Apache Flink flaw is back, and being actively exploited
An improper access control flaw is being actively exploited, CISA is warning......»»
Federal agency hacked by 2 groups thanks to flaw that went unpatched for 4 years
A code-execution bug with a 9.8 severity rating gave control over agency's network. Enlarge (credit: Getty Images) Multiple threat actors—one working on behalf of a nation-state—gained access to the network of a US f.....»»
Network device maker Unizyx sees clients engaged in inventory digestion
Network device maker Unizyx Holding has said that clients who had actively stockpiled inventory in the previous two years due to supply constraints are still engaged in inventory digestion, which could take one to two quarters to complete......»»
Fortinet flaws are being exploited in attacks on government
Attackers with "advanced capabilities" are exploiting FortiOS flaws in "highly targeted" events......»»
CISA warns CI operators about vulnerabilities on their networks exploited by ransomware gangs
Organizations in critical infrastructure sectors whose information systems contain security vulnerabilities associated with ransomware attacks are being notified by the US Cybersecurity and Infrastructure Security Agency (CISA) and urged to implement.....»»
Microsoft patches zero-days used by state-sponsored and ransomware threat actors (CVE-2023-23397, CVE-2023-24880)
It’s March 2023 Patch Tuesday, and Microsoft has delivered fixes for 74 CVE-numbered vulnerabilities, including two actively exploited in the wild (CVE-2023-23397, CVE-2023-24880) by different threat actors. About CVE-2023-23397 “CVE-2023.....»»
If you use this free password manager, your passwords might be at risk
Researchers just found a new, potentially dangerous flaw within Bitwarden, an open-source password manager......»»
Fortinet plugs critical RCE hole in FortiOS, FortiProxy (CVE-2023-25610)
Fortinet has patched 15 vulnerabilities in a variety of its products, including CVE-2023-25610, a critical flaw affecting devices running FortiOS and FortiProxy. None of the patched vulnerabilities is actively exploited, but Fortinet’s devices.....»»
Stealthy UEFI malware bypassing Secure Boot enabled by unpatchable Windows flaw
BlackLotus represents a major milestone in the continuing evolution of UEFI bootkits. Enlarge (credit: Aurich Lawson | Getty Images) Researchers on Wednesday announced a major cybersecurity find—the world’s first-kno.....»»
Bending 2D nanomaterial could "switch on" future technologies
Rice University materials scientist Boris Yakobson and collaborators uncovered a property of ferroelectric 2D materials that could be exploited as a feature in future devices......»»
Unkillable UEFI malware bypassing Secure Boot enabled by unpatchable Windows flaw
BlackLotus represents a major milestone in the continuing evolution of UEFI bootkits. Enlarge (credit: Aurich Lawson | Getty Images) Researchers on Wednesday announced a major cybersecurity find—the world’s first-kno.....»»
PoC exploit for recently patched Microsoft Word RCE is public (CVE-2023-21716)
A PoC exploit for CVE-2023-21716, a critical RCE vulnerability in Microsoft Word that can be exploited when the user previews a specially crafted RTF document, is now publicly available. Patches for the flaw – which affects a wide variety of MS.....»»
Teens can proactively block their nude images from Instagram, OnlyFans
Hundreds already using tool, as teen financial sextortion cases are increasing. Enlarge (credit: Peter Dazeley | The Image Bank) Over the past few years, the National Center for Missing and Exploited Children (NCMEC) saw.....»»
VMware patches critical injection flaw in Carbon Black App Control (CVE-2023-20858)
VMware has fixed a critical vulnerability (CVE-2023-20858) in Carbon Black App Control, its enterprise solution for preventing untrusted software from executing on critical systems and endpoints. Even though the flaw has been privately reported to VM.....»»
Samsung keen to strengthen own IC design ecosystem
Main IC design houses under the ecosystem of Samsung Electronics are actively recruiting new talent despite the recent layoff wave at the tech sector, riding on the rise of ChatGPT. Samsung is apparently seeking to strengthen its IC design fleet to b.....»»
Most vulnerabilities associated with ransomware are old
Researchers identified 56 new vulnerabilities associated with ransomware threats among a total of 344 threats identified in 2022 – marking a 19% increase year-over-year. Threat actors are actively searching the internet and deep and dark web fo.....»»
Roscosmos: Russian spacecraft leak caused by external impact
A coolant leak from an uncrewed Russian supply ship docked at the International Space Station resulted from an external impact and not a manufacturing flaw, Russia's space corporation said Tuesday......»»
Studying epigenetic regulation at the single-molecule level
If one imagines the genome as an instruction manual for the functioning of a cell, every page of this manual is covered with annotations, highlights, and bookmarks. The role of some of these marks remains mysterious—do they actively direct the read.....»»
Man beats machine at Go in human victory over AI
Amateur exploited weakness in systems that have otherwise dominated grandmasters. (credit: Flickr user LNG0004) A human player has comprehensively defeated a top-ranked AI system at the board game Go, in a surprise rever.....»»
Week in review: Microsoft, Apple patch exploited zero-days, tips for getting hired in cybersecurity
Here’s an overview of some of last week’s most interesting news, articles, interviews and videos: Combining identity and security strategies to mitigate risks The Identity Defined Security Alliance (IDSA), a nonprofit that provides vendor-neutral.....»»
Microsoft Exchange ProxyShell is being exploited to mine crypto once again
Cryptominers are being deployed on vulnerable Microsoft Exchange servers again......»»