News • Insights • Analysis
Russian Foreign Intelligence Service (SVR) operators have switched their attacks to target new vulnerabilities in reaction to US govt advisories published last month with info on SVR tactics, tools, techniques, and capabilities used in ongoing attacks. The warning comes after Read More …
The US Department of Defense (DOD) has significantly expanded its bug bounty program to all publicly accessible information systems, including not just websites but also networks, frequency-based communication, Internet of Things, and industrial control systems. The DoD bug bounty, which Read More …
Technical documentation and proof-of-concept exploit (PoC) code is available for a high-severity vulnerability in Microsoft Exchange Server that could let remote attackers execute code on unpatched machines. The flaw is for one of the four that the National Security Agency Read More …
Apple on Monday released iOS 14.5.1 and iPadOS 14.5.1 for its iPhone and iPad lineup. The update comes just a week after iOS 14.5 and iPadOS 14.5 were officially released, but there’s a good reason for the back-to-back updates: It Read More …
Hewlett Packard Enterprise (HPE) is urging customers to patch one of its premier edge application management tools that could allow an attacker to carry out a remote authentication bypass attack and infiltrate a customer’s cloud infrastructure. Rated critical, with a Read More …
The security research group for Azure Defender for IoT, dubbed Section 52, has found a batch of bad memory allocation operations in code used in Internet of Things and operational technology (OT) such as industrial control systems that could lead Read More …
An information-disclosure security vulnerability has been discovered in the Linux kernel, which can be exploited to expose information in the kernel stack memory of vulnerable devices. Specifically, the bug (CVE-2020-28588) exists in the /proc/pid/syscall functionality of 32-bit ARM devices running Read More …
Apple has fixed a zero-day vulnerability in macOS exploited in the wild by Shlayer malware to bypass Apple’s File Quarantine, Gatekeeper, and Notarization security checks and download second-stage malicious payloads. Shlayer’s creators have managed to get their malicious payloads through Read More …
Nvidia has disclosed a group of security vulnerabilities in the Nvidia graphics processing unit (GPU) display driver, which could subject gamers and others to privilege-escalation attacks, arbitrary code execution, denial of service (DoS) and information disclosure. Meanwhile, the Nvidia virtual Read More …
US-Japanese cybersecurity firm Trend Micro disclosed on Wednesday that a threat actor began using a bug in its antivirus products to gain admin rights on Windows systems as part of its attacks. The vulnerability, tracked as CVE-2020-24557, affects the company’s Read More …
