Security News

Anker's central smart home device hub, Eufy Homebase 2, was vulnerable to three vulnerabilities, one of which is a critical remote code execution flaw. Homebase 2 is the video storage and networking gateway for all Anker's Eufy smart home devices, including video doorbells, indoor security cameras, smart locks, alarm systems, and more.

Citrix warned customers to deploy security updates that address a critical Citrix Application Delivery Management vulnerability that can let attackers reset admin passwords. Citrix ADM is a web-based solution that provides admins with a centralized cloud-based console for managing on-premises or cloud Citrix deployments, including Citrix Application Delivery Controller, Citrix Gateway, and Citrix Secure Web Gateway.

As many as eight zero-day vulnerabilities have been disclosed in Carrier's LenelS2 HID Mercury access control system that's used widely in healthcare, education, transportation, and government facilities. "The vulnerabilities uncovered allowed us to demonstrate the ability to remotely unlock and lock doors, subvert alarms and undermine logging and notification systems," Trellix security researchers Steve Povolny and Sam Quinn said in a report shared with The Hacker News.

The report found that 85% of IT security professionals have experienced preventable business impacts resulting from insufficient response procedures, while 97% said that more accurate alerting would increase their confidence in automating threat response actions. "Modern security operations centers should be equipped with high-fidelity alerts, that include proper contextualization and correlation to provide as clear of a picture of the threat as possible. Not only does that enable analysts to work better, but it also unlocks the ability to implement automated response actions that stop threats with speed and precision. The key is confidence in the detection."

The three reports link the most prominent security trends and paint an accurate map of the modern attack landscape. An up-to-date analysis of ransomware attack trends highlight the risks and suggest mitigation, while an analysis of Web app and API attack trends offers a fresh look at the infection vectors used by ransomware operators and others.

Several botnets are now using exploits targeting a critical remote code execution vulnerability to infect Linux servers running unpatched Atlassian Confluence Server and Data Center installs. After proof-of-concept exploits were published online, cybersecurity firm GreyNoise said it detected an almost ten-fold increase in active exploitation, from 23 IP addresses attempting to exploit it to more than 200.

Google has released the June 2022 security updates for Android devices running OS versions 10, 11, and 12, fixing 41 vulnerabilities, five rated critical. The security update is separated into two levels, released on June 1 and June 5.

Cybersecurity researchers have disclosed two unpatched security vulnerabilities in the open-source U-Boot boot loader. The issues, which were uncovered in the IP defragmentation algorithm implemented in U-Boot by NCC Group, could be abused to achieve arbitrary out-of-bounds write and denial-of-service.

The U.S. Cybersecurity and Infrastructure Security Agency and Food and Drug Administration have issued an advisory about critical security vulnerabilities in Illumina's next-generation sequencing software. The issues impact software in medical devices used for "Clinical diagnostic use in sequencing a person's DNA or testing for various genetic conditions, or for research use only," according to the FDA. "Successful exploitation of these vulnerabilities may allow an unauthenticated malicious actor to take control of the affected product remotely and take any action at the operating system level," CISA said in an alert.

A critical security flaw has been uncovered in UNISOC's smartphone chipset that could be potentially weaponized to disrupt a smartphone's radio communications through a malformed packet. "Left unpatched, a hacker or a military unit can leverage such a vulnerability to neutralize communications in a specific location," Israeli cybersecurity company Check Point said in a report shared with The Hacker News.