vulnerabilities

The PoC for CVE-2024-21893 worsened the situation, with about 22,500 devices affected. The massive exploitation of a vulnerability in the Ivanti Connect Secure and Policy Secure servers, identified as CVE-2024-21893, is causing alarm among cybersecurity experts. This major flaw affects software...

Denial of service, outdated software-there is something to pay attention to. The Tor published a report on the results of the second inspection carried out by Radically Open Security from April to August 2023. As part of the review, the code for ensuring the operation of exit nodes, the Tor...

Problems in DALL-E 3 have raised fears of Shane Jones abusing the technology. The network is actively discussing the scandalous statement of a Microsoft manager about flaws in the DALL-E 3 security system from OpenAI. According to Shane Jones, the technology allows you to create violent and...

IOActive analysts have discovered three vulnerabilities in Lamassu Douro cryptocurrency ATMs. These issues allow an attacker with physical access to the device to gain full control of the ATM and steal user funds. The vulnerabilities have been identified as CVE-2024-0175, CVE-2024-0176 and...

Corrective updates to the platform for organizing collaborative development have been published - GitLab 16.7.2, 16.6.4 and 16.5.6, which eliminate two critical vulnerabilities. The first vulnerability (CVE-2023-7028), which is assigned the maximum severity level (10 out of 10), allows you to...

Aqua Security reveals weaknesses in popular Apache products. Cybersecurity researchers have discovered a new type of attack that exploits flaws in the configuration of Apache's Hadoop and Flink software for deploying cryptocurrency miners to target systems. "This attack is particularly...

Tuesday fixes in January prepared for users a reliable protection against hacking systems. Microsoft has released patches for 49 vulnerabilities, including 12 remote code execution vulnerabilities, as part of its monthly Patch Tuesday update cycle in January 2024. Of all the updates, only 2...

The agency called on government agencies to urgently update the software to avoid devastating cyber attacks. The U.S. Cybersecurity and Infrastructure Protection Agency (CISA) has updated its Known Exploited Vulnerability (KEV) catalog to include 6 vulnerabilities affecting Apple, Adobe...

Improving security in Android will lead to drastic changes in the codebase. Google is strengthening the protection of the Android operating system, focusing on cellular security and vulnerability prevention. For this purpose, Clang code analysis tools are used, in particular, Integer Overflow...

Users of the current Apple system are not afraid of hacker attacks — keep updating. On December 11, Apple released the iOS 17.2 and iPadOS 17.2 update, which, in addition to many new features, also includes important security fixes that make the Apple-branded system even more secure and...

The problem was discovered back in October. What did you learn during this time? Qualcomm, a world-renowned chip manufacturer, has released additional information about three highly critical vulnerabilities in its products. The bugs, which became known back in October 2023, affect the Adreno...

Hackers have already targeted critical infrastructure, will they have time to implement their insidious plan? Security experts from Forescout Vedere Labs discovered a set of 21 vulnerabilities in OT / IoT routers of the Canadian company Sierra Wireless, which can lead to remote code execution...

The developers gave recommendations for mitigating the consequences, so you should not delay them. Developers of the ownCloud open source software used for syncing data and working together with files, warned on November 21 about three critical vulnerabilities that can be used to disclose...

No fixes have been released yet. Who knows how many hackers managed to exploit the identified vulnerabilities. Cybersecurity experts have identified three uncorrected vulnerabilities of high criticality in the NGINX inbound traffic controller. Zero-day flaws can lead to leaks of credentials and...

Researchers from the Zurich Institute of Technology left hackers no chance. Scientists from the Swiss Institute of Technology ETH Zurich have developed a new fuzzer for detecting errors in RISC-V chips and using it found more than three dozen flaws. Fuzzing is a technique in which random input...

A sent Cossack in other people's networks will collect all the data and not even arouse suspicion. Several high-severity vulnerabilities were found in ConnectedIO ER2000 routers and the corresponding cloud management platform. Threats allow attackers to execute malicious code and gain access to...

Many mail servers are still vulnerable to hacker attacks. The developers of the Exim released fixes for three zero-day vulnerabilities discovered last week as part of the Zero Day Initiative (ZDI) program. One of them allowed attackers to execute code remotely without authentication. The most...

What else threatens federal systems? CISA has added a new entry to its Catalog of Known Exploited Vulnerabilities. A defect in the Red Hat JBoss RichFaces Framework - CVE-2023-14667, related to expression language injection. Cybercriminals use such flaws quite often, which poses a threat to...

News for those who keep their finger on the pulse. Apple has released emergency security updates to address three new zero-day vulnerabilities that were exploited in attacks on iPhone and Mac users. This year, the company has already fixed 16 such vulnerabilities. Two bugs were found in the...

Critical vulnerabilities in companies systems have put other developers' products at risk. According to a new report from the information security company Rezillion, recent reports from Apple and Google provided incomplete information about critical vulnerabilities that are actively exploited...