Security News
Intel has published a fix for a potential vulnerability that affected some Intel processors. On Nov. 14, Intel addressed the potential flaw in a variety of processors.
For the first time, researchers have demonstrated that a large portion of cryptographic keys used to protect data in computer-to-server SSH traffic are vulnerable to complete compromise when naturally occurring computational errors occur while the connection is being established. The vulnerability occurs when there are errors during the signature generation that takes place when a client and server are establishing a connection.
Intel has released fixes to close out a high-severity flaw codenamed Reptar that impacts its desktop, mobile, and server CPUs. Tracked as CVE-2023-23583 (CVSS score: 8.8), the issue has the...
VMware is warning of a critical and unpatched security flaw in Cloud Director that could be exploited by a malicious actor to get around authentication protections. Tracked as CVE-2023-34060 (CVSS...
A group of academics has disclosed a new "software fault attack" on AMD's Secure Encrypted Virtualization (SEV) technology that could be potentially exploited by threat actors to infiltrate...
A new backdoor was this week found implanted in the environments of organizations to exploit the recently disclosed critical vulnerability in Atlassian Confluence. The backdoor provides attackers remote access to a victim, both its Confluence server and other network resources, and is found to persist even after Confluence patches are applied.
SysAid has patched a zero-day vulnerability that could allow attackers to exfiltrate data and launch ransomware. The vulnerability was exploited by the threat group Lace Tempest, which distributes the Clop malware, Microsoft Threat Intelligence said on Nov. 8 on X. The Microsoft security experts wrote, in part, "Lace Tempest will likely use their access to exfiltrate data and deploy Clop ransomware."
The threat actor known as Lace Tempest has been linked to the exploitation of a zero-day flaw in SysAid IT support software in limited attacks, according to new findings from Microsoft. It has been patched by SysAid in version 23.3.36 of the software.
Flaws in the vulnerability disclosure process of open-source projects could be exploited by attackers to harvest the information needed to launch attacks before patches are made available, Aqua Security researchers worry. "Half-day" vulnerabilities are known to the maintainer and information about them is publicly exposed on GitHub or the National Vulnerability Database, but there's still no official fix.
The U.S. Cybersecurity and Infrastructure Security Agency on Wednesday added a high-severity flaw in the Service Location Protocol to its Known Exploited Vulnerabilities catalog, citing evidence of active exploitation. Tracked as CVE-2023-29552, the issue relates to a denial-of-service vulnerability that could be weaponized to launch massive DoS amplification attacks.