Zyxel silently patches command injection vulnerability with 9.8 severity rating
Flaw makes it possible to install web shell to maintain control of affected devices. Enlarge (credit: Zyxel) Hardware manufacturer Zyxel quietly released an update fixing a critical vulnerability that gives hackers the ability.....»»
Nio secures $1.9 billion injection from parent, shareholders
A cash burn has triggered analysts’ concerns, and Nio, which has never been profitable, reported a 4.5 billion yuan second-quarter loss, though sales surged to 17.5 billion yuan......»»
Arc Browser had a ‘serious’ security vulnerability, here’s how they’re addressing it
Back in late August, The Browser Company – the company behind the popular Mac browser Arc, became aware of a serious security vulnerability in the browser, one that could allow for remote code execution on other users computer with no direct intera.....»»
Climate change accelerates vulnerability and loss of resilience of a key species for the Mediterranean ecosystem: Study
A study by the University of Barcelona has analyzed the ability of red gorgonians (Paramuricea clavata), a key species for the Mediterranean marine ecosystem, to resist and recover after marine heat waves......»»
Model predicts 2024 tick cases in Australian pets
For the first time, University of Queensland scientists have been able to make a prediction about the severity of upcoming tick seasons to help vet surgeries and pet owners prepare......»»
Car software patches are over 20% of recalls, study finds
How automotive recalls are handled has shifted over time. Enlarge (credit: Getty Images) Software fixes are now responsible for more than 1 in 5 automotive recalls. That's the key finding from a decade's worth of Nationa.....»»
Arc Browser had a ‘serious’ security vulnerability last month, now patched
Back in late August, The Browser Company – the company behind the popular Mac browser Arc, became aware of a serious security vulnerability in the browser, one that could allow for remote code execution on other users computer with no direct intera.....»»
Apache HugeGraph-Server flaw actively exploited, CISA warns
The vulnerability has been patched months ago, but now federal agencies have a deadline to patch......»»
Real-time Linux is officially part of the kernel after decades of debate
Now you can run your space laser or audio production without specialty patches. Enlarge / Cutting metal with lasers is hard, but even harder when you don't know the worst-case timings of your code. (credit: Getty Images).....»»
Patch this critical Safeguard for Privileged Passwords auth bypass flaw (CVE-2024-45488)
Researchers have released technical details about CVE-2024-45488, a critical authentication bypass vulnerability affecting One Identity’s Safeguard for Privileged Passwords (SPP), which could allow attackers to gain full administrative access t.....»»
Antioxidant carbon dot nanozymes alleviate depression in rats by restoring the gut microbiome
Depression is a significant challenge to diagnose and treat. Among the factors influencing depression onset and severity, there is growing evidence for chemical imbalances that generate oxidative stress throughout the body. To address this problem, r.....»»
Rapid7 launches Vector Command for continuous red teaming and security gap identification
Rapid7 has unveiled Vector Command, a fully-managed offensive security service. Vector Command combines the external attack surface assessment capabilities of Rapid7’s recently launched Command Platform with continuous Red Teaming services by its i.....»»
Are white patches on whale shark skin cause for concern?
Marine scientists have been taking samples from whale shark skin to try and determine the effect of pollutants on whale health......»»
Microsoft confirms second 0-day exploited by Void Banshee APT (CVE-2024-43461)
CVE-2024-43461, a spoofing vulnerability affecting Windows MSHTML – a software component used by various apps for rendering render web pages on Windows – “was exploited as a part of an attack chain relating to CVE-2024-38112, prior.....»»
EchoStrike: Generate undetectable reverse shells, perform process injection
EchoStrike is an open-source tool designed to generate undetectable reverse shells and execute process injection on Windows systems. “EchoStrike allows you to generate binaries that, when executed, create an undetectable RevShell, which can be.....»»
Week in review: Veeam Backup & Replication RCE could soon be exploited, Microsoft fixes 4 0-days
Here’s an overview of some of last week’s most interesting news, articles, interviews and videos: Veeam Backup & Replication RCE flaw may soon be leveraged by ransomware gangs (CVE-2024-40711) CVE-2024-40711, a critical vulnerability affecting Ve.....»»
Ivanti fixes critical vulnerabilities in Endpoint Management (CVE-2024-29847)
Ivanti has fixed a slew of vulnerabilities affecting its Endpoint Manager solution, including a maximum severity one (CVE-2024-29847) that may allow unauthenticated attackers to remotely execute code in the context of the vulnerable system, and use i.....»»
Tenable AI Aware provides exposure insight into AI applications, libraries and plugins
Tenable released AI Aware, advanced detection capabilities designed to surface artificial intelligence solutions, vulnerabilities and weaknesses available in Tenable Vulnerability Management. Tenable AI Aware provides exposure insight into AI applica.....»»
CISA confirms that SonicWall vulnerability is getting exploited (CVE-2024-40766)
The US Cybersecurity and Infrastructure Security Agency (CISA) has added CVE-2024-40766 – a recently fixed improper access control vulnerability affecting SonicWall’s firewalls – to its Known Exploited Vulnerabilities catalog, thus.....»»
Adaptiva enables users to instantly control patch rollouts
Adaptiva launched Flex Controls in OneSite Patch, which give users advanced management capabilities over their patch deployment processes, including the ability to immediately pause or cancel patch rollouts as well as rollback patches to previous ver.....»»
Zyxel fixes critical command injection flaw in EOL NAS devices (CVE-2024-6342)
Users of Zyxel network-attached storage (NAS) devices are urged to implement hotfixes addressing a critical and easily exploited command injection vulnerability (CVE-2024-6342). About CVE-2024-6342 Zyxel NAS devices are generally used by small to med.....»»