Tag: vulnerability

Here you will find all the articles with the tag: vulnerability.

Flaw in R programming language poses major security threat

Flaw in R programming language poses major security threat

Without a patch, the R programming language contains a serious vulnerability. An error in data deserialization allows malicious actors to execute their own programming code in IT environments. CVE-2024-27322 involves a flaw in the deserialization process. This is required to decode objects and c... Read more

date29 days ago
Hackers spread malware via URLs in GitHub comments

Hackers spread malware via URLs in GitHub comments

Cybercriminals are spreading malware-linked URLs of ostensibly Microsoft repositories through the comments of GitHub projects. The method of malware distribution is very dangerous and persistent. According to research, cybercriminals are actively trying to spread malware through URLs posted in t... Read more

date1 month ago
Bug bounty in practice: the final layer of security

Bug bounty in practice: the final layer of security

What does a bug bounty program look like, and what does it deliver? We talk to Visma about its usefulness for security professionals and the ultimate benefit for the user of the software. "With the bug bounty program, we have extra eyes looking at our products," explains Chief Information Securi... Read more

date1 month ago
Vulnerability in Windows Defender leads to data loss

Vulnerability in Windows Defender leads to data loss

Attacks on Windows Defender and Kaspersky EDR allow remote file deletion. Even after patches, hackers can still exploit these tools' vulnerabilities. In a presentation at Black Hat Asia, security firm SafeBreach revealed that Windows Defender and Kaspersky EDR are vulnerable to remote-access att... Read more

date1 month ago
Large-scale attack on Ray framework exposes AI security risks

Large-scale attack on Ray framework exposes AI security risks

For seven months, attackers had free reign to wreak havoc inside the AI infrastructure of major tech companies. An exploitation of vulnerability CVE-2023-48022 in the widely used open-source Ray framework has led to manipulated models, stolen hardware cycles and compromised data. Its developer Anys... Read more

date2 months ago
Number of exploited zero-days up more than 50%

Number of exploited zero-days up more than 50%

Figures from Google show that last year there were 97 actively exploited zero-day vulnerabilities. In 2022, the number was still 62 vulnerabilities. With this, the upward trend has returned. A year ago, the figures still showed a positive trend downward. According to Google data, the year 2021 m... Read more

date2 months ago
FBI implores developers to finally eradicate SQL injections

FBI implores developers to finally eradicate SQL injections

The FBI and the U.S. Cybersecurity and Infrastructure Agency (CISA) argue that SQL injections should be a thing of the past. Despite developers' knowledge for two decades of how to prevent this type of attack, it continues to cause widespread exploits. SQL injections insert malicious code into S... Read more

date2 months ago
Researchers IBM and VU Amsterdam discover major CPU vulnerability

Researchers IBM and VU Amsterdam discover major CPU vulnerability

A new CPU vulnerability affects all known computer architectures. The so-called GhostRace exploit makes it possible to steal data from the system memory of PCs with chips from Intel, AMD, Arm and IBM. VUSec, the Systems & Network Security Group at the Dutch university VU Amsterdam, shares a ... Read more

date2 months ago
Malware scanner jeopardizes more than 10,000 WordPress sites

Malware scanner jeopardizes more than 10,000 WordPress sites

Two critical vulnerabilities in WordPress plugins from miniOrange will never receive a patch. More than 10,000 websites use the Malware Scanner plugin to detect attackers. However, the tool itself is exploitable by malicious actors. The vulnerability in Malware Scanner was found by WordPress res... Read more

date3 months ago
1 2 3 18