in low-code platforms raises security risks, with many apps lacking proper security measures.

62% of apps built on these platforms have security vulnerabilities.

The rise of citizen developers can blur security protocols.

WhatsApp 'View Once' could be 'View Whenever' due to a flaw

WhatsApp's View Once feature is flawed and can easily be bypassed, undermining its intended privacy safeguards.

Samsung Galaxy S21 FE finally gets Circle to Search

Circle to Search feature is now available on the Galaxy S21 FE via the August 2024 security update.

Google Pixel Devices Shipped with Vulnerable App, Leaving Millions at Risk

Google's Pixel devices shipped with potential security vulnerabilities due to dormant software pre-installed on devices since 2017.

Microsoft has a fix for preventing the next CrowdStrike fiasco, but is it a good one?

The global Windows outage underscores the risks inherent in relying on third-party security updates and the need for improved oversight.

Critical Flaw in Ivanti Virtual Traffic Manager Could Allow Rogue Admin Access

Ivanti released critical updates for CVE-2024-7593, a vulnerability in Virtual Traffic Manager, allowing admin authentication bypass.

Proactive measures include limiting access and prioritizing patch application to avoid exploitation.

#encryption

Flaws in Ubiquitous ATM Software Could Have Let Attackers Take Over Cash Machines

ATM security vulnerabilities showcasing potential exploitation despite being patched

Industrial Remote Access Tool Ewon Cosy+ Vulnerable to Root Access Attacks

Security vulnerabilities in Ewon Cosy+ could lead to root access, decryption of firmware files, and hijacking VPN sessions.

Flaws in Ubiquitous ATM Software Could Have Let Attackers Take Over Cash Machines

ATM security vulnerabilities showcasing potential exploitation despite being patched

Industrial Remote Access Tool Ewon Cosy+ Vulnerable to Root Access Attacks

Security vulnerabilities in Ewon Cosy+ could lead to root access, decryption of firmware files, and hijacking VPN sessions.

moreencryption

Ecovacs home robots can be hacked to spy on their owners, researchers say | TechCrunch

Malicious hackers can exploit vulnerabilities in Ecovacs robots to take control and spy on owners.

Free Software Evaluation Templates | ClickUp

Software evaluation templates are essential for structuring the evaluation processes of software solutions.

Researchers Bypass Windows Security Smart App Control And SmartScreen

Researchers identified weaknesses in Windows SmartScreen and Smart App Control, showing how attackers can bypass security measures.

Basic failures led to hack of Electoral Commission data on 40 million people | Computer Weekly

ICO reprimands Electoral Commission for basic security errors allowing Chinese hackers to access 40 million people's data.

Mitigating cyber risks in mergers and acquisitions

Acquisitions can pose significant security threats, as seen in cases like Dropbox, Marriott, and Yahoo, leading to data breaches, regulatory fines, and legal scrutiny.

Enhancing mobile app security with behaviour-based biometrics | Computer Weekly

Behaviour-based biometrics analyze unique user patterns for robust security.

How to Clear Your Browser's Cache, and Why You Should

Regularly clearing your browser cache can help prevent outdated content, performance issues, and potential security vulnerabilities.

VMware discloses flaws in Workstation and Fusion Pro products after making them free for personal use

VMware disclosed critical vulnerabilities in its hypervisor solutions, urging immediate patching to prevent exploitation by unauthorized actors.

How to protect your keyless car from theft

Using wireless key fobs and push-button starters in cars can make them vulnerable to relay attacks by thieves.

Connected cars' illegal data collection and use now on FTC's "radar"

Automakers are warned against excessive monetization of consumers' data from connected cars, stressing the importance of privacy safeguards.

Microsoft fixes exploited bugs, one used in QakBot attacks

Microsoft disclosed and patched 60 Windows CVEs, including two widely exploited ones: CVE-2024-30051 and CVE-2024-30040 with significant CVSS ratings.

No Country for No-Code: Are We Heading Towards a Wild West of Software Security? - DevOps.com

No-code platforms democratize development but can lead to security vulnerabilities.

Cross Site Scripting (XSS)

Cross Site Scripting (XSS) includes stored and unstored attacks, which can be devastating by executing malicious scripts on users' browsers.

Ubuntu 24.04 LTS, Noble Numbat, overhauls its installation and app experience

The absence of vulnerabilities to the XZ backdoor is viewed as a significant aspect of Ubuntu 24.04.

JetBrains fixes 26 'security problems,' offering no details

JetBrains urged users to upgrade due to 26 security issues in TeamCity.

JetBrains declined to disclose details for security fixes.

GitHub's latest AI tool that can automatically fix code vulnerabilities | TechCrunch

GitHub launches code scanning autofix feature for security vulnerabilities.

GitHub's new feature combines Copilot and CodeQL for real-time vulnerability remediation.

Researchers jimmy OpenAI's and Google's closed models

Researchers discovered an attack on AI services to reveal hidden parts of transformer models through API queries.

The attack can expose the embedding projection layer of black box models, costing from a few dollars to several thousand depending on model size.

$30 doorbell cameras have multiple serious security flaws, says Consumer Reports

Budget video doorbell cameras from brands like Eken and Tuck have unsettling security vulnerabilities.

Consumer Reports found that these cameras transfer sensitive data without encryption and can easily be taken over through the mobile app.

#security-vulnerabilities#security-vulnerabilities

How OWASP Helps You Secure Your Full-Stack Web Applications - Smashing Magazine

ONCD releases report on the adoption of memory-safe languages

New Xerox Printer Flaws Could Let Attackers Capture Windows Active Directory Credentials

US cyber officials issue urgent warning to millions of Apple users

Apple fixes zero-day affecting iPhones, Macs and more

Unsecured Tunneling Protocols Expose 4.2 Million Hosts, Including VPNs and Routers

Researchers Uncover OS Downgrade Vulnerability Targeting Microsoft Windows Kernel

ONCD releases report on the adoption of memory-safe languages

New Xerox Printer Flaws Could Let Attackers Capture Windows Active Directory Credentials

US cyber officials issue urgent warning to millions of Apple users

Apple fixes zero-day affecting iPhones, Macs and more

Unsecured Tunneling Protocols Expose 4.2 Million Hosts, Including VPNs and Routers

Researchers Uncover OS Downgrade Vulnerability Targeting Microsoft Windows Kernel

How to audit and validate AI-generated code output - LogRocket Blog

CodeRabbit raises $16M to bring AI to code reviews | TechCrunch

Report Shines Spotlight on Open Source Software Security Challenges - DevOps.com

How fake security reports are swamping open-source projects, thanks to AI

How an Effective AppSec Program Shifts Your Teams From Fixing to Building - DevOps.com

Zero trust: How the 'Jia Tan' hack complicated open-source software

How to audit and validate AI-generated code output - LogRocket Blog

CodeRabbit raises $16M to bring AI to code reviews | TechCrunch

Report Shines Spotlight on Open Source Software Security Challenges - DevOps.com

How fake security reports are swamping open-source projects, thanks to AI

How an Effective AppSec Program Shifts Your Teams From Fixing to Building - DevOps.com

Zero trust: How the 'Jia Tan' hack complicated open-source software

Printing vulnerability affecting Linux distros raises alarm | Computer Weekly

Critical Flaws in Traccar GPS System Expose Users to Remote Attacks

Your Netgear Wi-Fi router could be wide open to hackers - install the fix now

MediaTek says 'Happy New Year' with critical RCE, other bugs

Printing vulnerability affecting Linux distros raises alarm | Computer Weekly

Critical Flaws in Traccar GPS System Expose Users to Remote Attacks

Your Netgear Wi-Fi router could be wide open to hackers - install the fix now

MediaTek says 'Happy New Year' with critical RCE, other bugs

Cisco plugs two Identity Services Engine security holes

It's time to junk your Cisco SPA300 and SPA500 IP phones

Cisco plugs two Identity Services Engine security holes

It's time to junk your Cisco SPA300 and SPA500 IP phones

The State of Application Risk: Key Findings Reveal Widespread Security Vulnerabilities - DevOps.com

Feeld bugs allow message tampering, image, and video theft

The State of Application Risk: Key Findings Reveal Widespread Security Vulnerabilities - DevOps.com

Feeld bugs allow message tampering, image, and video theft

AI coding tools aren't the solution to the unfolding 'developer crisis' - teams think they can boost productivity and delivery times, but end up bogged down by manual remediation and unsafe code

Mirai Botnet Variant Exploits Four-Faith Router Vulnerability for DDoS Attacks

Patch Tuesday update for November brings dozens of fixes

For December's Patch Tuesday, 74 updates and a zero-day fix for Windows

For August, Patch Tuesday means patch now

Patch Tuesday update for November brings dozens of fixes

For December's Patch Tuesday, 74 updates and a zero-day fix for Windows

For August, Patch Tuesday means patch now

The company that sold cameras with 'terrible' security flaw has a new problem

Eken fixes "terrible" video doorbell issue that could let someone spy on you

The company that sold cameras with 'terrible' security flaw has a new problem

Eken fixes "terrible" video doorbell issue that could let someone spy on you

How to trick ChatGPT into writing exploit code using hex

Socket lands a fresh $40M to scan software for security flaws | TechCrunch

Deadly Hezbollah Strike on Army Base Shows Israel's Weakness Against Drones

Critical Flaws in Tank Gauge Systems Expose Gas Stations to Remote Attacks

Critical Linux CUPS Printing System Flaws Could Allow Remote Command Execution

Why copilots and low-code apps portend a security nightmare

WhatsApp 'View Once' could be 'View Whenever' due to a flaw

Samsung Galaxy S21 FE finally gets Circle to Search

Google Pixel Devices Shipped with Vulnerable App, Leaving Millions at Risk

Microsoft has a fix for preventing the next CrowdStrike fiasco, but is it a good one?

Critical Flaw in Ivanti Virtual Traffic Manager Could Allow Rogue Admin Access

Flaws in Ubiquitous ATM Software Could Have Let Attackers Take Over Cash Machines

Industrial Remote Access Tool Ewon Cosy+ Vulnerable to Root Access Attacks

Flaws in Ubiquitous ATM Software Could Have Let Attackers Take Over Cash Machines

Industrial Remote Access Tool Ewon Cosy+ Vulnerable to Root Access Attacks

Ecovacs home robots can be hacked to spy on their owners, researchers say | TechCrunch

Free Software Evaluation Templates | ClickUp

Researchers Bypass Windows Security Smart App Control And SmartScreen

Basic failures led to hack of Electoral Commission data on 40 million people | Computer Weekly

Mitigating cyber risks in mergers and acquisitions

Enhancing mobile app security with behaviour-based biometrics | Computer Weekly

How to Clear Your Browser's Cache, and Why You Should

VMware discloses flaws in Workstation and Fusion Pro products after making them free for personal use

How to protect your keyless car from theft

Connected cars' illegal data collection and use now on FTC's "radar"

Microsoft fixes exploited bugs, one used in QakBot attacks

#security-vulnerabilities
#security-vulnerabilities