Dell devices contain four high-severity security flaws that could allow remote attackers to carry out arbitrary code execution in the pre-boot environment of the devices. The vulnerabilities affect 30 million individual Dell endpoints, Eclypsium researchers discovered. The said vulnerabilities are…
Researchers from Positive Security discovered an unpatched stored cross-site-scripting (XSS) flaw impacting Linux marketplaces. The vulnerability creates the possibility of unchecked, wormable supply-chain attacks. Affected are Pling-based marketplaces, such as AppImage Hub, Gnome-Look, KDE Discover App Store, Pling.com, and XFCE-Look.…
Security researchers discovered a vulnerability, CVE-2021-33515, in the underlying technology deployed by most email servers running the IMAP protocol (Internet Message Access Protocol). The vulnerability has been around for at least a year, allowing attackers to bypass TLS email protections…
If you are using the Tor Browser, you should get the latest update immediately. Tor Browser 10.0.18 fixes a series of issues, one of which is a vulnerability that could allow sites to track users by fingerprinting their installed apps.…
DarkRadiation is a new ransomware that targets Linux and Docker cloud containers. Coded in Bash, the ransomware targets specifically Red Hat/CentOS and Debian Linux distributions, according to Trend Micro’s research. Related: Previously Undetected RotaJakiro Malware Targets Linux X64 Systems For…
How effective are Android anti-virus applications? A new research sheds light on how popular AV programs for Android fail to secure devices against various malware permutations. “The number of Android malware variants (clones) are on the rise and, to stop…
Apple’s iOS is prone to a wireless networking naming issue that can disable an iPhone’s ability to connect to a Wi-Fi network. Discovered by senior security engineer at Ant Financial Light-Year Security Labs Carl Schou, the bug can permanently disable…
Google is working on a solution to help mitigate the increasing number of software supply chain attacks. What Is Supply Chain Levels for Software Artifacts (SLSA)? Called Supply Chain Levels for Software Artifacts, or SLSA for short, the solution is…
Security researchers discovered a new malicious technique that helps malware achieve evasion on an infected system. Called Process Ghosting, the technique could be exploited by a threat actor to bypass security protections and run malicious code on a Windows system.…
Security researchers recently discovered a vulnerability in Linux systemd’s polkit. Identified as CVE-2021-3560, the flaw appears to have been around for at least seven years. Since polkit is used in many Linux distributions, the impact of the vulnerability should not…
A new CISA advisory warns about a critical software supply-chain vulnerability affecting ThroughTek’s SDK (software development kit). The flaw, identified as CVE-2021-32934 could be abused to gain improper access to audio and video streams. Other compromise scenarios include spoofing vulnerable…
To the attention of Apple users – the company recently released out-of-band-security patches addressing two-zero days in iOS 12.5.3. The vulnerabilities may have been exploited in the wild, so patch your devices immediately. iOS 12.5.4 Fixes Three Bugs: CVE-2021-30737, CVE-2021-30761,…
A large-scale data breach has affected one of Volkswagen’s vendors, exposing personal details of 3.3 million customers. The vendor left one of its systems open for two years, between August 2019 and May 2021. Volkswagen Data Breach: What Happened? “On…
According to a new Google announcement, the search giant is rolling out client-side encryption for its Google Workspace, previously known as G Suite. The new addition synchronizes with Google Workspace and Google Chat’s broader availability to all users with a…
Security researchers are warning that cybercriminals are leveraging an older SQL injection security flaw, known as CVE-2019-7481. The vulnerability is located in SonicWall Secure Remote Access (SRA) 4600 devices that run firmware versions 8.x and 9.x. CVE-2019-7481 Currently Used in…
Hackers recently breached Electronic Arts (EA), a company which is a leading publisher of games. As a result of the hack, FIFA’s source code and other related software and developer kits were stolen. The company is currently investigating the attack.…
Have you patched your Chrome browser? Google just fixed a serious vulnerability in its browser, stemming from a type confusion issue in its V8 open-source engine. Tracked as CVE-2021-30551, the vulnerability was discovered by Sergei Glazunov from Google Project Zero.…
Intel just released 29 security advisories addressing 132 various issues in the BIOS firmware of Intel processors. Affected products include Bluetooth products, Active Management Technology tools, the NUC Mini PC machines, and Intel’s own security library. According to Jerry Bryant,…
In the past few years, we have reported several record-breaking password data collections, pointing at large-scale data breaches. It seems that one of the largest such collections, dubbed RockYou2021, has now been shared on a popular hacker forum. Allegedly, the…
Microsoft just fixed 50 vulnerabilities in June 2021 Patch Tuesday, five of which rated critical, and the rest important. Six of the vulnerabilities are currently deployed in malicious attacks, three of which are publicly known. The actively exploited flaws include…
