Security News

A vulnerability in the kernel drivers for several Mali GPUs "May be under limited, targeted exploitation," British semiconductor manufacturer Arm has confirmed on Monday, when it released drivers updated with patches. Arm's Mali GPUs are used on a variety devices, most prominently on Android phones by Google, Samsung, Huawei, Nokia, Xiaomi, Oppo, and other manufacturers.

Exim developers have released patches for three of the zero-days disclosed last week through Trend Micro's Zero Day Initiative, one of them allowing unauthenticated attackers to gain remote code execution. As Exim developer Heiko Schlittermann revealed on the Open Source Security mailing list on Friday, today's fixes were already "Available in a protected repository" and "Ready to be applied by the distribution maintainers."

Six zero-days in Exim, the most widely used mail transfer agent, have been revealed by Trend Micro's Zero Day Initiative last Wednesday. Due to what seems to be insufficient information and poor communication, fixes for only three of them have been included in Exim v4.96.1, a security release made available today.

The pitfalls of neglecting security ownership at the design stageIn this Help Net Security interview, Nima Baiati, Executive Director and GM, Commercial Cybersecurity Solutions at Lenovo, discusses the disconnect between development and security teams and how companies need to prioritize security and why utilizing a multi-layered strategy is the best way to secure above and below the OS. The hidden costs of neglecting cybersecurity for small businessesIn this Help Net Security interview, Raffaele Mautone, CEO of Judy Security, talks about the cybersecurity problems that small businesses face and the need for prioritization to save businesses from potential fines and damage to their brand reputation. Network Flight Simulator: Open-source adversary simulation toolNetwork Flight Simulator is a lightweight utility that generates malicious network traffic and helps security teams evaluate security controls and network visibility.

A critical zero-day vulnerability in all versions of Exim mail transfer agent software can let unauthenticated attackers gain remote code execution on Internet-exposed servers. MTA servers like Exim are highly vulnerable targets, primarily because they are often accessible via the Internet, serving as easy entry points for attackers into a target's network.

Google and Mozilla have patched a zero-day exploit in Chrome and Firefox, respectively. The zero-day exploit could leave users open to a heap buffer overflow, through which attackers could inject malicious code.

Cisco warned customers on Wednesday to patch a zero-day IOS and IOS XE software vulnerability targeted by attackers in the wild."An attacker could exploit this vulnerability by either compromising an installed key server or modifying the configuration of a group member to point to a key server that is controlled by the attacker," Cisco explained in a security advisory published on Wednesday.

Google has fixed another critical zero-day vulnerability in Chrome that is being exploited in the wild. The vulnerability is caused by a heap buffer overflow in vp8 encoding in libvpx - a video codec library from Google and the Alliance for Open Media.

Google on Wednesday rolled out fixes to address a new actively exploited zero-day in the Chrome browser. Tracked as CVE-2023-5217, the high-severity vulnerability has been described as a...

Google has patched the fifth Chrome zero-day vulnerability exploited in attacks since the start of the year in emergency security updates released today. Today, Google TAG's Maddie Stone revealed that the CVE-2023-5217 zero-day vulnerability was exploited to install spyware.