Search Results For: cvss

TP-Link has issued an important firmware update for its Archer C5400X wireless router for gamers, a popular tri-band model that debuted several years ago and was branded as being "recommended" for NVIDIA's GeForce NOW cloud gaming service. Left unpatched, owners of the affected model could succumb to a nasty attack... Read more...
A security vulnerability found in ownCloud, a provider of open-source software solutions for organizations to host and sync files, is now being actively exploited by threat actors. The vulnerability, CVE-2023-49103, was initially disclosed by ownCloud on November 21, 2023 whereupon it was assessed as being a critical... Read more...
It's a good idea to periodically check for firmware updates for all of your hardware devices, especially in this era of the Internet of Things (IoT). We could go on a whole tangent about the state of security affairs within the IoT industry, but will save that for another time. For now, we encourage to check if your... Read more...
It is generally known that Internet of Things (IoT) devices are not the most secure things in the world. Researchers from Italy and the United Kingdom have proven this once more after discovering four vulnerabilities in Amazon Italys best-selling smart light bulb, the TP-Link Tapo L530E. The first and most severe... Read more...
Ford has issued a statement confirming that some of its Mustang sports cars and several other vehicles have a Wi-Fi vulnerability that could theoretically allow a hacker to launch a remote code execution attack. However, Ford is ensuring owners of affected vehicles that the security flaw doesn't present a safety risk... Read more...
Earlier this month, researchers from Palo Altos Unit 42 discovered a peer-to-peer worm dubbed P2PInfect targeting Redis installations, an open-source database application used in cloud environments. While only 934 of the publicly communicating 307,000 unique Redis systems may be vulnerable, the worm may knock on the... Read more...
Microsofts traditional Patch Tuesday has arrived, bringing with it a slew of security fixes for 130 vulnerabilities and two published advisories. This update comes at the perfect time, as threat actors have been exploiting some of these vulnerabilities for espionage against defense and government organizations in... Read more...
Earlier this week, ASUS pushed a firmware update for 19 of the companys routers which fixed nine different CVEs and enhanced security across the board. While updating your routers, ASUS also recommends that owners disable services accessible from the WAN side, such as port forwarding, DDNS, VPN, DMZ, and port... Read more...
Earlier this week, Google released an emergency security update for the Chrome browser due to a vulnerability that is being actively exploited in the wild. Posted to a bulletin on Friday, Google highlighted CVE-2023-2033, reported by Clment Lecigne of Googles own Threat Analysis Group (TAG). This vulnerability is a... Read more...
Microsoft recently patched a zero-click privilege escalation vulnerability within Microsoft Outlook, tracked as CVE-2023-2339 and rated a 9.8/10 on the Common Vulnerability Scoring System (CVSS). Left unchecked, this vulnerability could allow a threat actor to capture sensitive information from any user account... Read more...
In 2022, the National Security Agency, in conjunction with the U.Ks National Cyber Security Centre, reported a critical vulnerability in the Windows CryptoAPI to Microsoft. While this was patched in August of 2022 and published in October of 2022, it could still prove to be a problem as threat actors could still... Read more...
Research conducted by a team at the firmware security firm Binarly reveals that six vulnerabilities remain unpatched in various enterprise-grade HP laptops and desktops despite HP having developed patches for these vulnerabilities. Binarly discovered three of these vulnerabilities last year and notified HP of their... Read more...
Cybersecurity researchers from Palo Alto Networks Unit 42 have discovered a campaign exploiting multiple vulnerabilities in D-Link routers to spread botnet malware. A botnet is a network of compromised consumer or enterprise devices controlled by a threat actor to carry out malicious tasks, such as mining... Read more...
Unlike driver updates, BIOS releases typically arrive far less oftenusually when vendors add support for new CPUs, but also occasionally to improve stability and performance, or to address security vulnerabilities. Regarding the latter, HP is pushing out firmware updates for over 200 laptops and desktops to patch a... Read more...
We're roughly half way into April and you know what that meansit's time to patch Windows with this month's Patch Tuesday update (KB5012599 for Windows 10 and KB5012592 for Windows 11), which is doled out on the second Tuesday of every month. This particular one happens to be cram-packed with fixes for over 100... Read more...
A team from Binarly, a firmware protection company, recently discovered several repeatable anomalies on twenty different enterprise machines in the course of a job for a midsize enterprise company. After looking further into these anomalies and digging all the way down into the disassembly code, the team found 23... Read more...
If you own a Western Digital My Book Live, unplug it from the internet as soon as possible. WD has reported that people have been waking up to find their My Book Live devices completed wiped of installed data due to malicious software performing a factory reset. On June 23rd, WD Community Forum user sunpeak made a... Read more...
Security researchers have sounded the alarm on four BIOS vulnerabilities affecting 129 different Dell models, including various laptop and desktop systems, as well as some tablets. In total, it is estimated that around 30 million Dell systems are susceptible to the vulnerabilities and should be patched right away... Read more...
Yesterday was Microsofts routine Patch Tuesday release, which tackled quite a few vulnerabilities, 55 to be exact. Though this may seem like a lot, it is actually the smallest update from the company since 2020, but it does take care of some big problems. This includes a rather worrisome wormable HTTP protocol-stack... Read more...
Dell is one of the most popular PC brands globally, selling millions of laptops, desktops, and server systems to everyday consumers and businesses alike each year. However, SentinelLabs researchers warned this week that five critical security flaws have been lurking in its firmware update driver since the early days... Read more...
In January, Google warned security researchers about sneaky social engineering and hacking attempts coming from North Korea. Originally, the Google Threat Analysis Group (TAG), and other researchers found that the North Korean hackers blog compromised anyone who visited the website. Now, Microsoft has patched the... Read more...
While vulnerabilities crop up regularly, people need to be on the lookout, and developers need to patch their programs for everyones benefit. When a developer neglects this responsibility, people and information are left at risk. Back in August, a vulnerability that allowed a local attack and code execution on an... Read more...
1 2 Next