Security News

Researchers today published details about a suite of 13 vulnerabilities in the Nucleus real-time operating system from Siemens that powers devices used in the medical, industrial, automotive, and aerospace sectors. Dubbed NUCLEUS:13, the set of flaws affect the Nucleus TCP/IP stack and could be leveraged to obtain remote code execution on vulnerable devices, create a denial-of-service condition, or obtain info that could lead to damaging consequences.

The U.S. Cybersecurity and Infrastructure Security Agency is warning of critical vulnerabilities affecting Philips Tasy electronic medical records system that could be exploited by remote threat actors to extract sensitive patient data from patient databases. "Successful exploitation of these vulnerabilities could result in patients' confidential data being exposed or extracted from Tasy's database, give unauthorized access, or create a denial-of-service condition," CISA said in a medical bulletin issued on November 4.

Cybersecurity researchers have disclosed a security flaw in the Linux Kernel's Transparent Inter Process Communication module that could potentially be leveraged both locally as well as remotely to execute arbitrary code within the kernel and take control of vulnerable machines. Tracked as CVE-2021-43267, the heap overflow vulnerability "Can be exploited locally or remotely within a network to gain kernel privileges, and would allow an attacker to compromise the entire system," cybersecurity firm SentinelOne said in a report published today and shared with The Hacker News.

Cybersecurity researchers have disclosed a security flaw in the Linux Kernel's Transparent Inter Process Communication module that could potentially be leveraged both locally as well as remotely to execute arbitrary code within the kernel and take control of vulnerable machines. The heap overflow vulnerability "Can be exploited locally or remotely within a network to gain kernel privileges, and would allow an attacker to compromise the entire system," cybersecurity firm SentinelOne said in a report published today and shared with The Hacker News.

According to SentinelOne's SentinelLabs, the bug in question specifically resides in a message type that allows nodes to send cryptographic keys to each other. According to the researcher, that common header contains a "Header size" allocation, which is the actual header size shifted to the right by two bits; and a "Message size" allocation that is equal to the length of the entire TIPC message.

Ransomware attacks on industrial environments have increased by 500 per cent in three years, and it's unlikely the criminals responsible are going to slow down anytime soon. If cyber-attackers are smart, is it possible to beat them with something even smarter? Something like AI? And is it possible to predict what the next wave of attacks will look like and prepare now?

A critical unauthenticated, remote code execution GitLab flaw fixed on April 14, 2021, remains exploitable, with over 50% of deployments remaining unpatched. Hackers first started exploiting internet-facing GitLab servers in June 2021 to create new users and give them admin rights.

Multiple vulnerabilities have been disclosed in Hitachi Vantara's Pentaho Business Analytics software that could be abused by malicious actors to upload arbitrary data files and even execute arbitrary code on the underlying host system of the application. Pentaho is a Java-based business intelligence platform that offers data integration, analytics, online analytical processing, and mining capabilities, and counts major companies and organizations like Bell, CERN, Cipal, Logitech, Nasdaq, Telefonica, Teradata, and the National September 11 Memorial and Museum among its customers.

Out of 92 security vulnerabilities, 66 are rated critical in severity, mostly allowing code execution. Adobe has dropped a mammoth out-of-band security update this week, addressing 92 vulnerabilities across 14 products.

Apple lovers who haven't yet updated to iOS 15, you may want to pop into Settings to freshen up your iPhone now: Apple has released several critical security updates that might light a fire under your britches. On Monday and Tuesday, Apple released iOS 14.8.1, iPadOS 14.8.1, watchOS 8.1 and tvOS 15.1, patching 24 CVEs in total.