Bug affects Linux systems: major risk to firmware
The vulnerability allows hackers to execute code early in a device's boot. Virtually all Linux distributions are affected by this bug.
Security developer Matthew Garrett warns of this. The vulnerability is in shim, a component that runs during the boot process. Shim performs tasks even before th... Read more
Canon finally patches old vulnerabilities in printers
Canon has recently fixed some long-known vulnerabilities in its own printers via a patch. Printers still appear to be an attack surface that is too easily overlooked.
Canon has recently patched seven critical vulnerabilities in its multifunction and laser printers. The vulnerabilities came to li... Read more
Number of vulnerabilities in WordPress plugins doubled
The number of vulnerabilities in plugins and themes for WordPress has increased significantly over the past year. There is almost a doubling compared to 2022.
That's according to research by WordFence. 4,833 vulnerabilities were identified for the entire WordPress ecosystem in the past year. The... Read more
Attackers in the cloud get too many opportunities to strike
Runtime scans detect policy failures in 91 percent of all cases. As a result, organizations are picking up potential vulnerabilities later than expected, according to a new Sysdig report.
The Sysdig report examines the state of cloud-native security. It shows that cloud environments are more sus... Read more
More than 178,000 SonicWall firewalls vulnerable to simple DoS attack
More than 178,000 SonicWall firewalls are vulnerable to Denial of Service (DoS) and Remote Code Execution (RCE) attacks due to two vulnerabilities. The discovery was made by Bishop Fox security experts.
According to Bishop Fox, SonicWall's more than 178,000 next-generation Series 6 and 7 firewal... Read more
Microsoft patches BitLocker workaround for Windows 10 systems
Microsoft has patched a BitLocker workaround using a PowerShell script. This vulnerability allowed hackers to gain access to encrypted data in Windows 10 systems via a bypass of the BitLocker encryption functionality.
In the recent Patch Tuesday update for Windows 10 systems, Microsoft included ... Read more
Ivanti fixes 14 critical vulnerabilities in Avalanche MDM solution
Ivanti recently patched as many as fourteen critical security vulnerabilities in its enterprise MDM solution Avalanche. These vulnerabilities allowed hackers to easily execute code remotely without the need for end-user interaction.
Ivanti discovered as many as 20 security vulnerabilities in its... Read more
Microsoft urges upgrade to 2023 version Perforce Helix Core Server
Security specialists at Microsoft have discovered four critical vulnerabilities in the Perforce Helix Core Server source code management platform during a routine audit. The vulnerabilities let hackers run code remotely or cause Denial of Service (DoS) problems.
Microsoft security researchers di... Read more
Bluetooth vulnerability affects Android, Apple and Linux devices
A recently discovered vulnerability in Bluetooth, CVE-2023-45866, opens the door to a hostile takeover of Android, Apple and Linux devices. Security researcher Marc Newlin made the discovery.
In a posting on GitHub, Newlin recently disclosed the Bluetooth vulnerability CVE-2023-45866. By exploit... Read more
Google fixes Android bug that hackers can abuse without privileges
In its recent security update for Android, Google patched a critical vulnerability that enables so-called zero-click remote code execution (RCE). In addition, 84 other vulnerabilities were addressed.
According to the tech giant, critical vulnerability CVE-2023-40088 was the most important vulner... Read more