Zyxel silently patches command injection vulnerability with 9.8 severity rating
Flaw makes it possible to install web shell to maintain control of affected devices. Enlarge (credit: Zyxel) Hardware manufacturer Zyxel quietly released an update fixing a critical vulnerability that gives hackers the ability.....»»
Tech stack uniformity has become a systemic vulnerability
Crashes due to faulty updates are nothing new; in fact, one reason IT teams often delay updates is their unreliability and tendency to disrupt the organization’s day-to-day operations. Zero-days are also an old phenomenon. In the past, due to a lac.....»»
Veeam Backup & Replication RCE flaw may soon be leveraged by ransomware gangs (CVE-2024-40711)
CVE-2024-40711, a critical vulnerability affecting Veeam Backup & Replication (VBR), could soon be exploited by attackers to steal enterprise data. Discovered and reported by Code WHite researcher Florian Hauser, the vulnerability can be leveraged fo.....»»
Week in review: Vulnerability allows Yubico security keys cloning, Patch Tuesday forecast
Here’s an overview of some of last week’s most interesting news, articles, interviews and videos: Vulnerability allows Yubico security keys to be cloned Researchers have unearthed a cryptographic vulnerability in popular Yubico (FIDO) hardware se.....»»
Apache OFBiz team patches critical RCE vulnerability (CVE-2024-45195)
For the fourth time in the last five months, Apache OFBiz users have been advised to upgrade their installations to fix a critical flaw (CVE-2024-45195) that could lead to unauthenticated remote code execution. About CVE-2024-45195 Apache OFBiz is an.....»»
Hijacking the command center of the cell: Nuclear parasites in deep-sea mussels
Most animals live in intimate relationships with bacteria. Some of these bacteria live inside the cells of their hosts, but only very few are able to live inside cell organelles (structures inside the cell, like organs in the body). One group of bact.....»»
AMD’s new CPU could silently replace the Ryzen 7 7800X3D
The latest addition to AMD's Zen 4 lineup is a Micro Center exclusive. Here's how it performs in benchmarks......»»
This new Lenovo laptop opens and contorts itself with a voice command
Lenovo has unveiled an experimental laptop that can twist fully around and is activated by just your voice......»»
Binarly Transparency Platform 2.5 identifies critical vulnerabilities before they can be exploited
Binarly announced Binarly Transparency Platform 2.5 with several features designed to enhance software vulnerability management and improve security posture across enterprise environments. The key highlight of this release is the innovative Reachabil.....»»
Ukrainian drones now spray 2,500° C thermite streams right into Russian trenches
Mechanical dragons now deliver fire on command. Enlarge Wars of necessity spawn weapons innovation as each side tries to counter the other's tactics and punch through defenses. For instance—as the Russian invasion of.....»»
Zyxel warns of vulnerabilities in a wide range of its products
Most serious vulnerabilities carry severity ratings of 9.8 and 8.1 out of a possible 10. Enlarge (credit: Getty Images) Networking hardware-maker Zyxel is warning of nearly a dozen vulnerabilities in a wide array of its.....»»
trackd AutoPilot leverages historical patch disruption data
trackd has released a powerful rules engine that uses its patch disruption data to enable auto-patching with confidence, and based on actual data. “There’s only one reason that vulnerability management exists as a discipline in cyber secu.....»»
Business routers vulnerable to OS command injection attack
Zyxel fixes a 9.8-severity vulnerability in multiple endpoints......»»
Vulnerability allows Yubico security keys to be cloned
Researchers have unearthed a cryptographic vulnerability in popular Yubico (FIDO) hardware security keys and modules that may allow attackers to clone the devices. But the news is not as catastrophic as it may seem at first glance. “The attacke.....»»
Critical flaw in Zyxel’s secure routers allows OS command execution via cookie (CVE-2024-7261)
Zyxel has patched a myriad of vulnerabilities in its various networking devices, including a critical one (CVE-2024-7261) that may allow unauthenticated attackers to execute OS commands on many Zyxel access points (APs) and security routers by sendin.....»»
A Rare Coincidence of La Niña Events Will Weaken Hurricane Season
The oceans have produced a rare coincidence of the Pacific and Atlantic Niñas, which will lessen the severity of the hurricane season—though 2024 still remains a highly active year......»»
City of Columbus sues man after he discloses severity of ransomware attack
Mayor said data was unusable to criminals; researcher proved otherwise. Enlarge (credit: Getty Images) A judge in Ohio has issued a temporary restraining order against a security researcher who presented evidence that a.....»»
Study reveals key strategies to combat urban heat vulnerability
A QUT study analyzing five decades of research and thousands of studies has identified five critical areas needed to tackle urban heat vulnerability (UHV), a growing issue impacting millions in increasingly heat-prone cities......»»
Eli Lilly raises price of Zepbound while trumpeting discount on starter vials
Cost for insured patients without coverage for the drug rises from $550 to $650 a month. Enlarge / An Eli Lilly & Co. Zepbound injection pen arranged in the Brooklyn borough of New York, US, on Thursday, March 28, 2024. (credit:.....»»
Space Command chief says dialogue with China is too often a one-way street
"We all should operate with due regard and in a professional manner." Enlarge / Gen. Stephen Whiting, commander of US Space Command, speaks earlier this year at Peterson Space Force Base, Colorado. (credit: USSPACECOM photo by Jo.....»»
RISCPoint RADAR provides real-time vulnerability detection across multiple attack surfaces
RISCPoint Advisory Group launched RADAR, an all-in-one cybersecurity platform. Combining continuous threat discovery with expert-led Penetration Testing as a Service (PTaaS), RADAR represents a significant leap forward in proactive security and risk.....»»