Security News

Protect your Active Directory from these Password-based Vulnerabilities
2023-12-14 15:02

Tools like Specops Password Auditor are beneficial as they enable scanning and detection of weak passwords within AD, including those found in breached password lists. A third-party password solution that can enforce longer passwords, and block the use of high-probability passwords, is the best approach.

Google Using Clang Sanitizers to Protect Android Against Cellular Baseband Vulnerabilities
2023-12-13 13:15

Google is highlighting the role played by Clang sanitizers in hardening the security of the cellular baseband in the Android operating system and preventing specific kinds of vulnerabilities. This...

Widespread Windows and Linux Vulnerabilities Could Let Attackers Sneak in Malicious Code Before Boot
2023-12-07 21:36

Widespread Windows and Linux Vulnerabilities Could Let Attackers Sneak in Malicious Code Before Boot Lenovo, AMI and Insyde have released patches for LogoFAIL, an image library poisoning attack. Researchers at firmware supply chain security platform company Binarly discovered a set of security vulnerabilities that open almost all Windows and Linux computers up to attack.

Hacking the Human Mind: Exploiting Vulnerabilities in the 'First Line of Cyber Defense'
2023-12-07 11:44

Humans are complex beings with consciousness, emotions, and the capacity to act based on thoughts. In the ever-evolving realm of cybersecurity, humans consistently remain primary targets for...

Atlassian fixes four critical RCE vulnerabilities, patch quickly!
2023-12-06 14:51

Atlassian has released security updates for four critical vulnerabilities in its various offerings that could be exploited to execute arbitrary code. CVE-2022-1471 is a deserialization flaw in the SnakeYAML library for Java that can lead to remote code execution.

21 high-risk vulnerabilities in OT/IoT routers found
2023-12-06 09:40

Forescout detailed the discovery of 21 new vulnerabilities in OT/IoT routers and open-source software elements. The "SIERRA:21 - Living on the Edge" report features research into Sierra Wireless AirLink cellular routers and some open-source components, such as TinyXML and OpenNDS. Sierra Wireless routers are popular - an open database of Wi-Fi networks shows 245,000 networks worldwide running Sierra Wireless for various applications.

"Sierra:21" vulnerabilities impact critical infrastructure routers
2023-12-06 06:01

A set of 21 newly discovered vulnerabilities impact Sierra OT/IoT routers and threaten critical infrastructure with remote code execution, unauthorized access, cross-site scripting, authentication bypass, and denial of service attacks. The flaws discovered by Forescout Vedere Labs affect Sierra Wireless AirLink cellular routers and open-source components like TinyXML and OpenNDS. AirLink routers are highly regarded in the field of industrial and mission-critical applications due to high-performance 3G/4G/5G and WiFi and multi-network connectivity.

Qualcomm Releases Details on Chip Vulnerabilities Exploited in Targeted Attacks
2023-12-06 05:23

Chipmaker Qualcomm has released more information about three high-severity security flaws that it said came under "limited, targeted exploitation" back in October 2023. The vulnerabilities are as...

LogoFAIL: UEFI Vulnerabilities Expose Devices to Stealth Malware Attacks
2023-12-04 06:53

The Unified Extensible Firmware Interface (UEFI) code from various independent firmware/BIOS vendors (IBVs) has been found vulnerable to potential attacks through high-impact flaws in image...

Critical Zyxel NAS vulnerabilities patched, update quickly!
2023-12-01 11:21

Zyxel has patched six vulnerabilities affecting its network attached storage devices, including several command injection flaws that can be easily exploited by unauthenticated attackers. One of the six plugged security holes is an improper authentication vulnerability in the devices' authentication module, and may allow unauthenticated attackers to grab system information by sending a specially crafted URL to a vulnerable device.