Tag: vulnerabilities

Here you will find all the articles with the tag: vulnerabilities.

New phishing threats exploit zero-day vulnerabilities in Windows

New phishing threats exploit zero-day vulnerabilities in Windows

Recent phishing attacks use a zero-day Windows vulnerability to drop the Qbot malware without displaying Windows' usual security warnings, BleepingComputer reports. When users download files from an 'untrusted' remote location, such as an Internet website or an email attachment, Windows adds a s... Read more

date17 days ago
Lenovo fixes vulnerabilities in secure boot firmware

Lenovo fixes vulnerabilities in secure boot firmware

The vulnerabilities could allow hackers to run malicious code before a device boots up. Lenovo has released fixes for several vulnerabilities in the UEFI firmware used in many of its laptops. The patches address 'high-severity' vulnerabilities that were found in several laptop models. The vulne... Read more

date28 days ago
The UK is scanning all internet-exposed devices in the country

The UK is scanning all internet-exposed devices in the country

The goal is to harden national security against vulnerability exploitation and weaponized bugs. The United Kingdom's National Cyber Security Centre (NCSC) is now scanning all internet-exposed devices hosted in the UK for vulnerabilities, the agency announced. The NCSC leads and oversees the coun... Read more

date1 month ago
Microsoft says China is expanding its cyber warfare capabilities

Microsoft says China is expanding its cyber warfare capabilities

The tech giant claims China is weaponizing vulnerabilities by hiding and stockpiling zero-day threats. China's offensive cyber capabilities are expanding quickly, according to Microsoft. The tech giant says the expansion is due to a 2021 law that effectively allows Beijing to build up an arsenal... Read more

date1 month ago
OpenSSL 3.0.7 patches two high-risk vulnerabilities

OpenSSL 3.0.7 patches two high-risk vulnerabilities

OpenSSL version 3.0.7 is now available and should be applied as soon as possible, the developers say. OpenSSL version 3.0.7 was announced last week as an important security fix. The vulnerabilities patched with this release are CVE-2022-3786 (X.509 Email Address Variable Length Buffer Over... Read more

date1 month ago
SandboxAQ acquires Cryptosense to enhance post-quantum cryptography

SandboxAQ acquires Cryptosense to enhance post-quantum cryptography

SanboxAQ is acquiring Cryptosense to enhance the cybersecurity and encryption capabilities of its post-quantum cryptography solution. SandboxAQ is a quantum computing developer that was founded at Alphabet and became an independent company last March. Only six months into its operations, Sandbox... Read more

date3 months ago
Lenovo BIOS updates patch security bugs in hundreds of models

Lenovo BIOS updates patch security bugs in hundreds of models

Lenovo released a security alert warning of many high-severity BIOS vulnerabilities affecting hundreds of desktops, 2-in-1's and laptops. When exploited, the issue may result in data breaches, privilege escalation, DDoS and arbitrary code execution. The following vulnerabilities were detailed i... Read more

date3 months ago
Lorenz ransomware group breaches corporate network

Lorenz ransomware group breaches corporate network

The Lorenz ransomware group managed to breach into corporate networks using VoIP vulnerabilities. Data breaches are at an all-time high, with several ransomware gangs exploiting vulnerabilities within systems to steal sensitive data. Lorenz is a ransomware group that uses VoIP vulnerabilities to... Read more

date3 months ago
Programming language Go gets vulnerability scanner

Programming language Go gets vulnerability scanner

Go, Google's open-source programming language, has a new tool for discovering vulnerabilities. The 'govulncheck' command allows developers to scan for vulnerabilities in code through an online database. The Go development team says the command contacts the database at vuln.go.dev. The vulner... Read more

date3 months ago
‘Thousands of VNC servers unsafely connected to the Internet’

‘Thousands of VNC servers unsafely connected to the Internet’

Security company Cyble discovered that more than a thousand Virtual Network Computing (VNC) endpoints are unsafely connected to the Internet and open to unauthorized access. VNC is a platform-independent system that allows users to remotely connect to systems to perform monitoring and adjustment... Read more

date4 months ago
1 2 3 6