Apache Flink flaw is back, and being actively exploited
An improper access control flaw is being actively exploited, CISA is warning......»»
Windows 0-day was exploited by North Korea to install advanced rootkit
FudModule rootkit burrows deep into Windows, where it can bypass key security defenses. Enlarge (credit: Getty Images) A Windows zero-day vulnerability recently patched by Microsoft was exploited by hackers working on be.....»»
Week in review: MS Office flaw may leak NTLM hashes, malicious Chrome, Edge browser extensions
Here’s an overview of some of last week’s most interesting news, articles, interviews and videos: Unpatched MS Office flaw may leak NTLM hashes to attackers (CVE-2024-38200) A new MS Office zero-day vulnerability (CVE-2024-38200) can be exploited.....»»
Business and tech consolidation opens doors for cybercriminals
Cyber threats continued to intensify in the first half of 2024 as cybercriminals exploited security gaps from growing business and technological consolidation, according to Resilience. Consolidation in business and tech fuels new third-party risks Re.....»»
Security experts just found a massive flaw with Google Pixel phones
Since 2017, millions of Pixels have shipped with a flawed app package. Now, a defense contractor has exposed the oversight......»»
Microsoft fixes 6 zero-days under active attack
August 2024 Patch Tuesday is here, and Microsoft has delivered fixes for 90 vulnerabilities, six of which have been exploited in the wild as zero-days, and four are publicly known. The zero-days under attack CVE-2024-38178 is a Scripting Engine Memor.....»»
Millions of AMD chips are being ignored in major security flaw fix
A major security flaw impacting hundreds of millions of AMD CPUs is making the rounds, but AMD won't be patching all of the affected processors......»»
Unpatched MS Office flaw may leak NTLM hashes to attackers (CVE-2024-38200)
A new MS Office zero-day vulnerability (CVE-2024-38200) can be exploited by attackers to grab users’ NTLM hashes, Microsoft has shared late last week. The vulnerability is exploitable remotely and requires no special privileges or user interact.....»»
“0.0.0.0-Day” vulnerability affects Chrome, Safari and Firefox
A “0.0.0.0-Day” vulnerability affecting Chrome, Safari and Firefox can be – and has been – exploited by attackers to gain access to services on internal networks, Oligo Security researchers have revealed. The vulnerability ste.....»»
A critical security issue in 1Password for Mac left credentials vulnerable to attack
1Password has disclosed a now patched critical security flaw in its software that could give attackers access to users' unlock keys and credentials. Here's what to do to keep your data safe.1Password has disclosed a critical security flaw present in.....»»
1Password 8 for Mac flaw allows attackers to steal credentials, here’s how to patch it
1Password has shared that its software for Mac has a vulnerability that exposes users to a potentially serious threat. Along with attackers being able to compromise credentials, the flaw can give bad actors access to your account unlock key. more.....»»
Prompt injection attack on Apple Intelligence reveals a flaw, but is easy to fix
A prompt injection attack on Apple Intelligence reveals that it is fairly well protected from misuse, but the current beta version does have one security flaw which can be exploited. However, the issue would be very easy for the company to fix, so.....»»
An 18-year-old Safari loophole exploited by hackers is finally being fixed by Apple
There’s a pesky loophole lurking in every major browser, including Apple’s Safari, Google Chrome, and Mozilla Firefox, that hackers have been exploiting for the past … The post An 18-year-old Safari loophole exploited by hackers is.....»»
macOS Sequoia to fix exploit that lets hackers access internal networks
Apple and other tech companies are constantly looking for ways to improve the security of their operating systems. Even so, some things go unnoticed. An exploit from 18 years ago is still being actively used by hackers to access internal networks, bu.....»»
Roundcube flaws allow easy email account compromise (CVE-2024-42009, CVE-2024-42008)
Two cross-site scripting vulnerabilities (CVE-2024-42009, CVE-2024-42008) affecting Roundcube could be exploited by attackers to steal users’ emails and contacts, email password, and send emails from their account. About the vulnerabilities Rou.....»»
Critical Apache OFBiz pre-auth RCE flaw fixed, update ASAP! (CVE-2024-38856)
CVE-2024-38856, an incorrect authorization vulnerability affecting all but the latest version of Apache OFBiz, may be exploited by remote, unauthenticated attackers to execute arbitrary code on vulnerable systems. About CVE-2024-38856 Apache OFBiz is.....»»
Week in review: VMware ESXi zero-day exploited, SMS Stealer malware targeting Android users
Here’s an overview of some of last week’s most interesting news, articles, interviews and videos: Why a strong patch management strategy is essential for reducing business risk In this Help Net Security interview, Eran Livne, Senior Director of P.....»»
NASA says it is “evaluating all options” for the safe return of Starliner crew
SpaceX is actively working on a plan to fly Starliner's crew home. Enlarge / Boeing's Starliner spacecraft is seen docked at the International Space Station on June 13. (credit: NASA) It has now been eight weeks since Bo.....»»
Astronomers use AI to find elusive stars "gobbling up" planets
Astronomers have recently found hundreds of "polluted" white dwarf stars in our home galaxy, the Milky Way. These are white dwarfs caught actively consuming planets in their orbit. They are a valuable resource for studying the interiors of these dist.....»»
Restoring logged forests doesn"t mean locking them up as "wilderness"—it means actively managing them
On January 1 this year, the commercial logging of native forests ended in Victoria and Western Australia. It was one of the most significant changes in the history of forest management in Australia......»»
Japan"s youth and climate change
Students in Japan are more likely to be apathetic towards or confused by climate change than concerned or actively involved in the issue, according to research at the University of Tokyo. The work is published in the journal International Research in.....»»