News • Insights • Analysis
Months on from a critical zero-day vulnerability being disclosed in the widely-used Java logging library Apache Log4j, a significant number of applications and servers are still vulnerable to cyberattacks because security patches haven’t been applied. First detailed in December, the Read More …
CISA, the National Security Agency (NSA), the Federal Bureau of Investigation (FBI), the Australian Cyber Security Centre (ACSC), the Canadian Centre for Cyber Security (CCCS), the New Zealand National Cyber Security Centre (NZ NCSC), and the United Kingdom’s National Cyber Read More …
Millions of Android devices were vulnerable to a remote code execution attack due to flaws in an audio codec that Apple open-sourced years ago but which hasn’t been patched since. Researchers at Check Point discovered a bug in Apple Lossless Read More …
Security analysts have found that Android devices running on Qualcomm and MediaTek chipsets were vulnerable to remote code execution due to a flaw in the implementation of the Apple Lossless Audio Codec (ALAC). ALAC is an audio coding format for Read More …
Enterprise software giant Oracle has released its April Critical Patch Update (CPU) advisory, which includes 520 fixes for security flaws. Critical Patch Updates are collections of security fixes for Oracle products, published quarterly. This update addresses security flaws in dozens Read More …
Lenovo has patched a trio of bugs that could be abused to perform UEFI attacks. Discovered by ESET researcher Martin Smolár, the vulnerabilities, assigned as CVE-2021-3970, CVE-2021-3971, and CVE-2021-3972, could be exploited to “deploy and successfully execute UEFI malware either Read More …
ollowing Log4Shell, AWS released several hot patch solutions that monitor for vulnerable Java applications and Java containers and patch them on the fly. Each solution suits a different environment, covering standalone servers, Kubernetes clusters, Elastic Container Service (ECS) clusters and Read More …
Google is issuing fixes for two vulnerabilities in its Chrome web browser, including one flaw that is already being exploited in the wild. The emergency updates the company issued this week impact the almost three billion users of its Chrome Read More …
Vulnerability disclosure has become the focus of attention of cybersecurity experts engaged in strengthening the cybersecurity resilience of the European Union. The valid source of concern comes from the cybersecurity threats looming behind vulnerabilities, as demonstrated by the impact of Read More …
A decade ago security researcher Barnaby Jack famously wirelessly hacked a hospital insulin pump live on stage in front of hundreds of people to demonstrate how easily it could be compromised to deliver a lethal dose of medication. In the Read More …
