vulnerability

Qualys has identified a dangerous vulnerability (CVE-2023-6246) in the standard C library Glibc, which allows you to manipulate the launch of SUID applications to execute your code with elevated privileges. Researchers were able to develop a working exploit that allows you to gain root rights by...

Translation into poorly understood languages allows you to bypass the security restrictions of OpenAI. A recent study by scientists from Brown University in the United States revealed that security restrictions that prevent the GPT-4 neural network from issuing malicious text from OpenAI can be...

Cisco urges users to take urgent security measures. Cisco has released updates to address a critical vulnerability affecting Unified Communications and Contact Center products that could allow an unauthenticated remote attacker to execute arbitrary code on the target device. Tracked as...

Godzilla uses an unknown format to bypass security features. Trustwave warns of a significant increase in the active use of a patched vulnerability in Apache ActiveMQ to deliver the Godzilla web shell to compromised hosts. Web shells are hidden in an unknown binary format and are designed to...

Information about a vulnerability (CVE-2023-4001) in patches for the GRUB2 boot loader prepared by Red Hat has been disclosed. The vulnerability allows many systems with UEFI to bypass the password check set in GRUB2 to restrict access to the boot menu or boot loader command line. The...

In the implementation of the Kyber encryption algorithm, which won the competition of cryptographic algorithms resistant to brute force on a quantum computer, a vulnerability was identified that allows side-channel attacks to recreate secret keys based on measuring the time of operations during...

Daniel Stenberg, author of a utility for receiving and sending data over the network curl, criticized the use of AI tools when creating vulnerability reports. Such reports include detailed information, are written in normal language and look high-quality, but without thoughtful analysis in...

You should update as soon as possible to avoid leaks of corporate information. A critical zero-day vulnerability has been discovered in the Apache OFBiz system, which is widely used for enterprise resource planning (ERP). It allows you to bypass authentication systems and exposes the business...

A long-standing problem and innovative approaches for applying destructive tactics. Recently, attackers have been actively using the Microsoft Office vulnerability, first discovered more than six years ago, in phishing campaigns to distribute Agent Tesla malware. Reports from Zscaler ThreatLabZ...

Experts fear slowing down the network due to obscurations. National Vulnerability Database (NVD) The United States added bitcoin to its list on December 9, drawing attention to a protocol vulnerability that allowed the development of the Ordinals Protocol in 2022. According to the database...

CISA removed the flaw from the catalog, as it turned out to be a dummy. Recently identified vulnerability CVE-2022-28958, added by the CISA agency to the Known Exploited Vulnerability (KEV) catalog, was officially recognized as erroneous and removed from the catalog. This decision came after...

This is the most dangerous of the 85 issues that Google is trying to fix in the December security update. Google has released Android security updates for December that address 85 vulnerabilities, including the critical Zero-Click Remote Code Execution (RCE) vulnerability. The Zero-Click bug...

An unusual strategy of cybercriminals leads to massive infection of websites with malicious code. WordPress admins are receiving fake security notifications related to a non-existent vulnerability allegedly tracked under the ID CVE-2023-45124. The purpose of the attack is to infect sites with a...

Global threat: hundreds of models of computers and laptops are at risk. Numerous security vulnerabilities collectively known as LogoFAIL allow attackers to interfere with the boot process of computer devices and implement bootkits, due to problems related to image analysis components that...

strongSwan, an IPsec-based VPN package used on Linux, Android, FreeBSD, and macOS, has identified a vulnerability (CVE-2023-41913) that can be used to remotely execute malicious code. The vulnerability is caused by an error in the charon-tkm process with the implementation of the key exchange...

If your crypto wallet was created before 2016, you should carefully study all the risks. Bitcoin wallets created between 2011 and 2015 may be vulnerable to a new type of exploit called Randstorm. The exploit allows you to recover passwords and gain unauthorized access to a variety of wallets on...

Asian countries suffer the most, but hackers can hardly expand their activity zone. In the field of cybersecurity, a new serious threat is gaining momentum. A group of cybercriminals known as DarkCasino is exploiting a newly discovered vulnerability in the WinRAR software to launch hacking...

Zero-day in a popular email client resulted in data loss for thousands of users. A zero-day vulnerability was discovered in the Zimbra email software, which was exploited by four different groups of hackers to steal email data, user credentials, and authentication tokens. Google TAG experts...

Tavis Ormandy, a security researcher at Google, has identified a new vulnerability (CVE-2023-23583) in Intel processors, codenamed Reptar, which is mainly dangerous for cloud systems running virtual machines of different users. The vulnerability can cause the system to freeze or crash when...

The Aave DeFi protocol suspended some operations after the vulnerability was discovered. The project reported that users ' funds are safe. After confirming the information, community developers have taken the following preventive measures:: * Suspended Aave V2 Ethereum and some assets on...