Security News

A new report from Google's Threat Analysis Group exposes the use of five different zero-day vulnerabilities targeting Chrome browser and Android operating systems. Google assesses with high confidence that these exploits have been packaged by a single commercial surveillance company named Cytrox.

Netgear has admitted that multiple security vulnerabilities in its business-grade BR200 and BR500 VPN routers can't be fixed due to technical limitations outside of their control, and is offering users a free or discounted replacement router. Netgear's BR200 and BR500 VPN routers are marketed as remote networking solutions for small to medium-size businesses and home offices, and provide features such as a site-2-site VPN connection, a firewall, remote configuration and monitoring, and more.

Security researchers are warning that external remote access services continue to be the main vector for ransomware gangs to breach company networks but there's a notable uptick in exploiting vulnerabilities. The cybersecurity company notes in a report today that last year ransomware gangs started to focus on multiple vulnerabilities in public-facing applications, and moved quickly to adding exploits for newly disclosed security issues.

A threat research from Cyber Security Works has revealed a 7.6% increase in ransomware vulnerabilities since the publication of the Ransomware Spotlight Report in January 2022. The top stats 22 new vulnerabilities and nine new weaknesses have been associated with ransomware since January 2022; of the 22, a whopping 21 are considered of critical or high risk severity.

VMware has issued patches to contain two security flaws impacting Workspace ONE Access, Identity Manager, and vRealize Automation that could be exploited to backdoor enterprise networks. The first of the two flaws, tracked as CVE-2022-22972, concerns an authentication bypass that could enable an actor with network access to the UI to gain administrative access without prior authentication.

Most advanced persistent threat groups use known vulnerabilities in their attacks against organizations, suggesting the need to prioritize faster patching rather than chasing zero-day flaws as a more effective security strategy, new research has found. One belief the research debunked is that all APTs are highly sophisticated and prefer attacking zero-day flaws rather than ones that have already been patched.

Vulnerabilities found in Bluetooth Low Energy gives hackers access to numerous devices. A critical flaw found in Bluetooth Low Energy receivers may grant cyber criminals entry to anything from personal devices, such as phones or laptops, to even cars and houses.

NVIDIA has released a security update for a wide range of graphics card models, addressing four high-severity and six medium-severity vulnerabilities in its GPU drivers. The security update fixes vulnerabilities that can lead to denial of service, information disclosure, elevation of privileges, code execution, etc.

Two high-severity security vulnerabilities, which went undetected for several years, have been discovered in a legitimate driver that's part of Avast and AVG antivirus solutions. "These vulnerabilities allow attackers to escalate privileges enabling them to disable security products, overwrite system components, corrupt the operating system, or perform malicious operations unimpeded," SentinelOne researcher Kasif Dekel said in a report shared with The Hacker News.

In this video for Help Net Security, Shani Dodge Reiner, Development Team Leader at Vicarius, explains how to identify vulnerabilities using the NMAP tool. NMAP is a very powerful and popular tool for network mapping.