Juniper Networks patches series of critical vulnerabilities
Juniper Networks patched a large number of critical vulnerabilities in various networking and controller solutions.
The most important patches apply to Junos Space, Contrail Networking and NorthStar Controller solutions. These have been labelled as critical by US security supervisor CISA. Some ... Read more
New Spectre variant hits Intel and AMD processors
Older Intel and AMD processors are vulnerable to Rettbleed, a new Spectre variant. The vulnerability was discovered by a research team from the Technical University of Zurich. Meanwhile, the first security patches for Linux have been announced.
The Spectre variant was discovered by Swiss researc... Read more
Google patches urgent zero day in Chrome
Google recently patched an urgent zero-day vulnerability in Chrome for Windows. The update will be deployed to all users in coming weeks.
According to the tech giant, the vulnerability (CVE-2022-2294) is fixed in Chrome version 103.0.5060.114 for Windows. Google said the Chrome update will be de... Read more
Microsoft patches vulnerability in Service Fabric
Microsoft patched a serious vulnerability in Service Fabric. The threat was discovered by security specialists from Unit42 of Palo Alto Networks.
The vulnerability ('FabricScape') allows attacks on all services and applications that Service Fabric supports. These include Azure Service Fabric, Az... Read more
Tesla’s updated Key Card access helps thieves steal your car
Using the NFC to unlock the car makes it easy for the driver, but gives thieves a chance to create their own key.
Last year, Tesla issued an update that made its vehicles easier to start after being unlocked with their NFC key cards. Now, Ars Technica reports that a researcher has shown how the ... Read more
Atlassian urges customers to disable Confluence due to vulnerability
Confluence is vulnerable to remote code execution. Atlassian urges users to disable the software until the patch is ready.
The vulnerability was discovered by security company Volexity. Atlassian confirmed the problem on 2 June. At the time of writing, the patch is yet to be released. The vulner... Read more
Meeting Owl videoconferencing device poses “unacceptable” risk
The device poses a threat to users as well as any network it connects to.
This week Ars Technica reported on a major security risk posed by a popular videoconferencing device used by governments and corporations.
The Meeting Owl Pro is a videoconference device with an array of cameras and mi... Read more
‘Millions of attacks on WordPress plugin Tatsu’
Researchers from security specialist Worldfence discovered millions of attacks on outdated versions of WordPress plugin Tatsu. Attackers are dropping malware with ease.
The newly found attacks target a remote code execution vulnerability in the WordPress plugin Tatsu. Tatsu is a no-code page bu... Read more
Cisco resolves vulnerabilities in Enterprise NFVIS
Cisco resolved several vulnerabilities in Cisco Enterprise NFV Infrastructure Software (NFVIS). No exploits by cybercriminals were observed so far.
Cisco Enterprise NFVIS provides various virtual network services for the management of virtual network functions (VNFs). The newly addressed vulner... Read more
SentinelOne unveils severe zero-day vulnerabilities in Avast and AVG
SentinelOne discovered two serious zero-day vulnerabilities in Avast and AVG. The threats went unnoticed for ten years.
The vulnerabilities allow attackers to bump privileges. From there, a system's security tools can be disabled. In December 2021, SentinelOne's researchers disclosed the vulnera... Read more