June 20, 2024 at 10:58AM Cybersecurity researchers have disclosed a now-patched security flaw in Phoenix SecureCore UEFI firmware affecting multiple Intel Core processor families. Tracked as CVE-2024-0762 with a CVSS score of 7.5, the “UEFIcanhazbufferoverflow” vulnerability allowed a local attacker to execute malicious code within the firmware, impacting devices using Phoenix SecureCore firmware on select … Read more
June 17, 2024 at 11:00AM ASUS has released software updates to address critical security flaws in its routers, including an authentication bypass vulnerability (CVE-2024-3080) with a high CVSS score of 9.8 and a buffer overflow flaw (CVE-2024-3079). These vulnerabilities could allow remote attackers to execute arbitrary commands on specific router models. Users are advised to … Read more
April 30, 2024 at 10:47AM Summary: The vulnerability report concerns Delta Electronics’ CNCSoft-G2 software, where a stack-based buffer overflow could lead to arbitrary code execution. Versions 2.0.0.5 and prior are affected. The report includes mitigation measures, a risk evaluation, affected products, technical details, and background information. CVE-2024-4192 has been assigned to this vulnerability. From the … Read more
February 6, 2024 at 09:00AM Canon announced software updates to patch seven critical vulnerabilities impacting small office printer models. These buffer overflow bugs can be exploited for remote code execution or to cause unresponsiveness. The flaws, with a CVSS score of 9.8, affect various printer components and specific models globally. Customers are advised to install … Read more
November 6, 2023 at 06:02PM Researchers are warning about an exploit for the “Looney Tunables” vulnerability that is being used by the Kinsing cybercrime group to gain root privileges on Linux systems. This represents a change in tactics for the group, as they typically focus on automated attacks for cryptojacking. The exploit allows the attackers … Read more