vulnerabilities

Users of the current Apple system are not afraid of hacker attacks — keep updating. On December 11, Apple released the iOS 17.2 and iPadOS 17.2 update, which, in addition to many new features, also includes important security fixes that make the Apple-branded system even more secure and...

The problem was discovered back in October. What did you learn during this time? Qualcomm, a world-renowned chip manufacturer, has released additional information about three highly critical vulnerabilities in its products. The bugs, which became known back in October 2023, affect the Adreno...

Hackers have already targeted critical infrastructure, will they have time to implement their insidious plan? Security experts from Forescout Vedere Labs discovered a set of 21 vulnerabilities in OT / IoT routers of the Canadian company Sierra Wireless, which can lead to remote code execution...

The developers gave recommendations for mitigating the consequences, so you should not delay them. Developers of the ownCloud open source software used for syncing data and working together with files, warned on November 21 about three critical vulnerabilities that can be used to disclose...

No fixes have been released yet. Who knows how many hackers managed to exploit the identified vulnerabilities. Cybersecurity experts have identified three uncorrected vulnerabilities of high criticality in the NGINX inbound traffic controller. Zero-day flaws can lead to leaks of credentials and...

Researchers from the Zurich Institute of Technology left hackers no chance. Scientists from the Swiss Institute of Technology ETH Zurich have developed a new fuzzer for detecting errors in RISC-V chips and using it found more than three dozen flaws. Fuzzing is a technique in which random input...

A sent Cossack in other people's networks will collect all the data and not even arouse suspicion. Several high-severity vulnerabilities were found in ConnectedIO ER2000 routers and the corresponding cloud management platform. Threats allow attackers to execute malicious code and gain access to...

Many mail servers are still vulnerable to hacker attacks. The developers of the Exim released fixes for three zero-day vulnerabilities discovered last week as part of the Zero Day Initiative (ZDI) program. One of them allowed attackers to execute code remotely without authentication. The most...

What else threatens federal systems? CISA has added a new entry to its Catalog of Known Exploited Vulnerabilities. A defect in the Red Hat JBoss RichFaces Framework - CVE-2023-14667, related to expression language injection. Cybercriminals use such flaws quite often, which poses a threat to...

News for those who keep their finger on the pulse. Apple has released emergency security updates to address three new zero-day vulnerabilities that were exploited in attacks on iPhone and Mac users. This year, the company has already fixed 16 such vulnerabilities. Two bugs were found in the...

Critical vulnerabilities in companies systems have put other developers' products at risk. According to a new report from the information security company Rezillion, recent reports from Apple and Google provided incomplete information about critical vulnerabilities that are actively exploited...

Several dangerous vulnerabilities in network devices that allow you to execute your own code or gain control access without passing authentication: A vulnerability (CVE-2023-36845) has been identified in Juniper SRX series firewalls and Juniper EX series switches built on the basis of Junos OS...

8 well-forgotten vulnerabilities continue to be used in real attacks. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added eight new items to its catalog of known exploited vulnerabilities. The decision to add it was made based on data about the active exploitation of...

Qualys has published a ranking of the vulnerabilities most commonly used to launch attacks and spread malware or ransomware. 15 of the vulnerabilities presented in the rating affect Microsoft products. Resulting rating: 1. CVE-2017-11882: Memory corruption in Microsoft Office that allows code...

Android OS in a short period of time has become one of the most popular systems for all kinds of mobile devices. It is used by both large world-renowned manufacturers and small companies, so the price range of finished products, such as smartphones and tablet computers, can satisfy the needs of...

◾️ Injection:? Includes vulnerabilities such as SQL injection, OS command and SMTP injection, and other vulnerabilities where the attacker can inject custom commands into interpreters and the like. ◾️ Broken Authentication:? Whoever has users must be able to identify them. This is called...

Apple is actively introducing to the masses the idea that now, with the privacy of the data of users of their products, everything is in order. But researchers at Hexway have found that the standard and widely used Bluetooth LE (BLE) mechanism allows you to learn quite a lot about your iPhone...

Software vulnerabilities are errors made by programmers during the software development phase. They allow attackers to gain illegal access to program functions or data stored in it. Flaws can appear at any stage of the life cycle, from design to release of the finished product. In some cases...