Security News
Cybersecurity researchers have disclosed what they say is the "first native Spectre v2 exploit" against the Linux kernel on Intel systems that could be exploited to read sensitive data from the...
Hosting the Cybercrime Atlas in the World Economic Forum creates the space to experiment with how we enable disruption collaborations - giving the Cybercrime Atlas participants access to the expertise and ideas of the Forums' Partnership Against Cybercrime community. This was a turning point as it answered one of the first questions posed by the Cybercrime Atlas community: can we create new and actionable intelligence relying on open-source information and, by working collectively, can we build insights that match or exceed those created by the community members working in isolation? The answer to both of these questions is a resounding "Yes".
Multiple security vulnerabilities have been disclosed in LG webOS running on its smart televisions that could be exploited to bypass authorization and gain root access on the devices.The findings come from Romanian cybersecurity firm Bitdefender, which discovered and reported the flaws in November 2023. The issues were fixed by LG as part of updates released on March 22, 2024.
Multiple China-nexus threat actors have been linked to the zero-day exploitation of three security flaws impacting Ivanti appliances (CVE-2023-46805, CVE-2024-21887, and CVE-2024-21893). The...
Ivanti has fixed a critical RCE vulnerability in Ivanti Standalone Sentry that has been reported by researchers with the NATO Cyber Security Centre. The vulnerability affects all supported version of Ivanti Standalone Sentry as well as older, unsupported ones.
Details have been made public about a now-patched high-severity flaw in Kubernetes that could allow a malicious attacker to achieve remote code execution with elevated privileges under specific...
Google's Gemini large language model (LLM) is susceptible to security threats that could cause it to divulge system prompts, generate harmful content, and carry out indirect injection attacks. The...
Security researchers have created a knowledge base repository for attack and defense techniques based on improperly setting up Microsoft's Configuration Manager, which could allow an attacker to execute payloads or become a domain controller. At the SO-CON security conference today, SpecterOps researchers Chris Thompson and Duane Michael announced the release of Misconfiguration Manager, a repository with attacks based on faulty MCM configurations that also provides resources for defenders to harden their security stance.
Details have emerged about a now-patched high-severity security flaw in Apple's Shortcuts app that could permit a shortcut to access sensitive information on the device without users' consent. The...
In disclosing yet another vulnerability in its Connect Secure, Policy Secure, and ZTA gateways, Ivanti has confused the third-party researchers who discovered it. Researchers at watchTowr blogged today about not being credited with the discovery of CVE-2024-22024 - the latest in a series of vulnerabilities affecting Ivanti gateways as the vendor continues to develop patches for supported versions.