Serious vulnerabilities in Matrix’s end-to-end encryption are being patched
Previously overlooked flaws allow malicious homeservers to decrypt and spoof messages. Enlarge (credit: matrix.org) Developers of the open source Matrix messenger protocol are releasing an update on Thursday to fix critical en.....»»
CVEMap: Open-source tool to query, browse and search CVEs
CVEMap is an open-source command-line interface (CLI) tool that allows you to explore Common Vulnerabilities and Exposures (CVEs). It’s designed to offer a streamlined and user-friendly interface for navigating vulnerability databases. Although.....»»
Study shows cells respond quickly to small light-induced micro-environment movements
Life sciences and photonics researchers at Tampere University have made a remarkable discovery in studying superficial cells' response to mechanical stimuli. By simulating the deformation of the extracellular matrix below the cells, researchers have.....»»
45% of critical CVEs left unpatched in 2023
Global attack attempts more than doubled in 2023, increasing 104%, according to Armis. Blind spots and critical vulnerabilities are worsening, with 45% of critical CVEs remaining unpatched. Utilities (over 200% increase) and manufacturing (165% incre.....»»
Update your Apple devices, because the latest releases patched a major security flaw
Apple's latest updates to all its operating systems from macOS Sonoma to tvOS 17.3, included a fix to prevent a WebKit security vulnerability that the company says has been exploited.Researchers show how a GPU vulnerability could be exploitedAlongsid.....»»
Attackers can steal NTLM password hashes via calendar invites
A recently patched vulnerability in Microsoft Outlook (CVE-2023-35636) that can be used by attackers to steal users’ NTLM v2 hashes can be exploited by adding two headers to an email carrying a specially crafted file, security researcher Dolev.....»»
Performing complex-valued linear transformations using spatially incoherent diffractive optical networks
The bulk of the computing in state-of-the-art neural networks comprises linear operations, e.g., matrix-vector multiplications and convolutions. Linear operations can also play an important role in cryptography. While dedicated processors such as GPU.....»»
Ivanti EPMM and MobileIron Core vulnerability is actively exploited, CISA confirms (CVE-2023-35082)
A previously patched critical vulnerability (CVE-2023-35082) affecting Ivanti Endpoint Manager Mobile (EPMM) and MobileIron Core is being actively exploited, the Cybersecurity and Infrastructure Security Agency (CISA) has confirmed by adding the vuln.....»»
Attribute-based encryption could spell the end of data compromise
The future of data privacy is the end of compromise. With the world producing data at astounding rates, we need ways to put data to the best use while protecting against breaches and ensuring privacy, data protection and access control. These princip.....»»
New UEFI vulnerabilities send firmware devs industry wide scrambling
PixieFail is a huge deal for cloud and data centers. For the rest, less so. Enlarge (credit: Nadezhda Kozhedub) UEFI firmware from five of the leading suppliers contains vulnerabilities that allow attackers with a toehol.....»»
New UEFI vulnerabilities send firmware devs across an entire ecosystem scrambling
PixieFail is a huge deal for cloud and data centers. For the rest, less so. Enlarge (credit: Nadezhda Kozhedub) UEFI firmware from five of the leading suppliers contains vulnerabilities that allow attackers with a toehol.....»»
Google fixes actively exploited Chrome zero-day (CVE-2024-0519)
In the new stable release of the Chrome browser, Google has fixed three security vulnerabilities affecting the V8 engine, including one zero-day (CVE-2024-0519) with an existing exploit. About CVE-2024-0519 V8 is an open-source JavaScript and WebAsse.....»»
Accenture and SandboxAQ offer protection against quantum-based decryption attacks
Accenture and SandboxAQ are partnering to deliver AI and quantum computing solutions to help organizations identify and remediate cybersecurity vulnerabilities. According to recent Accenture research, executives’ top concern for 2024 is the ability.....»»
Atlassian reveals critical Confluence RCE flaw, urges “immediate action” (CVE-2023-22527)
Atlassian has patched a critical vulnerability (CVE-2023-22527) in Confluence Data Center and Confluence Server that could lead to remote code execution. The good news is that the flaw was fixed in early December 2023 with the release of versions 8.5.....»»
Apple AirDrop leaks user data like a sieve. Chinese authorities say they’re scooping it up.
Chinese authorities are exploiting a weakness Apple has allowed to go unfixed for 5 years. Enlarge (credit: Aurich Lawson | Getty Images) Chinese authorities recently said they're using an advanced encryption attack to d.....»»
Ivanti Connect Secure zero-days exploited by attackers (CVE-2023-46805, CVE-2024-21887)
Two zero-day vulnerabilities (CVE-2023-46805, CVE-2024-21887) in Ivanti Connect Secure VPN devices are under active exploitation by unknown attackers, Volexity researchers have discovered. Patches for these flaws are currently unavailable, but the ri.....»»
Apple patches security flaw that allowed Magic Keyboard Bluetooth connections to be faked
After a public disclosure in December, Apple has issued a firmware update for the Magic Keyboard to block a security flaw that allowed an attacker to enter keystrokes through a cloned keyboard connection.An Apple Magic KeyboardThe now-patched vulnera.....»»
Actively exploited 0-days in Ivanti VPN are letting hackers backdoor networks
Organizations using Ivanti Connect Secure should take action at once. Enlarge (credit: Getty Images) Unknown threat actors are actively targeting two critical zero-day vulnerabilities that allow them to bypass two-factor.....»»
The Twinkly Matrix is a smart LED curtain with 500 mappable lights
It's a bit pricey at $200, but the Twinkly Matrix Smart LED Curtain features up to 500 mappable lights and can easily sync with your music......»»
Even wireless tools aren"t safe from ransomware attacks
Researchers found multiple vulnerabilities on intranet-connected wrenches......»»
Top LLM vulnerabilities and how to mitigate the associated risk
As large language models (LLMs) become more prevalent, a comprehensive understanding of the LLM threat landscape remains elusive. But this uncertainty doesn’t mean progress should grind to a halt: Exploring AI is essential to staying competitive, m.....»»