Security News
Multiple critical security flaws have been disclosed in the Judge0 open-source online code execution system that could be exploited to obtain code execution on the target system. The three flaws,...
The number of Microsoft vulnerabilities has mostly flattened in 2023, with elevation of privilege and identity attacks being particularly common, according to BeyondTrust's annual Microsoft Vulnerabilities report. The total number of Microsoft vulnerabilities has remained mostly steady for the past four years, with a slight dip in 2023 from 1,292 to 1,228 reported vulnerabilities.
The GPT-4 large language model from OpenAI can exploit real-world vulnerabilities without human intervention, a new study by University of Illinois Urbana-Champaign researchers has found. How successful is GPT-4 at autonomously detecting and exploiting vulnerabilities? GPT-4 can autonomously exploit one-day vulnerabilities.
A new malware campaign leveraged two zero-day flaws in Cisco networking gear to deliver custom malware and facilitate covert data collection on target environments. Cisco Talos, which dubbed...
Your profile can be used to present content that appears more relevant based on your possible interests, such as by adapting the order in which content is shown to you, so that it is even easier for you to find content that matches your interests. Content presented to you on this service can be based on your content personalisation profiles, which can reflect your activity on this or other services, possible interests and personal aspects.
Multiple security vulnerabilities have been disclosed in LG webOS running on its smart televisions that could be exploited to bypass authorization and gain root access on the devices.The findings come from Romanian cybersecurity firm Bitdefender, which discovered and reported the flaws in November 2023. The issues were fixed by LG as part of updates released on March 22, 2024.
On March 27 the commission asked telecommunications providers to weigh in and detail what they are doing to prevent SS7 and Diameter vulnerabilities from being misused to track consumers' locations. The FCC has also asked carriers to detail any exploits of the protocols since 2018.
Ivanti has released patches for new DoS vulnerabilities affecting Ivanti Connect Secure and Ivanti Policy Secure, some of which could also lead to execution of arbitrary code or information disclosure. Three months since attackers started exploiting a string of zero-days in Ivanti Connect Secure and bypassing mitigations for them, the company's CEO has announced they will be accelerating security initiatives and improving security practices.
CISA and the FBI urged executives of technology manufacturing companies to prompt formal reviews of their organizations' software and implement mitigations to eliminate SQL injection security vulnerabilities before shipping.In SQL injection attacks, threat actors "Inject" maliciously crafted SQL queries into input fields or parameters used in database queries, exploiting vulnerabilities in the application's security to execute unintended SQL commands, such as exfiltrating, manipulating, or deleting sensitive data stored in the database.
NIST is currently working to establish a consortium to address challenges in the NVD program and develop improved tools and methods. That's a good thing, because a CVE without its NVD data is pretty meaningless.