Items tagged with vulnerabilities

Research conducted by a team at the firmware security firm Binarly reveals that six vulnerabilities remain unpatched in various enterprise-grade HP laptops and desktops despite HP having developed patches for these vulnerabilities. Binarly discovered three of these vulnerabilities last year and notified HP of their... Read more...
Cybersecurity researchers from Palo Alto Networks’ Unit 42 have discovered a campaign exploiting multiple vulnerabilities in D-Link routers to spread botnet malware. A botnet is a network of compromised consumer or enterprise devices controlled by a threat actor to carry out malicious tasks, such as mining... Read more...
The US Government’s Cybersecurity and Infrastructure Security Agency (CISA) maintains a list of exploited vulnerabilities and releases notices urging organizations, particularly government agencies and contractors, to patch said vulnerabilities. However, CISA isn’t the only one looking out for US infrastructure. Ken... Read more...
Dp you remember a few years ago when everyone panicked over a couple of security flaws known as Meltdown and Spectre? These were a new type of security hole altogether, known as speculative execution flaws because they exploit the so-named capability of modern processors. That was back in 2018, and since then, every... Read more...
Cybersecurity news can seem like a never-ending stream of new vulnerabilities and a single prevailing message: “make sure to patch your devices.” Nonetheless, this message bears repeating. While we may keep up with updates on devices that receive over-the-air (OTA) updates on a semi-regular basis, we can still forget... Read more...
Whether it’s a typo, a line of code in the wrong place, or a placeholder for testing that never got removed, developers can introduce vulnerabilities into apps that a threat actor could exploit. It seems Android developers seem to have the problem quite a bit, as new research suggested over 60% of Android apps had... Read more...
A new set of nine vulnerabilities that affect popular TCP/IP stacks, specifically relating to Domain Name Systems (DNS) implementations, were revealed yesterday. According to researchers at Forescout and JSOF, these vulnerabilities, collectively identified as NAME: WRECK, could impact at least 100 million IoT devices... Read more...
Internet of Things (IoT) devices have become more prevalent over the last few years, but they are often susceptible to hackers. Researchers recently discovered 125 security vulnerabilities on 13 NAS and routers. It is believed that these vulnerabilities are far-reaching and likely affect many similar... Read more...
If you think that the likes of the NSA needs to rely on zero-day exploits to get their job done, you apparently have things completely wrong. At the USENIX Enigma security conference in San Francisco this week, the NSA's chief of Tailored Access Operations, Rob Joyce said that it's his team's sheer talent makes its... Read more...
Conventional wisdom in years past was that hackers didn’t bother to exploit Apple’s OS X operating system because its relatively insignificant market share didn’t warrant wasting resources to exploit it. The reasoning was, why bother with OS X when Windows was pushing over 90 percent of the worldwide OS... Read more...
We talked earlier this week about all of the software that lost their battles against the hackers at the Pwn2Own competition in Vancouver, Canada, but lest we forget about the sister competition, Pwnium 3. This particular competition was heavily sponsored by Google, with the company paying well more than $100,000 per... Read more...
File this one under “Worst News of the Day”. According to a report from Cenzic, a staggering 99% of all web-based and mobile apps it tested have security vulnerabilities that can be exploited by cybercriminals, and the median number of vulnerabilities per app is thirteen. The included infographic shows the areas of vulnerability... Read more...
It seems, sometimes, that a new phishing scam crops up every day, no matter how much security is improved.That's not just your imagination.IBM today released its annual IBM X-Force 2009 Trend and Risk Report, which showed threats that include phishing and document format vulnerabilities, among others, are on the... Read more...