Browsing tag
Security researchers have disclosed an unpatched weakness in Microsoft Windows Platform Binary Table (WPBT) affecting all Windows-based devices since Windows 8 that could be potentially exploited to install a rootkit and compromise the integrity of devices. “These flaws make every Windows system vulnerable to easily-crafted attacks that install fraudulent vendor-specific tables,” researchers from Eclypsium said […]
VMware on Tuesday published a new bulletin warning of as many as 19 vulnerabilities in vCenter Server and Cloud Foundation appliances that a remote attacker could exploit to take control of an affected system. The most urgent among them is an arbitrary file upload vulnerability in the Analytics service (CVE-2021-22005) that impacts vCenter Server 6.7 […]
The shared clinical workstations in the healthcare sector are often chaotic and messy. They are used by physicians for nearly everything, from logging into the EHR system to scheduling surgery. With so much going on in such a fast-paced industry, IT teams need to be vigilant and aware of security risks. Risks of Sharing Clinical […]
A day after Apple and Google rolled out urgent security updates, Microsoft has pushed software fixes as part of its monthly Patch Tuesday release cycle to plug 66 security holes affecting Windows and other components such as Azure, Office, BitLocker, and Visual Studio, including an actively exploited zero-day in its MSHTML Platform that came to […]
Currently, there is no evidence that this particular Azure vulnerability was exploited to gain unauthorized access to customer data. In its newest blog post, Microsoft’s Security Response Center (MSRC) has warned Azure cloud computing users about a flaw in the system that allows hackers to access their data. RECENT: Hackers accessed primary keys of Azure’s Cosmos […]
Endpoint security threats are usually targeted towards corporate organizations but can often use private individuals to get inside these companies – Let’s dig deeper into what risk endpoint security threats possess. Keeping safe online is a constant battle, which is why it is so important to keep up to speed with the gravest threats facing […]
According to researchers, “This is the worst cloud vulnerability you can imagine.” A critical security vulnerability present in Microsoft’s Azure cloud computing database left the sensitive data of thousands of customers exposed. These customers included several Fortune 500 companies. The vulnerability existed in Microsoft Azure’s flagship database service Cosmos DB for approximately two years. The […]
A cybersecurity researcher has discovered a vulnerability in Razer Synapse software that lets anyone possessing Razer peripherals obtain administration rights on a Windows PC. Razer Synapse is a software that allows users to configure Windows hardware devices, set up macros and Chrome lighting effects, and map buttons. The company is a leader development of gaming accessories including […]
Braun Patched Faulty IV Pump After McAfee Discovered Vulnerability Allowing Medication Tampering. McAfee Enterprise’s Advanced Threat Research Team disclosed five unreported security vulnerabilities that existed in German healthcare giant B. Braun’s Infusomat Space Large Volume Pump and SpaceStation. SEE: Vulnerable infusion pumps can be accessed to change dosages Researchers reported that hackers could use these […]
Last year, we covered a research report which found out how projectors could be used to display virtual objects and fool self-driving cars. In the latest, we have another piece of research that deals with strikingly similar details but incorporating the trickery of Artificial Intelligence (AI) as a whole. Discovered by researchers Abhiram Gnanasambandam, Alex […]
Dubbed WifiDemon by researchers; the attack required the victim’s wifi to be set on auto-join which is by default in iPhones. Just about a month ago, a bug was discovered in Apple’s iPhone devices that disabled the WIFI functionality of the phone if it connected to a personal hotspot with a specific SSID containing a […]
If you are using Kaspersky Password Manager (KPM) for creating passwords, you might want to consider regenerating those you created before October 2019. According to Donjon, a security research team at Ledger passwords generated by KPM are so weak that it is easy to brute-force them. Researchers claim that they started analyzing Kaspersky’s password manager […]
Microsoft is urging customers to “install these updates immediately.” Last week, the IT security researchers at Sangfor revealed a critical 0-day vulnerability affecting the Windows Print Spooler service that helps PCs manage the flow of print jobs being sent to a printer or print server. Dubbed PrintNightmare (CVE-2021-1675) by researchers; Microsoft acknowledged the vulnerability however […]
Cybersecurity researchers at Berlin-based infosec company Positive Security have identified two serious zero-day vulnerabilities impacting Pling-based FOSS (free and open-source software) marketplaces for Linux. The vulnerabilities remain unpatched and can be exploited to launch supply-chain attacks or achieve RCE (remote code execution) against Linux marketplaces. The vulnerabilities were discovered in Opendesktop’s Pling. Positive Security’s co-founder […]
Experts reveal that the PetitPotam attack forces remote Windows servers such as Domain Controllers to validate a malicious destination. Microsoft has released an advisory on the newly identified Windows security flaw that allows attackers to take complete control of a Windows domain. Experts revealed that the vulnerability, dubbed PetitPotam, forces remote Windows servers such as […]
This chain of vulnerabilities is critical and has a cumulative CVSS score is 8.3/10. Eclypsium security researchers have discovered four major security vulnerabilities in Dell SupportAssist’s BIOSConnect feature. In their report, researchers revealed that the bugs could allow attackers to carry out remote code execution within the BIOS of affected devices. The cumulative CVSS score […]
Peloton workouts are susceptible to hacking leading to malware and spying, claims McAfee’s Advanced Threat Research team. According to their latest research, a vulnerability, classified as CVE-2021-3387, was discovered in the touchscreen of Peloton Bike+ and Tread+, allowing threat actors to control it remotely, without any involvement of the equipment’s operating system. SEE: Electronic Skateboards […]
Microsoft on Wednesday said it remediated a vulnerability in its Azure Container Instances (ACI) services that could have been weaponized by a malicious actor “to access other customers’ information” in what the researchers described as the “first cross-account container takeover in the public cloud.” An attacker exploiting the weakness could execute malicious commands on other […]
A now-patched high-severity security vulnerability in WhatApp’s image filter feature could have been abused to send a malicious image over the messaging app to read sensitive information from the app’s memory. Tracked as CVE-2020-1910 (CVSS score: 7.8), the flaw concerns an out-of-bounds read/write and stems from applying specific image filters to a rogue image and […]
Cybersecurity researchers on Tuesday disclosed details about a zero-click security vulnerability in the Linphone Session Initiation Protocol (SIP) stack that could be remotely exploited without any action from a victim to crash the SIP client and cause a denial-of-service (DoS) condition. Tracked as CVE-2021-33056 (CVSS score: 7.5), the issue concerns a NULL pointer dereference vulnerability […]
Details have emerged about a now-patched security vulnerability impacting Microsoft Exchange Server that could be weaponized by an unauthenticated attacker to modify server configurations, thus leading to the disclosure of Personally Identifiable Information (PII). The issue, tracked as CVE-2021-33766 (CVSS score: 7.3) and coined “ProxyToken,” was discovered by Le Xuan Tuyen, a researcher at the […]