As if two Ivanti vulnerabilities under exploit weren’t bad enough, now there are 3
Hackers looking to diversify, began mass exploiting a new vulnerability over the weekend. Enlarge (credit: Getty Images) Mass exploitation began over the weekend for yet another critical vulnerability in widely used VPN.....»»
Driver assists become de facto autopilots as drivers multitask, study finds
As drivers become familiar with the systems, they exploit them. Enlarge / Lane keeping systems let you take your hands off the wheel while you drive. (credit: Getty Images) The seductive lure of cars that drive themselv.....»»
Today’s release of macOS Sequoia brings 70+ new security fixes
macOS Sequoia has officially launched with new features and improvements such as window tiling, iPhone Mirroring, the new Password app, and more. But under the hood, Apple delivered a staggering amount of patched bugs/vulnerabilities to Mac users. Th.....»»
Sourcepoint helps companies mitigate vulnerabilities across various privacy regulations
Sourcepoint announced significant enhancements to its compliance monitoring suite. These solutions are designed to help companies navigate the increasingly complex landscape of digital privacy laws and mitigate risks associated with the growing trend.....»»
Trends and dangers in open-source software dependencies
A C-suite perspective on potential vulnerabilities within open-source dependencies or software packages reveals that, while remediation costs for dependency risks are perilously high, function-level reachability analysis still offers the best value i.....»»
iPhone 16 Pro pre-orders begin slipping to October, here are the models most affected
Apple opened pre-orders for the iPhone 16 and 16 Pro this morning. As usual, if you weren’t among the first batch of buyers, you may want to make that purchase decision soon. September 20 is the official release day, but the most popular models hav.....»»
GAZEploit could work out Vision Pro user passwords from watching their avatars [Fixed]
Security researchers came up with a pretty wild Vision Pro exploit. Dubbed GAZEploit, it’s a method of working out the passwords of Vision Pro users by watching the eye movements of their avatars during video calls. They’ve put together a YouT.....»»
GAZEploit can work out Vision Pro user passwords from watching their avatars
Security researchers have come up with a pretty wild Vision Pro exploit. Dubbed GAZEploit, it’s a method of working out the passwords of Vision Pro users by watching the eye movements of their avatars during video calls. They’ve put together a.....»»
Adobe completes fix for Reader bug with known PoC exploit (CVE-2024-41869)
Among the security updates released by Adobe on Tuesday are those for various versions of Adobe Acrobat and Reader, which fix two critical flaws that could lead to arbitrary code execution: CVE-2024-45112 and CVE-2024-41869. Nothing in the advisory p.....»»
Ivanti fixes critical vulnerabilities in Endpoint Management (CVE-2024-29847)
Ivanti has fixed a slew of vulnerabilities affecting its Endpoint Manager solution, including a maximum severity one (CVE-2024-29847) that may allow unauthenticated attackers to remotely execute code in the context of the vulnerable system, and use i.....»»
Tenable AI Aware provides exposure insight into AI applications, libraries and plugins
Tenable released AI Aware, advanced detection capabilities designed to surface artificial intelligence solutions, vulnerabilities and weaknesses available in Tenable Vulnerability Management. Tenable AI Aware provides exposure insight into AI applica.....»»
Opus Security empowers organizations to prioritize the most critical vulnerabilities
Opus Security launched its Advanced Multi-Layered Prioritization Engine, designed to revolutionize how organizations manage, prioritize and remediate security vulnerabilities. Leveraging AI-driven intelligence, deep contextual data and automated deci.....»»
CISA confirms that SonicWall vulnerability is getting exploited (CVE-2024-40766)
The US Cybersecurity and Infrastructure Security Agency (CISA) has added CVE-2024-40766 – a recently fixed improper access control vulnerability affecting SonicWall’s firewalls – to its Known Exploited Vulnerabilities catalog, thus.....»»
Neutral news sources could exploit today"s polarized mediascape to boost revenue—why they may choose not to
Even news outlets perceived as politically neutral can benefit from today's polarized media environment......»»
September 2024 Patch Tuesday forecast: Downgrade is the new exploit
I asked for a calm August 2024 Patch Tuesday in last month’s forecast article and that came to pass. The updates released were limited to the regular operating systems and all forms of Office applications. Six zero-day vulnerabilities were announce.....»»
Binarly Transparency Platform 2.5 identifies critical vulnerabilities before they can be exploited
Binarly announced Binarly Transparency Platform 2.5 with several features designed to enhance software vulnerability management and improve security posture across enterprise environments. The key highlight of this release is the innovative Reachabil.....»»
Zyxel warns of vulnerabilities in a wide range of its products
Most serious vulnerabilities carry severity ratings of 9.8 and 8.1 out of a possible 10. Enlarge (credit: Getty Images) Networking hardware-maker Zyxel is warning of nearly a dozen vulnerabilities in a wide array of its.....»»
Critical flaw in Zyxel’s secure routers allows OS command execution via cookie (CVE-2024-7261)
Zyxel has patched a myriad of vulnerabilities in its various networking devices, including a critical one (CVE-2024-7261) that may allow unauthenticated attackers to execute OS commands on many Zyxel access points (APs) and security routers by sendin.....»»
A macro look at the most pressing cybersecurity risks
Forescout’s 2024H1 Threat Review is a new report that reviews the current state of vulnerabilities, threat actors, and ransomware attacks in the first half of 2024 and compares them to H1 2023. “Attackers are looking for any weak point to bre.....»»
Commercial spyware vendor exploits used by Kremlin-backed hackers, Google says
Findings undercut pledges of NSO Group and Intgellexa their wares won't be abused. Enlarge (credit: Getty Images) Critics of spyware and exploit sellers have long warned that the advanced hacking sold by commercial surve.....»»
Romance fraud doesn"t only happen online—it can turn into real-world deception
We often think of fraudsters as people on the opposite side of the world. They will manipulate and exploit victims through words on a computer screen, or loving messages through the phone. But romance fraud can also happen in person, with the fraudst.....»»