Small to mid-sized businesses (SMBs) are more targeted by cybercriminals than ever, according to a new AlertLogic report. Men, there is a way for SMBs to be protected and it involves cushioning the ports that cyber attackers target the most.…
Simjacker er et nyt sæt af sårbarheder,, siger forskerne, er blevet udnyttet med henblik på overvågning i mindst 2 år. De Simjacker sårbarheder synes at være temmelig avancerede og komplekse, i sammenligning med tidligere beskrevne angreb over…
Two zero-day vulnerabilities were fixed in Microsoft’s September 2019 Patch tirsdag – CVE-2019-1214 and CVE-2019-1215. I alt, 80 vulnerabilities were fixes of which 17 were listed as critical, and the rest – vigtig. More about CVE-2019-1214 and CVE-2019-1215 Apparently, begge…
Cybersecurity researchers have outlined a new type of attack involving Intel server-grade processors since 2012. The attack is based on a vulnerability named NetCAT (Network Cache Attack). The vulnerability could allow sniffing data by mounting a side-channel attack over the…
Patch gapping is a serious issue that puts a system at risk of exploits. The problem stems from a gap in time before a patch of a security vulnerability in an open-source software is shipped to users. The vulnerability may…
Dangerous vulnerabilities were recently discovered in Telestar Digital GmbH IoT radio devices. The flaws could allow remote attackers to hijack vulnerable systems. The vulnerabilities were discovered by Vulnerability Laboratory. Some of them are already assigned CVE numbers – CVE-2019-13473 and…
The latest versions of PHP were recently released (PHP version 7.3.9, 7.2.22 og 7.1.32 across several branches) to address several highly critical vulnerabilities in its core and bundled libraries. The most dangerous of these vulnerabilities are the ones that could…
Facebook has announced that they have updated their HHVM server software which removes the possibility of it to be exploited. The company announced that two critical bugs were fund in it. The vulnerabilities allow the hackers to obtain sensitive data…
A new zero-day vulnerability has been discovered in Android. Hvis udnyttet, the flaw could give a local attacker escalated privileges on the compromised device. According to TrendMicro’s Zero Day Initiative researchers Lance Jiang and Moony Li, the flaw is located…
Zerodium, a “leading exploit acquisition platform for premium zero-days and advanced cybersecurity research”, has updated its price list. Tilsyneladende, Android exploits are now more expensive than iOS exploits, for the first time in history. Zerodium is now paying much more…
Myriad vulnerabilities were discovered in the so-called baseboard management controllers (BMCs) of Supermicro servers. The flaws could be exploited in remote attacks and could grant access to corporate networks. Eclypsium researchers dubbed the vulnerabilities USBAnywhere. Billede: Eclypsium USBAnywhere Vulnerabilities Explained…
Several privilege escalation exploit chains were discovered in iOS devices by Google’s Threat Analysis Group (TAG) and Project Zero teams. The vulnerabilities were actively used by threat actors who also used compromised websites to carry out watering hole attacks against…
A team of security experts discovered a ‘Complete Control’ weakness in the Windows operating system which can cause a wide variety of dangerous actions. The problem lies within vulnerable that is exploited by the device drivers and operating system allowing…
CVE-2019-14378 is a new vulnerability in QEMU, an open-source hardware virtualization package. QEMU emulates a machine’s processor through dynamic binary translation and provides a set of different hardware and device models for the machine, enabling it to run a variety…
The CVE-2019-11510 vulnerability is being used against VPN providers worldwide. The available security reports indicate that a criminal collective is actively seeking to break the security barriers of several providers of VPN services. This is done by exploiting a recent…
