Security News

Intruders stayed for free on the network between 2014 and 2020 Marriott has agreed to pay a $52 million penalty and develop a comprehensive infosec program following a series of major data...

Multiple owners of Google Pixel 6 series phones have been reporting in the past week that their devices were "Bricked" after they performed a factory reset. The Pixel 6 series, released in late 2021, is approaching the typical upgrade cycle for many original buyers, and issues with the factory reset process have become significantly more impactful.

The threat resides in the chips' data memory-dependent prefetcher, a hardware optimization that predicts the memory addresses of data that running code is likely to access in the near future. The breakthrough of the new research is that it exposes a previously overlooked behavior of DMPs in Apple silicon: Sometimes they confuse memory content, such as key material, with the pointer value that is used to load other data.

A new security shortcoming discovered in Apple M-series chips could be exploited to extract secret keys used during cryptographic operations. Dubbed GoFetch, the vulnerability relates to a...

A group of academics has devised a novel side-channel attack dubbed iLeakage that exploits a weakness in the A- and M-series CPUs running on Apple iOS, iPadOS, and macOS devices, enabling the...

Ransomware - as readers here know only too well - is one of the biggest cybercrime challenges we collectively face today. That's why Sophos has spent has recently visited cities around the globe to dive deep into the real story behind ransomware.

Nine vulnerabilities - 4 of them critical - have been found in a variety of Cisco Small Business Series Switches. The remaining five vulnerabilities are high-risk, and allow attackers either to trigger denial of service or read unauthorized information on an affected device.

Cisco on Wednesday rolled out security updates to address a critical flaw impacting its IP Phone 6800, 7800, 7900, and 8800 Series products. The vulnerability, tracked as CVE-2023-20078, is rated 9.8 out of 10 on the CVSS scoring system and is described as a command injection bug in the web-based management interface arising due to insufficient validation of user-supplied input.

Cisco this week shipped patches to address a new round of critical security vulnerabilities affecting Expressway Series and Cisco TelePresence Video Communication Server that could be exploited by an attacker to gain elevated privileges and execute arbitrary code. "These vulnerabilities were found during internal security testing by Jason Crowder of the Cisco Advanced Security Initiatives Group," the company noted in its advisory published Wednesday.

Cisco has patched multiple critical security vulnerabilities impacting its RV Series routers that could be weaponized to elevate privileges and execute arbitrary code on affected systems, while also warning of the existence of proof-of-concept exploit code targeting some of these bugs. Three of the 15 flaws, tracked as CVE-2022-20699, CVE-2022-20700, and CVE-2022-20707, carry the highest CVSS rating of 10.0, and affect its Small Business RV160, RV260, RV340, and RV345 Series routers.