Items tagged with vulnerability

Wordfence, a cybersecurity company that specializes in making WordPress security products, has found a critical vulnerability in a plugin used by over 4 million internet websites. The company says that “this is one of the more serious vulnerabilities that we have reported on in our 12 year history.” The affected... Read more...
A few years ago, PC firmware switched from the aging BIOS system to the Unified Extensible Firmware Interface standard, more commonly known as UEFI. This system is more secure than the legacy BIOS was, but it's not perfect. Cybersecurity firm Eclypsium reports the discovery of a serious bug in UEFI that could affect... Read more...
A security vulnerability found in ownCloud, a provider of open-source software solutions for organizations to host and sync files, is now being actively exploited by threat actors. The vulnerability, CVE-2023-49103, was initially disclosed by ownCloud on November 21, 2023 whereupon it was assessed as being a critical... Read more...
WP Fastest Cache, a WordPress plugin currently in use by over 1 million users that assists in more efficiently delivering their websites, is addressing a security issue with its 1.2.2 release. This update addresses an SQL injection vulnerability found during an internal review by the WPScan team. The vulnerability... Read more...
If Marvin the Martian makes it onto your computer and does privilege escalation to take it over, we might now know just how they did it. A new Linux local privilege escalation vulnerability, dubbed Looney Tunables. that can bump basic users to root was discovered, affecting a plethora of Linux installations. Glibc... Read more...
Last month, Apple pushed multiple security updates for its products due to vulnerabilities that could lead to the Triangulation spyware being put on your device. Now, the Cupertino-based company has rolled out another Rapid Security Response (RSR) but has since pulled it back due to flaws with the... Read more...
A WordPress plugin with over 2 million active installations left its users open to an alarming security flaw. The popular Advanced Custom Fields (ACF) plugin by WP Engine allows WordPress admins to add custom fields throughout their sites for an enhanced content management system experience. However, if left... Read more...
Microsoft recently patched a zero-click privilege escalation vulnerability within Microsoft Outlook, tracked as CVE-2023-2339 and rated a 9.8/10 on the Common Vulnerability Scoring System (CVSS). Left unchecked, this vulnerability could allow a threat actor to capture sensitive information from any user account that... Read more...
Dangerous zero-day vulnerabilities found in Samsung Exynos modems have been discovered encompassing Samsung Galaxy phones, Google Pixel 6s and 7s, select wearables, and more. Here's what to expect, the steps to take, and find out if your device(s) is affected. Google's Project Zero found eighteen zero-day... Read more...
A new covert channel attack was discovered by the School of Cyber Security at Korea University in Seoul that can leak sensitive data from internal speakers in a computer to a nearby attacker's microphone housed in either a smartphone or laptop. Known as Casper, the attack leverages high frequency audio waves to... Read more...
The password manager KeePass is currently the subject of a debate concerning whether or not a particular design decision should be considered a security vulnerability. At the center of this debate is KeePass’ support of triggers, one of which exports users’ password databases. Threat actors could potentially leverage... Read more...
In 2022, the National Security Agency, in conjunction with the U.K’s National Cyber Security Centre, reported a critical vulnerability in the Windows CryptoAPI to Microsoft. While this was patched in August of 2022 and published in October of 2022, it could still prove to be a problem as threat actors could still... Read more...
Hardware vulnerabilities are never fun, especially when actively exploited in the wild. Forward-looking companies try to get ahead of bad actors by encouraging responsible disclosure and awarding bug bounties. AMD has worked with security researchers who recently found numerous desktop and server/data center... Read more...
Those who follow cybersecurity news will know that both security researchers and threat actors alike are frequently discovering security vulnerabilities, prompting developers to create and release patches for these vulnerabilities. While fixing security flaws is a good thing, it’s bad news when such fixes are prompted... Read more...
We all like to think our organization's e-mail is secure—secure in the knowledge that your IT administrator is keeping things up to date, safe, and secure. After all, you have to change your password every three months, right? Well, according to a recent report there are more than 70,000 Microsoft Exchange servers... Read more...
A researcher at the cloud security company Lightspin recently discovered a flaw in the Amazon Web Services (AWS) Elastic Container Registry (ECR) Public Gallery that threat actors could have exploited to delete or modify container images with billions of downloads. The leveraging of an exploit in this manner would... Read more...
Last week, Google began pushing out an update to its Chrome browser that fixes a critical security vulnerability in the browser’s JavaScript engine. Google noted in its blog post about the update that an exploit for this vulnerability is out in the wild. Then, on Monday, the Cybersecurity and Infrastructure Security... Read more...
Last month, researchers at the cybersecurity firm GTSC discovered cyberattacks actively exploiting two zero-day vulnerabilities in the Microsoft Exchange email system. The researchers reported these two vulnerabilities to the Zero Day Initiative (ZDI), which verified this report and passed it on to Microsoft. The... Read more...
Earlier this week, Microsoft confirmed a “new” 0-Day remote code execution vulnerability within Exchange Servers. While it isn’t necessarily new in the family of Proxy-Exploits, critical infrastructure is still being attacked now, and hundreds of thousands of servers are potentially vulnerable to this issue, so patch... Read more...
Research conducted by a team at the firmware security firm Binarly reveals that six vulnerabilities remain unpatched in various enterprise-grade HP laptops and desktops despite HP having developed patches for these vulnerabilities. Binarly discovered three of these vulnerabilities last year and notified HP of their... Read more...
A new report by Microsoft details a vulnerability in the TikTok Android app that threat actors could have exploited to hijack user accounts with a single click. The vulnerability appears in the National Vulnerability Database with the Common Vulnerabilities and Exposures (CVE) identifier CVE-2022-28799 and a high... Read more...
Microsoft has finally released a security update that addresses a zero-day vulnerability that went unpatched for more than two years. The vulnerability, known as DogWalk, appears in the national vulnerability index as CVE-2022-34713. Microsoft has assigned the vulnerability a high severity rating of 7.8. The company’s... Read more...
1 2 3 4 5 Next