Zyxel silently patches command injection vulnerability with 9.8 severity rating
Flaw makes it possible to install web shell to maintain control of affected devices. Enlarge (credit: Zyxel) Hardware manufacturer Zyxel quietly released an update fixing a critical vulnerability that gives hackers the ability.....»»
Third-party risk management is under the spotlight
In the aftermath of the CrowdStrike IT outage, new research has uncovered a critical vulnerability within financial institutions regarding supply chain resilience. The outage has demonstrated the need for greater digital supply chain resilience, part.....»»
Unpatchable 0-day in surveillance cam is being exploited to install Mirai
Vulnerability is easy to exploit and allows attackers to remotely execute commands. Enlarge (credit: Getty Images) Malicious hackers are exploiting a critical vulnerability in a widely used security camera to spread Mira.....»»
Dragos Platform updates streamline OT threat and vulnerability workflows
Dragos announced the latest release of the Dragos Platform, an OT network visibility and cybersecurity platform. The updates provide industrial and critical infrastructure organizations with even deeper and enriched visibility into all assets in thei.....»»
Critical Fortra FileCatalyst Workflow vulnerability patched (CVE-2024-6633)
Organizations using Fortra’s FileCatalyst Workflow are urged to upgrade their instances, so that attackers can’t access an internal HSQL database by exploiting known static credentials (CVE-2024-6633). “Once logged in to the HSQLDB,.....»»
APT group exploits WPS Office for Windows RCE vulnerability (CVE-2024-7262)
ESET researchers discovered a remote code execution vulnerability in WPS Office for Windows (CVE-2024-7262). APT-C-60, a South Korea-aligned cyberespionage group, was exploiting it to target East Asian countries. When examining the root cause, ESET d.....»»
There’s a scary new way to undo Windows security patches
A security researcher has released a new tool that can unpatch your Windows computer and expose it to old vulnerabilities......»»
Versa Director zero-day exploited to compromise ISPs, MSPs (CVE-2024-39717)
Advanced, persistent attackers have exploited a zero-day vulnerability (CVE-2024-39717) in Versa Director to compromise US-based managed service providers with a custom-made web shell dubbed VersaMem by the researchers. The malware harvests credentia.....»»
Hackers infect ISPs with malware that steals customers’ credentials
Zero-day that was exploited since June to infect ISPs finally gets fixed. Enlarge (credit: Getty Images) Malicious hackers likely working on behalf of the Chinese government have been exploiting a high-severity zero-day.....»»
SonicWall patches critical firewall security flaw
The bug allowed for unauthorized resource access, SonicWall said......»»
SonicWall patches critical flaw affecting its firewalls (CVE-2024-40766)
SonicWall has patched a critical vulnerability (CVE-2024-40766) in its next-gen firewalls that could allow remote attackers unauthorized access to resources and, in specific conditions, to crash the appliances. About CVE-2024-40766 CVE-2024-40766 is.....»»
Nuclei: Open-source vulnerability scanner
Nuclei is a fast and customizable open-source vulnerability scanner powered by YAML-based templates. With its flexible templating system, Nuclei can be adapted to perform various security checks. It can send requests to multiple targets using customi.....»»
Another critical SolarWinds Web Help Desk bug fixed (CVE-2024-28987)
A week after SolarWinds released a fix for a critical code-injection-to-RCE vulnerability (CVE-2024-28986) in Web Help Desk (WHD), another patch for another critical flaw (CVE-2024-28987) in the company’s IT help desk solution has been pushed o.....»»
Vulnerability prioritization is only the beginning
To date, most technology solutions focused on vulnerability management have focused on the prioritization of risks. That usually took the shape of some risk-ranking structure displayed in a table with links out to the CVEs and other advisory or threa.....»»
Sennheiser Accentum headphones, already a bargain, are $48 off today
The Sennheiser Accentum wireless headphones, which we gave a rating of 9 out of 10 stars, is on sale for an extremely affordable price of $132 from Walmart......»»
Slack patches potential AI security issue
A new report suggested that Slack's AI implementation was getting access to personal data......»»
Nintendo’s new M-rated murder mystery already has me hooked
Emio — The Smiling Man may not be as mature as its rating implies, but we're already enthralled by Nintendo's surprising serial killer mystery......»»
Critical GitHub Enterprise Server auth bypass flaw fixed (CVE-2024-6800)
A critical vulnerability (CVE-2024-6800) affecting all currently supported versions of GitHub Enterprise Server (GHES) may allow attackers to gain unrestricted access to the instance’s contents. The issue, reported via the GitHub Bug Bounty pro.....»»
New Chrome zero-day actively exploited, patch quickly! (CVE-2024-7971)
A new Chrome zero-day vulnerability (CVE-2024-7971) exploited by attackers in the wild has been fixed by Google. About CVE-2024-7971 CVE-2024-7971 is a high-severity vulnerability caused by a type confusion weakness in V8, the open-source JavaScript.....»»
We gave the Legion 9i a 10 out of 10 — it’s $900 off today
The Lenovo Legion 9i gaming laptop, which we've given a 10 out of 10 rating, is available from Lenovo with a $903 discount that drops its price to only $3,357......»»
The Jackbox Naughty Pack isn’t as scandalous as its M-rating suggests
The Jackbox Naughty Pack may be M-rated, but it's not quite as explicit as you might be expecting......»»