Vulnerabilities in Supermicro BMCs could allow for unkillable server rootkits
With the ability to manage huge fleets of servers, BMCs are ideal places to stash malware. Enlarge (credit: Getty Images) If your organization uses servers that are equipped with baseboard management controllers from Sup.....»»
Researchers propose inexpensive 2.2-kilometer telescope that could make exoplanet movies
Can a kilometer-scale telescope help conduct more efficient science, and specifically for the field of optical interferometry? This is what a study recently posted to the preprint server arXiv hopes to address......»»
Adversaries love bots, short-lived IP addresses, out-of-band domains
Fastly found 91% of cyberattacks – up from 69% in 2023 – targeted multiple customers using mass scanning techniques to uncover and exploit software vulnerabilities, revealing an alarming trend in attacks spreading across a broader target base. In.....»»
GitHub Enterprise Server has a critical security flaw, so patch now
A newly discovered security flaw allows hackers to elevate their privileges and thus take over vulnerable endpoints......»»
Critical GitHub Enterprise Server auth bypass flaw fixed (CVE-2024-6800)
A critical vulnerability (CVE-2024-6800) affecting all currently supported versions of GitHub Enterprise Server (GHES) may allow attackers to gain unrestricted access to the instance’s contents. The issue, reported via the GitHub Bug Bounty pro.....»»
Astronomers explore the nature of galaxy NGC 891 with JWST
Using the James Webb Space Telescope (JWST), an international team of astronomers has observed a nearby spiral galaxy known as NGC 891. Results of the observational campaign, published August 15 on the preprint server arXiv, provide more insights int.....»»
Astronomers explore the properties of quasar 1604+159
Chinese astronomers have conducted multi-frequency polarimetric observations of a quasar known as 1604+159. Results of the observational campaign, published August 13 on the pre-print server arXiv, shed more light on the properties of this quasar, in.....»»
Vulnerabilities in Microsoft macOS apps may give attackers access to microphone, camera
Vulnerabilities in popular Microsoft apps for macOS can be abused by attackers to record video and audio clips, take pictures, access and exfiltrate data and send emails, Cisco Talos researchers have discovered. Library injection vulnerabilities in M.....»»
Microsoft cracks down on Windows 11 upgrade requirements
The latest Insider Build of Windows 11 has patched the "/product server" workaround that let old CPU users easily bypass the system requirements check......»»
Observations investigate the connection of a supernova remnant with a nearby H II region
Chinese astronomers have performed multi-wavelength observations of a galactic supernova remnant known as HB9. Results of the observational campaign, published August 9 on the preprint server arXiv, shed more light on the remnant's properties and its.....»»
Security flaws in Microsoft Mac apps could let attackers spy on users
Cisco Talos recently uncovered security vulnerabilities in several Microsoft apps for macOS that can potentially let attackers spy on your camera and other system components.Security flaws found in Microsoft apps for MacTalos claims to have found eig.....»»
Common API security issues: From exposed secrets to unauthorized access
Despite their role in connecting applications and driving innovation, APIs often suffer from serious security vulnerabilities. Recent investigations reveal that many organizations are struggling with exposed secrets such as passwords and API keys, wh.....»»
Critical Start helps organizations reduce cyber risk from vulnerabilities
Critical Start announced Critical Start Vulnerability Management Service (VMS) and Vulnerability Prioritization. These new offerings are a foundational pillar of Managed Cyber Risk Reduction, allowing organizations to assess, manage, prioritize, and.....»»
Understanding Apple"s on-device and server foundation models
Apple announced new AI language models at WWDC. These models run both locally on Apple devices and on Apple's own Apple Silicon-powered AI servers.Siri icon in a datacenterArtificial Intelligence (AI) relies on language models which provide knowledge.....»»
Microsoft fixes 6 zero-days under active attack
August 2024 Patch Tuesday is here, and Microsoft has delivered fixes for 90 vulnerabilities, six of which have been exploited in the wild as zero-days, and four are publicly known. The zero-days under attack CVE-2024-38178 is a Scripting Engine Memor.....»»
Apple hasn’t yet fulfilled this macOS promise from four years ago
Shortly after the release of macOS Big Sur back in 2020, Apple faced widespread server outages. The outage affected macOS installations, iMessage, Apple Pay, and most notably: the notarization service. This meant that users had major issues opening a.....»»
Critical 1Password flaws may allow hackers to snatch your passwords (CVE-2024-42219, CVE-2024-42218)
Two vulnerabilities (CVE-2024-42219, CVE-2024-42218) affecting the macOS version of the popular 1Password password manager could allow malware to steal secrets stored in the software’s vaults and obtain the account unlock key, AgileBits has con.....»»
Malware-as-a-Service and Ransomware-as-a-Service lower barriers for cybercriminals
The sophistication of cyber threats has escalated dramatically, with malicious actors’ deploying advanced tactics, techniques, and procedures (TTPs) to exploit vulnerabilities and evade detection, according to Darktrace. Subscription-based tools su.....»»
This Windows Update exploit is downright terrifying
A new tool called Windows Downdate can trick your PC into thinking that it's fully patched, all the while exposing you to dangerous vulnerabilities......»»
5G network flaws could be abused to let hackers spy on your phone
Researchers have developed a tool to sniff out 5G vulnerabilities, and even gain access to a victim's device......»»
“Perfect” Windows downgrade attack turns fixed vulnerabilities into zero-days
A researcher has developed a downgrade attack that can make Windows machines covertly, persistently and irreversibly vulnerable, even if they were fully patched before that. A downgrade attack exploiting the Windows Update process The direction of Sa.....»»