Messenger billed as better than Signal is riddled with vulnerabilities
Threema comes with unusually strong claims. They crumble under new research findings. Enlarge (credit: Getty Images) Academic researchers have discovered serious vulnerabilities in the core of Threema, an instant messeng.....»»
LG smart TVs may be taken over by remote attackers
Bitdefender researchers have uncovered four vulnerabilities in webOS, the operating system running on LG smart TVs, which may offer attackers unrestricted (root) access to the devices. “Although the vulnerable service is intended for LAN access.....»»
Thousands of LG TVs are vulnerable to takeover—here’s how to ensure yours isn’t one
LG patches four vulnerabilities that allow malicious hackers to commandeer TVs. Enlarge (credit: Getty Images) As many as 91,000 LG TVs face the risk of being commandeered unless they receive a just-released security upd.....»»
SINEC Security Guard identifies vulnerable production assets
Production facilities are increasingly the target of cyberattacks. Industrial companies are therefore required to identify and close potential vulnerabilities in their systems. To address the need to identify cybersecurity vulnerabilities on the shop.....»»
Critical takeover vulnerabilities in 92,000 D-Link devices under active exploitation
D-Link won't be patching vulnerable NAS devices because they're no longer supported. Enlarge (credit: Getty Images) Hackers are actively exploiting a pair of recently discovered vulnerabilities to remotely commandeer net.....»»
April 2024 Patch Tuesday forecast: New and old from Microsoft
This month, we have a new product preview from Microsoft, and some older products are being prepared for end-of-support. But before we go there, March 2024 Patch Tuesday was pretty mild, with 60 unique vulnerabilities addressed. We saw updates to Mic.....»»
Threat actors are raising the bar for cyber attacks
From sophisticated nation-state-sponsored intrusions to opportunistic malware campaigns, cyber attacks manifest in various forms, targeting vulnerabilities in networks, applications, and user behavior. The consequences of successful cyber attacks can.....»»
Ivanti vows to transform its security operating model, reveals new vulnerabilities
Ivanti has released patches for new DoS vulnerabilities affecting Ivanti Connect Secure (SSL VPN solution) and Ivanti Policy Secure (NAC solution), some of which could also lead to execution of arbitrary code or information disclosure. Also, three mo.....»»
NVD: NIST is working on longer-term solutions
The recent conspicuous faltering of the National Vulnerability Database (NVD) is “based on a variety of factors, including an increase in software and, therefore, vulnerabilities, as well as a change in interagency support,” says the U.S......»»
Romania center explores world"s most powerful laser
"Ready? Signal sent!" In the control room of a research center in Romania, engineer Antonia Toma activates the world's most powerful laser, which promises revolutionary advances in everything from the health sector to space......»»
Researchers reveal impact of brassinosteroid and sugar signal on wheat grain size regulation
Grain size plays a central role in determining wheat yield, and precise regulation of grain development has emerged as a key strategy for increasing yields in several staple crops such as rice and maize. However, the genetic basis and potential molec.....»»
Finding software flaws early in the development process provides ROI
Enterprises spend enormous effort fixing software vulnerabilities that make their way into their publicly-facing applications. The Consortium for Information and Software Quality estimates that the cost of poor software quality in the United States r.....»»
Zero-day exploitation surged in 2023, Google finds
2023 saw attackers increasingly focusing on the discovery and exploitation of zero-day vulnerabilities in third-party libraries (libvpx, ImagelO) and drivers (Mali GPU, Qualcomm Adreno GPU), as they can affect multiple products and effectively offer.....»»
Drozer: Open-source Android security assessment framework
Drozer is an open-source security testing framework for Android, whose primary purpose is to make the life of mobile application security testers easier. Drozer features The solution enables the identification of security vulnerabilities in applicati.....»»
BackBox platform update enhances CVE mitigation and risk scoring
After releasing Network Vulnerability Manager (NVM) in Q4 2023, BackBox has announced a major platform feature update that gives customers the ability to mark irrelevant or already-mitigated Common Vulnerabilities and Exposures (CVEs) as “mitig.....»»
Interos Resilience Watchtower enables companies to monitor vulnerabilities
Interos announced Interos Resilience Watchtower, a personalized risk technology that evolves organizations from monitoring to action. The module allows leaders to build tailored risk models that prioritize at-risk suppliers based on their materiality.....»»
Messenger RNAs with multiple "tails" could lead to more effective therapeutics, say researchers
Messenger RNA (mRNA) made its big leap into the public limelight during the pandemic, thanks to its cornerstone role in several COVID-19 vaccines. But mRNAs, which are genetic sequences that instruct the body to produce proteins, are also being devel.....»»
Security best practices for GRC teams
Even with the best-of-the-best tools and tech stack monitoring vulnerabilities, every security executive and GRC leader should still have some layer of paranoia. If they don’t, that’s a huge issue. In this Help Net Security video, Shrav Mehta, CE.....»»
Synopsys fAST Dynamic enables DevOps teams to fix security vulnerabilities in modern web apps
Synopsys released Synopsys fAST Dynamic, a new dynamic application security testing (DAST) offering on the Synopsys Polaris Software Integrity Platform. fAST Dynamic enables development, security, and DevOps teams to find and fix security vulnerabili.....»»
Finally, engineers have a clue that could help them save Voyager 1
A new signal from humanity's most distant spacecraft could be the key to restoring it. Enlarge / Artist's illustration of the Voyager 1 spacecraft. (credit: Caltech/NASA-JPL) It's been four months since NASA's Voyager 1.....»»
PoC for critical Arcserve UDP vulnerabilities published (CVE-2024-0799, CVE-2024-0800)
Arcserve has fixed critical security vulnerabilities (CVE-2024-0799, CVE-2024-0800) in its Unified Data Protection (UDP) solution that can be chained to upload malicious files to the underlying Windows system. Tenable researchers have published a PoC.....»»