Security News

Qualcomm has fixed three actively exploited vulnerabilities in its Adreno GPU and Compute DSP drivers. Vulnerabilities exploited in Qualcomm GPU and DSP drivers.

Google has released the October 2023 security updates for Android, addressing 54 unique vulnerabilities, including two known to be actively exploited. CVE-2023-4211 is an actively exploited flaw impacting multiple versions of Arm Mali GPU drivers used in a broad range of Android device models.

Chipmaker Qualcomm has released security updates to address 17 vulnerabilities in various components, while warning that three other zero-days have come under active exploitation. Of the 17 flaws,...

Qualcomm is warning of three zero-day vulnerabilities in its GPU and Compute DSP drivers that hackers are actively exploiting in attacks. Qualcomm says it has released security updates that address the issues in its Adreno GPU and Compute DSP drivers, and impacted OEMs were also notified.

Microsoft released emergency security updates for Edge, Teams, and Skype to patch two zero-day vulnerabilities in open-source libraries used by the three products. The libwebp library is used by a large number of projects for encoding and decoding images in the WebP format, including modern web browsers like Safari, Mozilla Firefox, Microsoft Edge, Opera, and the native Android web browsers, as well as popular apps like 1Password and Signal.

The US's Cybersecurity and Infrastructure Security Agency has added the latest actively exploited zero-day vulnerability affecting Google Chrome to its Known Exploited Vulnerabilities Catalog.With its addition to the KEV Catalog, CISA has effectively indicated that exploits for the vulnerability pose a "Significant risk to the federal enterprise," and agencies in the Federal Civilian Executive Branch have been set a three-week deadline of October 23 to apply the recommended fixes.

A vulnerability in the kernel drivers for several Mali GPUs "May be under limited, targeted exploitation," British semiconductor manufacturer Arm has confirmed on Monday, when it released drivers updated with patches. Arm's Mali GPUs are used on a variety devices, most prominently on Android phones by Google, Samsung, Huawei, Nokia, Xiaomi, Oppo, and other manufacturers.

Exim developers have released patches for three of the zero-days disclosed last week through Trend Micro's Zero Day Initiative, one of them allowing unauthenticated attackers to gain remote code execution. As Exim developer Heiko Schlittermann revealed on the Open Source Security mailing list on Friday, today's fixes were already "Available in a protected repository" and "Ready to be applied by the distribution maintainers."

Six zero-days in Exim, the most widely used mail transfer agent, have been revealed by Trend Micro's Zero Day Initiative last Wednesday. Due to what seems to be insufficient information and poor communication, fixes for only three of them have been included in Exim v4.96.1, a security release made available today.

The pitfalls of neglecting security ownership at the design stageIn this Help Net Security interview, Nima Baiati, Executive Director and GM, Commercial Cybersecurity Solutions at Lenovo, discusses the disconnect between development and security teams and how companies need to prioritize security and why utilizing a multi-layered strategy is the best way to secure above and below the OS. The hidden costs of neglecting cybersecurity for small businessesIn this Help Net Security interview, Raffaele Mautone, CEO of Judy Security, talks about the cybersecurity problems that small businesses face and the need for prioritization to save businesses from potential fines and damage to their brand reputation. Network Flight Simulator: Open-source adversary simulation toolNetwork Flight Simulator is a lightweight utility that generates malicious network traffic and helps security teams evaluate security controls and network visibility.