The UK is scanning all internet-exposed devices in the country
The goal is to harden national security against vulnerability exploitation and weaponized bugs.
The United Kingdom's National Cyber Security Centre (NCSC) is now scanning all internet-exposed devices hosted in the UK for vulnerabilities, the agency announced. The NCSC leads and oversees the coun... Read more
Microsoft says China is expanding its cyber warfare capabilities
The tech giant claims China is weaponizing vulnerabilities by hiding and stockpiling zero-day threats.
China's offensive cyber capabilities are expanding quickly, according to Microsoft. The tech giant says the expansion is due to a 2021 law that effectively allows Beijing to build up an arsenal... Read more
OpenSSL 3.0.7 patches two high-risk vulnerabilities
OpenSSL version 3.0.7 is now available and should be applied as soon as possible, the developers say.
OpenSSL version 3.0.7 was announced last week as an important security fix. The vulnerabilities patched with this release are CVE-2022-3786 (X.509 Email Address Variable Length Buffer Over... Read more
SandboxAQ acquires Cryptosense to enhance post-quantum cryptography
SanboxAQ is acquiring Cryptosense to enhance the cybersecurity and encryption capabilities of its post-quantum cryptography solution.
SandboxAQ is a quantum computing developer that was founded at Alphabet and became an independent company last March. Only six months into its operations, Sandbox... Read more
Lenovo BIOS updates patch security bugs in hundreds of models
Lenovo released a security alert warning of many high-severity BIOS vulnerabilities affecting hundreds of desktops, 2-in-1's and laptops.
When exploited, the issue may result in data breaches, privilege escalation, DDoS and arbitrary code execution. The following vulnerabilities were detailed i... Read more
Lorenz ransomware group breaches corporate network
The Lorenz ransomware group managed to breach into corporate networks using VoIP vulnerabilities.
Data breaches are at an all-time high, with several ransomware gangs exploiting vulnerabilities within systems to steal sensitive data. Lorenz is a ransomware group that uses VoIP vulnerabilities to... Read more
Programming language Go gets vulnerability scanner
Go, Google's open-source programming language, has a new tool for discovering vulnerabilities. The 'govulncheck' command allows developers to scan for vulnerabilities in code through an online database.
The Go development team says the command contacts the database at vuln.go.dev. The vulner... Read more
‘Thousands of VNC servers unsafely connected to the Internet’
Security company Cyble discovered that more than a thousand Virtual Network Computing (VNC) endpoints are unsafely connected to the Internet and open to unauthorized access.
VNC is a platform-independent system that allows users to remotely connect to systems to perform monitoring and adjustment... Read more
Google aims to make Linux kernel vulnerabilities tougher to exploit
Google plans to make the Kernel Flaws custom through 'Experimental Mitigations' that could make it difficult for hackers to breach.
Google says it uses Linux for pretty much everything, from the cloud system to Chromebooks. Now, the company focuses on putting together a team of security research... Read more
Cisco resolves vulnerabilities in Enterprise NFVIS
Cisco resolved several vulnerabilities in Cisco Enterprise NFV Infrastructure Software (NFVIS). No exploits by cybercriminals were observed so far.
Cisco Enterprise NFVIS provides various virtual network services for the management of virtual network functions (VNFs). The newly addressed vulner... Read more