VMware Aria hit by set of serious SSH vulnerabilities
VMware is warning of two SSH authentication vulnerabilities in Aria Operations for Networks. These can allow hackers to bypass SSH authentication and gain access to private endpoints.
Aria Operations for Networks (VMware Aria), formerly vRealize Network Insight, is a suite for managing and monit... Read more
Smart lamp causes WiFi password theft
The TP-Link Tapo L530E smart lamp not only provides light, but also allows hackers to steal WiFi passwords via the accompanying Tapo mobile app. This was discovered by Italian and British researchers.
The researchers from the Universita di Catania and University of London discovered four key vul... Read more
‘Hackers are 327x more likely to react quickly to bugs with a high CVE score’
Cybercriminals are more likely to attack vulnerabilities with a high CVE score within seven days. These are the top one percent of bugs in terms of severity.
Common vulnerabilities and exposures (CVEs) with a high vulnerability score are exploited with 327 times greater likelihood within seven ... Read more
Citrix servers have backdoors everywhere, leading to a false sense of security
Fox-IT has detected a major exploitation campaign on Citrix NetScaler servers. In cooperation with the Dutch Institute of Vulnerability Disclosure (DIVD), the company is notifying victims. The attackers were able to compromise a huge number of servers in merely two days with the help of automation ... Read more
Intel Downfall bug is in billions of chips, allows for data theft
Following in AMD's footsteps, Intel also finds itself with a sizeable vulnerability. A Google researcher discovered a way to exploit a flaw in an instruction, allowing encryption keys and more to be stolen.
CVE-2022-40982 has been reserved as a vulnerability code by Google researcher Daniel Mogh... Read more
AI innovations still have far too many vulnerabilities
Generative AI is unprecedentedly popular, but its vulnerabilities are not yet adequately highlighted. Recent research by Rezillion indicates that there are still many vulnerabilities in most (public) generative AI initiatives.
Research by supply chain security specialist Rezillion among the 50 m... Read more
Apple releases major security updates in iOS 16.5.1
To protect its users, Apple released a series of software updates on Wednesday for its suite of devices, including the iPhone, iPad, Mac, and Apple Watch. The updates, which include iOS 16.5.1, iPadOS 16.5.1, MacOS 13.4.1, and WatchOS 9.5.2, extend beyond the routine bug fixes and feature enhanceme... Read more
‘ChatGPT creates mostly insecure code’
Moreover, the chatbot fails to alert users to its coding defects - even though it could do so.
This week The Register reported on research that shows ChatGPT not only produces mostly insecure code but also fails to alert users to its inadequacies. The striking thing is that it is perfectly capab... Read more
Small number of security vulnerabilities pose biggest threat
Three-quarters of security vulnerabilities pose hardly any risk. The real danger comes from a very small number of vulnerabilities, especially those where attack paths converge at points leading to important business assets.
This is stated by security vendor XM Cyber in a recent survey. XM Cybe... Read more
Apple releases latest security patches for older devices
Last week's security updates are now available for older iPhones, iPads, and Macs.
This week Apple released iOS and iPadOS 15.7.5, macOS Monterey 12.6.5, and macOS Big Sur 11.7.6 to patch two security vulnerabilities in older devices that are still receiving software updates but aren’t capable... Read more