Serious vulnerabilities in Matrix’s end-to-end encryption have been patched
Previously overlooked flaws allow malicious homeservers to decrypt and spoof messages. Enlarge (credit: matrix.org) Developers of the open source Matrix messenger protocol released an update on Wednesday to fix critical end-to.....»»
Cohesity teams up with Intel to integrate confidential computing into Data Cloud Services
Cohesity has announced it is collaborating with Intel to bring Intel’s confidential computing capabilities to the Cohesity Data Cloud. Leveraged with Fort Knox, Cohesity’s cyber vault service, this data-in-use encryption innovation will be the fi.....»»
Eclypsium Automata discovers vulnerabilities in IT infrastructure
Eclypsium launches Automata, a new AI-assisted feature for its digital supply chain security platform. Available now, Automata is an automated binary analysis system that replicates the knowledge and tooling of expert security researchers to discover.....»»
Microsoft patches two actively exploited zero-days (CVE-2024-29988, CVE-2024-26234)
On this April 2024 Patch Tuesday, Microsoft has fixed a record 147 CVE-numbered vulnerabilities, including CVE-2024-29988, a vulnerability that Microsoft hasn’t marked as exploited, but Peter Girnus, senior threat researcher with Trend Micro.....»»
Microsoft patches two actively exploited zero-days (CVE-2024-29988, CVE-2024-26234)
On this April 2024 Patch Tuesday, Microsoft has fixed a record 147 CVE-numbered vulnerabilities, including CVE-2024-29988, a vulnerability that Microsoft hasn’t marked as exploited, but Peter Girnus, senior threat researcher with Trend Micro.....»»
Microsoft patches two actively exploited zero-days (CVE-2024-29988, CVE-2024-26234)
On this April 2024 Patch Tuesday, Microsoft has fixed a record 147 CVE-numbered vulnerabilities, including CVE-2024-29988, a vulnerability that Microsoft hasn’t marked as exploited, but Peter Girnus, senior threat researcher with Trend Micro.....»»
Microsoft patches two actively exploited zero-days (CVE-2024-29988, CVE-2024-26234)
On this April 2024 Patch Tuesday, Microsoft has fixed a record 147 CVE-numbered vulnerabilities, including CVE-2024-29988, a vulnerability that Microsoft hasn’t marked as exploited, but Peter Girnus, senior threat researcher with Trend Micro.....»»
LG smart TVs may be taken over by remote attackers
Bitdefender researchers have uncovered four vulnerabilities in webOS, the operating system running on LG smart TVs, which may offer attackers unrestricted (root) access to the devices. “Although the vulnerable service is intended for LAN access.....»»
Thousands of LG TVs are vulnerable to takeover—here’s how to ensure yours isn’t one
LG patches four vulnerabilities that allow malicious hackers to commandeer TVs. Enlarge (credit: Getty Images) As many as 91,000 LG TVs face the risk of being commandeered unless they receive a just-released security upd.....»»
SINEC Security Guard identifies vulnerable production assets
Production facilities are increasingly the target of cyberattacks. Industrial companies are therefore required to identify and close potential vulnerabilities in their systems. To address the need to identify cybersecurity vulnerabilities on the shop.....»»
Critical takeover vulnerabilities in 92,000 D-Link devices under active exploitation
D-Link won't be patching vulnerable NAS devices because they're no longer supported. Enlarge (credit: Getty Images) Hackers are actively exploiting a pair of recently discovered vulnerabilities to remotely commandeer net.....»»
April 2024 Patch Tuesday forecast: New and old from Microsoft
This month, we have a new product preview from Microsoft, and some older products are being prepared for end-of-support. But before we go there, March 2024 Patch Tuesday was pretty mild, with 60 unique vulnerabilities addressed. We saw updates to Mic.....»»
Threat actors are raising the bar for cyber attacks
From sophisticated nation-state-sponsored intrusions to opportunistic malware campaigns, cyber attacks manifest in various forms, targeting vulnerabilities in networks, applications, and user behavior. The consequences of successful cyber attacks can.....»»
Rusty-patched bumblebee"s struggle for survival found in its genes
A team of researchers has uncovered alarming trends in the first range-wide genetic study of an endangered bee species. The study, led by Colorado State University and published in the Journal of Insect Science, will inform conservation and recovery.....»»
Ivanti vows to transform its security operating model, reveals new vulnerabilities
Ivanti has released patches for new DoS vulnerabilities affecting Ivanti Connect Secure (SSL VPN solution) and Ivanti Policy Secure (NAC solution), some of which could also lead to execution of arbitrary code or information disclosure. Also, three mo.....»»
Everything you need to know about The Matrix 5
The next chapter in The Matrix franchise has been confirmed, and we're sharing everything you need to know about The Matrix 5......»»
NVD: NIST is working on longer-term solutions
The recent conspicuous faltering of the National Vulnerability Database (NVD) is “based on a variety of factors, including an increase in software and, therefore, vulnerabilities, as well as a change in interagency support,” says the U.S......»»
Finding software flaws early in the development process provides ROI
Enterprises spend enormous effort fixing software vulnerabilities that make their way into their publicly-facing applications. The Consortium for Information and Software Quality estimates that the cost of poor software quality in the United States r.....»»
Zero-day exploitation surged in 2023, Google finds
2023 saw attackers increasingly focusing on the discovery and exploitation of zero-day vulnerabilities in third-party libraries (libvpx, ImagelO) and drivers (Mali GPU, Qualcomm Adreno GPU), as they can affect multiple products and effectively offer.....»»
Drozer: Open-source Android security assessment framework
Drozer is an open-source security testing framework for Android, whose primary purpose is to make the life of mobile application security testers easier. Drozer features The solution enables the identification of security vulnerabilities in applicati.....»»
BackBox platform update enhances CVE mitigation and risk scoring
After releasing Network Vulnerability Manager (NVM) in Q4 2023, BackBox has announced a major platform feature update that gives customers the ability to mark irrelevant or already-mitigated Common Vulnerabilities and Exposures (CVEs) as “mitig.....»»