Apache Flink flaw is back, and being actively exploited
An improper access control flaw is being actively exploited, CISA is warning......»»
Apple fixes exploited iOS, iPadOS zero-day (CVE-2022-42827)
For the ninth time this year, Apple has released fixes for a zero-day vulnerability (CVE-2022-42827) exploited by attackers to compromise iPhones. About CVE-2022-42827 CVE-2022-42827 is an out-of-bounds write issue in the iOS and iPadOS kernel, which.....»»
Apple chipmaker TSMC at ever-growing risk from China, amid US tech war
A new piece today argues that Apple chipmaker TSMC is at ever-growing risk from China, and questions the wisdom of the Cupertino company allowing itself to become wholly dependent on a single company. With the US now actively seeking to hamper China.....»»
Dremio’s open lakehouse now supports SQL DML and DDL operations on Apache Iceberg
Dremio has unveiled its support for DML operations (insert, update & delete) on Apache Iceberg tables and for time travel for in-place querying of historical data. These features enable key data lakehouse use cases that were previously only available.....»»
Week in review: CISA releases RedEye, Apache Commons Text flaw, Medibank data breach
Here’s an overview of some of last week’s most interesting news, articles, interviews and videos: Medibank hack turned into a data breach: The attackers are demanding money Medibank, Australia’s largest private health provider, has confirmed th.....»»
VMware bug with 9.8 severity rating exploited to install witch’s brew of malware
If you haven't patched CVE-2022-22954 yet, now would be an excellent time to do so. (credit: Pixabay) Hackers have been exploiting a now-patched vulnerability in VMware Workspace ONE Access in campaigns to install various rans.....»»
Vulnerabilities in Cisco Identity Services Engine require your attention (CVE-2022-20822, CVE-2022-20959)
Cisco has published a heads-up for admins of Cisco Identity Services Engine solutions, about two vulnerabilities (CVE-2022-20822, CVE-2022-20959) that could be exploited to read and delete files on an affected device, and to execute arbitrary script.....»»
Apache Commons Text flaw is not a repeat of Log4Shell (CVE-2022-42889)
A freshly fixed vulnerability (CVE-2022-42889) in the Apache Commons Text library has been getting attention from security researchers these last few days, worrying it could lead to a repeat of the Log4Shell dumpster fire. But the final verdict shows.....»»
Microsoft moves to patch this potentially serious security flaw
A fix was released for a flaw plaguing numerous versions of Windows and Windows Server......»»
"Near-undetectable" hacking tool up for sale on malware forum
A fix was released for a flaw plaguing numerous versions of Windows and Windows Server......»»
Zoom for Mac users should update now to fix a massive security flaw
Users urged to update Zoom for Mac desktop client to combat potential flaws......»»
Bypass for Windows trusted file label gets unofficial patch
Mark of the Web flaw has been resolved, but not by Microsoft......»»
What is a potentially hazardous asteroid?
The night sky might look empty and black, but when you really look out into space, you’ll find that the universe is full of not just stars and planets, but also dust, comets, and asteroids. Many of these celestial objects are being actively studied.....»»
Chinese manufacturers actively investing in mini/microLED
China-based makers have been actively investing in the supply chain of miniLED backlighting used in LCD panels and microLED displays, with more than 30 companies investing or planning to invest CNY41.5 billion (US$5.77 billion) in total during Januar.....»»
Chinese manufacturers actively investing in mini/micro LED
China-based makers have been actively investing in the supply chain of mini LED backlighting used in LCD panels and micro LED displays, with more than 30 companies investing or planning to invest CNY41.5 billion (US$5.77 billion) in total during Janu.....»»
Coinbase users scammed out of $21M in crypto sue company for negligence
Nearly 100 users sue Coinbase for allegedly overlooking security flaw. Enlarge (credit: Bloomberg / Contributor | Bloomberg) Last fall, scammers infiltrated social platforms like dating apps, WhatsApp, Facebook, and Twitter, a.....»»
Researchers release PoC for Fortinet firewall flaw, exploitation attempts mount
Horizon3.ai researchers have released a PoC exploit for CVE-2022-40684, the authentication bypass vulnerability affecting Fortinet‘s firewalls and secure web gateways, and soon after exploitation attempts started rising. “[On Thursday], t.....»»
Weakness in Microsoft Office 365 Message Encryption could expose email contents
WithSecure researchers are warning organizations of a security weakness in Microsoft Office 365 Message Encryption (OME) that could be exploited by attackers to obtain sensitive information. OME, which is used by organizations to send encrypted email.....»»
iOS VPN apps have another flaw, shows new research: excluding many Apple apps
A security researcher back in August found a significant flaw in iOS VPN apps, and a second researcher has now demonstrated another major issue. The first problem was that opening a VPN app should close all existing connections, but didn’t. The se.....»»
Global server shipment forecast, 2023 and beyond
Digitimes Research forecasts a 5.2% increase in 2023 global server shipments, mainly driven by large US-based cloud service providers actively expanding their datacenter infrastructure. On top of that, the IC and component supply will gradually retur.....»»
Microsoft patches Windows flaw exploited in the wild (CVE-2022-41033)
October 2022 Patch Tuesday is here, with fixes for 85 CVE-numbered vulnerabilities, including CVE-2022-41033, a vulnerability in Windows COM+ Event System Service that has been found being exploited in the wild. But, first and foremost, it should be.....»»