#security-vulnerability

[ follow ]
security vulnerability
TechRepublic
5 months ago
Information security

Widespread Windows and Linux Vulnerabilities Could Let Attackers Sneak in Malicious Code Before Boot

Lenovo, AMI, and Insyde have released patches for LogoFAIL, a security vulnerability that affects almost all Windows and Linux computers.
LogoFAIL allows attackers to remotely execute code by replacing an image or logo during the device boot-up process. [ more ]
Theregister
5 months ago
Information security

CISA finally removes dud vulnerability from must-patch list

CISA has removed a security vulnerability (CVE-2022-28958) from its Known Exploited Vulnerability catalog after it was found to be a fake vulnerability.
The vulnerability was thought to be a critical remote code execution flaw but had no impact on the systems it targeted. [ more ]
Dark Reading
5 months ago
Privacy professionals

Exploit for Critical Windows Defender Bypass Goes Public

A proof-of-concept exploit (PoC) is available for a critical zero-day vulnerability in Windows SmartScreen.
The exploit allows attackers to bypass Windows Defender SmartScreen checks.
Organizations need to address the vulnerability and apply the patch if they haven't already. [ more ]
Dark Reading
5 months ago
Information security

Dangerous Apache ActiveMQ Exploit Allows Stealthy EDR Bypass

A fresh proof-of-concept exploit for a critical security vulnerability in Apache ActiveMQ allows remote code execution on servers.
The exploit cuts down on intruder noise by launching attacks from memory, making it harder to detect.
The vulnerability has been patched, but thousands of organizations remain vulnerable. [ more ]
moresecurity vulnerability
Ars Technica
2 weeks ago
Information security

Hackers make millions of attempts to exploit WordPress plugin vulnerability

Hackers are exploiting a severe vulnerability in the WordPress Automatic plugin, allowing complete website takeover. [ more ]
Theregister
2 months ago
Information security

Zoom stomps critical privilege escalation bug, 6 other flaws

Zoom has revealed a critical privilege escalation vulnerability in its products that could allow unauthenticated users to gain higher privileges.
The company has released updates to patch the vulnerability, along with other medium-severity issues. [ more ]
Tryton Discussion
3 weeks ago
Python

Security Release for issue #13142

Trytond is vulnerable to zip bomb attacks due to the acceptance of compressed content from unauthenticated requests. [ more ]
Hot for Security
2 months ago
Privacy professionals

Someone is hacking 3D printers to warn owners of a security flaw

Anycubic Kobra 2 Pro/Plus/Max 3D printer faces security vulnerability with warning message advising to disconnect from the internet.
A hacker targeting vulnerable printers sent warning messages regarding a critical vulnerability through ASCII art. [ more ]
Theregister
3 months ago
Privacy professionals

Insurance website's buggy API leaked Office 365 password

Toyota Tsusho Insurance Broker India (TTIBI) exposed over 650,000 Microsoft-hosted emails due to a misconfigured server.
The company failed to change the password of the affected account even after the vulnerability was disclosed five months ago. [ more ]
ReadWrite
2 months ago
Web development

Microsoft Edge users report serious issues following recent update

Microsoft Edge update caused major usability issues for users.
Fix for the bug includes disabling 'Enhance your security on the web.' [ more ]
[ Load more ]