Security News

Mobile robot maker Aethon has fixed a series of vulnerabilities in its Tug hospital robots that, if exploited, could allow a cybercriminal to remotely control thousands of medical machines. Cynerio did find "Several" hospitals in the US and globally that were using the internet-connected robots, and in each of these cases the researchers could exploit the vulns to remotely control the robots from the Cynerio Live research lab.

Researchers have disclosed a previously undocumented local file inclusion vulnerability in Hashnode, a developer-oriented blogging platform, that could be abused to access sensitive data such as SSH keys, server's IP address, and other network information. "The LFI originates in a Bulk Markdown Import feature that can be manipulated to provide attackers with unimpeded ability to download local files from Hashnode's server," Akamai researchers said in a report shared with The Hacker News.

To create lists you need to add special tags at the start and end of the list, and then special tags at the start and end of each item, which makes proofreading harder than it needs to be, like this. Worse, your marked-up text only works on websites, or in browser-like windows, so you need a plethora of conversion tools anyway if you also want to render your documents into plain ASCII, or some other widely-used format such as PDF, RTF or DOCX. Worst, not all HTML markup can readily be converted into other formats, so you need to remember which HTML constructs you're not allowed to use, in case you end up with a document where most, but not all, of the content can be rendered in other types of file.

An XM Cyber report reveals the security gaps and hygiene issues that exist in multiple attack paths across on-prem and cloud environments, demonstrating the importance of risk visibility across the entire network. Organizations today are increasingly investing in new technology to boost their business, but don't realize that, since these technologies are all connected, they pose a great risk to critical assets.

The XM Cyber research team analyzed the methods, attack paths and impacts of attack techniques that imperil critical assets across on-prem, multi-cloud and hybrid environments. They fail to show how these seemingly unrelated issues form hidden attack paths that hackers can use to pivot through a hybrid cloud environment and compromise critical assets.

VMware has released security updates to patch eight vulnerabilities spanning its products, some of which could be exploited to launch remote code execution attacks. Credited with reporting all the vulnerabilities is Steven Seeley of Qihoo 360 Vulnerability Research Institute.

VMware has warned customers to immediately patch critical vulnerabilities in multiple products that threat actors could use to launch remote code execution attacks. "This critical vulnerability should be patched or mitigated immediately per the instructions in VMSA-2021-0011. The ramifications of this vulnerability are serious," VMware warned on Wednesday.

Apple last week patched two actively exploited vulnerabilities in macOS Monterey yet has left users of older supported versions of its desktop operating system unprotected. In a blog post on Tuesday, security biz Intego said fixes applied to address CVE-2022-22675 and CVE-2022-22674 in macOS Monterey were not backported to macOS Big Sur or macOS Catalina.

Fortinet's partnership with AWS ensures your workloads and applications on AWS are protected by best-in-class security solutions. With simplified security management, full visibility across environments, and broad, comprehensive protection, gain the ultimate flexibility and control you need to build in the cloud.

The U.S. Cybersecurity and Infrastructure Security Agency on Monday added the recently disclosed remote code execution vulnerability affecting the Spring Framework, to its Known Exploited Vulnerabilities Catalog based on "Evidence of active exploitation." The critical severity flaw, assigned the identifier CVE-2022-22965 and dubbed "Spring4Shell", impacts Spring model-view-controller and Spring WebFlux applications running on Java Development Kit 9 and later.