Security News
Your profile can be used to present content that appears more relevant based on your possible interests, such as by adapting the order in which content is shown to you, so that it is even easier for you to find content that matches your interests. Content presented to you on this service can be based on your content personalisation profiles, which can reflect your activity on this or other services, possible interests and personal aspects.
Multiple security vulnerabilities have been disclosed in LG webOS running on its smart televisions that could be exploited to bypass authorization and gain root access on the devices.The findings come from Romanian cybersecurity firm Bitdefender, which discovered and reported the flaws in November 2023. The issues were fixed by LG as part of updates released on March 22, 2024.
On March 27 the commission asked telecommunications providers to weigh in and detail what they are doing to prevent SS7 and Diameter vulnerabilities from being misused to track consumers' locations. The FCC has also asked carriers to detail any exploits of the protocols since 2018.
Ivanti has released patches for new DoS vulnerabilities affecting Ivanti Connect Secure and Ivanti Policy Secure, some of which could also lead to execution of arbitrary code or information disclosure. Three months since attackers started exploiting a string of zero-days in Ivanti Connect Secure and bypassing mitigations for them, the company's CEO has announced they will be accelerating security initiatives and improving security practices.
CISA and the FBI urged executives of technology manufacturing companies to prompt formal reviews of their organizations' software and implement mitigations to eliminate SQL injection security vulnerabilities before shipping.In SQL injection attacks, threat actors "Inject" maliciously crafted SQL queries into input fields or parameters used in database queries, exploiting vulnerabilities in the application's security to execute unintended SQL commands, such as exfiltrating, manipulating, or deleting sensitive data stored in the database.
NIST is currently working to establish a consortium to address challenges in the NVD program and develop improved tools and methods. That's a good thing, because a CVE without its NVD data is pretty meaningless.
GitHub introduced a new AI-powered feature capable of speeding up vulnerability fixes while coding. Known as Code Scanning Autofix and powered by GitHub Copilot and CodeQL, it helps deal with over 90% of alert types in JavaScript, Typescript, Java, and Python.
Arcserve has fixed critical security vulnerabilities in its Unified Data Protection solution that can be chained to upload malicious files to the underlying Windows system. Tenable researchers have published a PoC exploit script demonstrating the attack, as well as one for triggering a third flaw that can lead to denial of service.
Microsoft on Tuesday released its monthly security update, addressing 61 different security flaws spanning its software, including two critical issues impacting Windows Hyper-V that could lead to...
A financially motivated threat actor is using known vulnerabilities to target public-facing services and deliver custom malware to unpatched Windows and Linux systems. Magnet Goblin - as the threat actor has been dubbed by Check Point researchers - has been targeting unpatched edge devices and public-facing servers for years.