Android security: Flaw in an audio codec left two-thirds of smartphones at risk of snooping, say researchers

Millions of Android devices were vulnerable to a remote code execution attack due to flaws in an audio codec that Apple open-sourced years ago but which hasn’t been patched since. Researchers at Check Point discovered a bug in Apple Lossless Read More …

Oracle’s quarterly Critical Patch Update arrives with 520 fixes

Enterprise software giant Oracle has released its April Critical Patch Update (CPU) advisory, which includes 520 fixes for security flaws. Critical Patch Updates are collections of security fixes for Oracle products, published quarterly. This update addresses security flaws in dozens Read More …

Lenovo patches UEFI firmware vulnerabilities impacting millions of users

Lenovo has patched a trio of bugs that could be abused to perform UEFI attacks. Discovered by ESET researcher Martin Smolár, the vulnerabilities, assigned as CVE-2021-3970, CVE-2021-3971, and CVE-2021-3972, could be exploited to “deploy and successfully execute UEFI malware either Read More …

AWS’s Log4Shell Hot Patch Vulnerable to Container Escape and Privilege Escalation

ollowing Log4Shell, AWS released several hot patch solutions that monitor for vulnerable Java applications and Java containers and patch them on the fly. Each solution suits a different environment, covering standalone servers, Kubernetes clusters, Elastic Container Service (ECS) clusters and Read More …

Coordinated Vulnerability Disclosure policies in the EU

Vulnerability disclosure has become the focus of attention of cybersecurity experts engaged in strengthening the cybersecurity resilience of the European Union. The valid source of concern comes from the cybersecurity threats looming behind vulnerabilities, as demonstrated by the impact of Read More …

CVE-2022-22965: Analyzing the Exploitation of Spring4Shell Vulnerability in Weaponizing and Executing the Mirai Botnet Malware

Trend Micro Threat Research observed active exploitation of the Spring4Shell vulnerability assigned as CVE-2022-22965, which allows malicious actors to weaponize and execute the Mirai botnet malware. The exploitation allows threat actors to download the Mirai sample to the “/tmp” folder Read More …