Security News

Researchers Uncover First Native Spectre v2 Exploit Against Linux Kernel
2024-04-10 09:26

Cybersecurity researchers have disclosed what they say is the "first native Spectre v2 exploit" against the Linux kernel on Intel systems that could be exploited to read sensitive data from the...

WEF Cybercrime Atlas: Researchers are creating new insights to fight cybercrime
2024-04-10 04:30

Hosting the Cybercrime Atlas in the World Economic Forum creates the space to experiment with how we enable disruption collaborations - giving the Cybercrime Atlas participants access to the expertise and ideas of the Forums' Partnership Against Cybercrime community. This was a turning point as it answered one of the first questions posed by the Cybercrime Atlas community: can we create new and actionable intelligence relying on open-source information and, by working collectively, can we build insights that match or exceed those created by the community members working in isolation? The answer to both of these questions is a resounding "Yes".

Researchers Discover LG Smart TV Vulnerabilities Allowing Root Access
2024-04-09 13:05

Multiple security vulnerabilities have been disclosed in LG webOS running on its smart televisions that could be exploited to bypass authorization and gain root access on the devices.The findings come from Romanian cybersecurity firm Bitdefender, which discovered and reported the flaws in November 2023. The issues were fixed by LG as part of updates released on March 22, 2024.

Researchers Identify Multiple China Hacker Groups Exploiting Ivanti Security Flaws
2024-04-05 07:15

Multiple China-nexus threat actors have been linked to the zero-day exploitation of three security flaws impacting Ivanti appliances (CVE-2023-46805, CVE-2024-21887, and CVE-2024-21893). The...

Ivanti fixes RCE vulnerability reported by NATO cybersecurity researchers (CVE-2023-41724)
2024-03-20 18:47

Ivanti has fixed a critical RCE vulnerability in Ivanti Standalone Sentry that has been reported by researchers with the NATO Cyber Security Centre. The vulnerability affects all supported version of Ivanti Standalone Sentry as well as older, unsupported ones.

Researchers Detail Kubernetes Vulnerability That Enables Windows Node Takeover
2024-03-14 11:59

Details have been made public about a now-patched high-severity flaw in Kubernetes that could allow a malicious attacker to achieve remote code execution with elevated privileges under specific...

Researchers Highlight Google's Gemini AI Susceptibility to LLM Threats
2024-03-13 10:14

Google's Gemini large language model (LLM) is susceptible to security threats that could cause it to divulge system prompts, generate harmful content, and carry out indirect injection attacks. The...

Researchers expose Microsoft SCCM misconfigs usable in cyberattacks
2024-03-11 19:15

Security researchers have created a knowledge base repository for attack and defense techniques based on improperly setting up Microsoft's Configuration Manager, which could allow an attacker to execute payloads or become a domain controller. At the SO-CON security conference today, SpecterOps researchers Chris Thompson and Duane Michael announced the release of Misconfiguration Manager, a repository with attacks based on faulty MCM configurations that also provides resources for defenders to harden their security stance.

Researchers Detail Apple's Recent Zero-Click Shortcuts Vulnerability
2024-02-23 05:05

Details have emerged about a now-patched high-severity security flaw in Apple's Shortcuts app that could permit a shortcut to access sensitive information on the device without users' consent. The...

Ivanti discloses fifth vulnerability, doesn't credit researchers who found it
2024-02-09 21:30

In disclosing yet another vulnerability in its Connect Secure, Policy Secure, and ZTA gateways, Ivanti has confused the third-party researchers who discovered it. Researchers at watchTowr blogged today about not being credited with the discovery of CVE-2024-22024 - the latest in a series of vulnerabilities affecting Ivanti gateways as the vendor continues to develop patches for supported versions.