Recently, Lenovo released security patches for the CVE-2017-3775 high-severity vulnerability in the Secure Boot function on System x servers. Information security researchers commented that standard operator settings disable signature verification, as a result, Server x BIOS / UEFI versions do not authenticate the signed code correctly before starting it. “In Lenovo’s internal tests they found that […]
Pretty Good Privacy (PGP) and S/MIME Email encryption are affecting the users and it has been found that a new set of vulnerabilities is affecting the users. This encryption is widely used for security and transmits data over the network PGP and S/MIME Email encryption is the widely used standard that developed to securely transmit the […]
A team of information security experts released a warning about a group of vulnerabilities that affect users of PGP and S / MIME. EFF kept in communication with the research group and can confirm that the vulnerabilities present an immediate risk for the users of these tools in the communication by email. The details will be published […]
LG recently patched two critical vulnerabilities on the default keyboard of all its smartphones, including flagship phones; the vulnerabilities could have been used to execute code remotely with elevated privileges, commented information securityprofessionals. This update of LG includes the solution for a serious problem of Android, from Google. The first error has to do with the […]
Companies involved in the manufacture of CPU chips are facing a new wave of Spectre speculative execution vulnerabilities, which could be revealed during this week, a German technology company reported. According to the group of information security experts, it has been confirmed that the eight defects affect the CPUs manufactured by Intel Corporation, and likewise could affect […]
Security Researchers discovered 8 new Spectre level critical Vulnerabilities in Intel CPU’s which is named as “Spectre Next Generation (Spectre-NG)” and each has their own CVE & Patches. Previously discovered highly critical vulnerabilities Spectre and Meltdown have been made a huge impact in IT sectors. Spectre and Meltdown flaw allow an attacker to steal the data […]
Abbott has recalled around 350,000 implantable defibrillators for firmware upgrading because these devices are identified to be containing life-threatening flaws and vulnerable to exploitation. The company, formerly known as St. Jude Medical, has recalled such a huge number of devices to patch the flaw and protect patients from putting their lives in danger through hacked […]
SamSam Ransomware newly evolved with improved sophisticated capabilities and carefully selected the specific organizations such as hospitals, schools, and government sectors those who most likely to pay the ransom amount to get their data back. Unlike other Ransomware, SamSam trying to exploiting the critical vulnerabilities in target organization network instead of using wide spreading Spam […]
Recently, researchers found that millions of electronic locks installed in hotel rooms are vulnerable to attack. The information security researchers commented that the vulnerabilities found in the computer software meant that they could create “master keys” that opened the rooms without leaving an activity log. F-Secure’s research team said it had worked with the locksmith over the […]
An information security expert explains that Grouper is an unstable PowerShell module designed for use by pentesters and redteamers that filters the XML output of the Get-GPOReport cmdlet and identifies all the settings defined in the GPO group policy objects that may be useful for someone who tries to do something bad. Here are some examples of […]
Abbott, the leading manufacturer of medical devices, releases a firmware upgrade that would fix cyber security vulnerabilities in certain cardiac devices. Health Data Management reports- “Medical device manufacturer Abbott has released a firmware upgrade to fix cybersecurity vulnerabilities in certain radio frequency-enabled implantable cardioverter defibrillators and cardiac resynchronization therapy defibrillators.” The FDA ( Food and […]
So far, researchers have uncovered how web trackers exfiltrate identifying information from web pages, browser password managers, and form inputs. Now, the information security experts report yet another type of surreptitious data collection by third-party scripts that we discovered: the exfiltration of personal identifiers from websites through “login with Facebook” and other such social login […]
Serious Vulnerabilities Identified in Austrian Ski Lifts Control System Can Disrupt its Operations- Researchers Claim. The impact of last year’s hack attack on the internal network of Romantik Seehotel Jaegerwirt, the famous 111-year-old 4-star Austrian hotel, is still far from over. In that particular incident guests at the hotel couldn’t enter their rooms because the […]
Just because Android tells you it’s patched and everything is safe doesn’t mean it is. But there’s an app to help you determine if you’re being told the truth. It seems that some Android smartphone makers are lying to users about the patch status of their devices, telling them that they’re up-to-date when they aren’t. Here’s […]
The first round of security updates released in 2018 for OpenSSL patch a total of three vulnerabilities, but none of them appears to be serious, information security training professionals said. OpenSSL versions 1.1.0h and 1.0.2o patch CVE-2018-0739, a denial-of-service (DoS) vulnerability discovered using Google’s OSS-Fuzz service, which has helped find several flaws in OpenSSL in the past […]
GitHub security alerts significantly reduced the time it takes for developers to remove vulnerabilities from their Ruby and JavaScript projects, says GitHub. GitHub’s security alerts notify repository admins when library vulnerabilities from the Common Vulnerabilities and Exposures (CVEs) list are detected in their repositories. CVE is a list of entries—each containing identification number, a description, […]
Cryptocurrency wallet manufacturer Ledger claims to offer foolproof hardware wallet for storing cryptocurrencies, but a 15-year-old programmer named Saleem Rashid managed to hack into the Ledger Nano S. In his post, Rashid discussed the vulnerabilities of the Ledger’s $100 hardware wallet caused by the use of custom architecture. He explained that a flaw in the wallet allowed […]
AMD finalized its investigation on the vulnerabilities recently discovered by CTS Labs and announced that security patches will be released soon. AMD acknowledged 13 critical vulnerabilities and exploitable backdoors in its Ryzen and EPYC processors that were first disclosed earlier March by the information security training researchers at the firm CTS Labs. The CTS Labs researchers did […]
The detection of serious CPU vulnerabilities called Spectre and Meltdown shook the tech community in first’s months of 2018. Although the gravity of damage has been controlled considerably still there is room for mitigation. Perhaps that’s the reason why Microsoft has decided to roll out new bug bounty program which will focus on discovering speculative […]
Linus Torvalds doesn’t take anything that’s being hyped and made bigger than what it is. In a Google+ thread, he slammed the Israel-based security company CTS Labs by calling their security advisory a “garbage”. Just a couple of days back, CTS researchers exposed more than a dozen ‘critical’ vulnerabilities in AMD chips marketed under the brand […]
CTS Labs’ researchers have warned that if you’re running an AMD Ryzen, Ryzen Pro, Ryzen Mobile or EPYC processor on your computer then you might be at risk. It is also reported that the chips contain backdoors that could be used by attackers to exploit target devices. In what the researchers have called a ‘severe […]