April 22, 2024 at 12:33AM SafeBreach researchers at Black Hat Asia revealed flaws in Microsoft and Kaspersky security products, allowing remote file deletion even after patching. By implanting malware signatures into legitimate files, attackers could trigger the deletion. Though patches were issued, researchers bypassed them and reported further vulnerabilities, emphasizing the complexity of fixing remote … Read more
April 17, 2024 at 07:19AM Oracle released 441 new security patches in April 2024, with over 200 addressing flaws exploitable by remote, unauthenticated attackers. Oracle Communications received the most patches (93), followed by Fusion Middleware (51) and Financial Services Applications (49). Additionally, separate fixes were released for vulnerabilities affecting multiple applications. Customers are advised to … Read more
April 10, 2024 at 01:21AM In April 2024, Microsoft released security updates addressing 149 flaws, including two actively exploited vulnerabilities. The flaws range in severity, with three critical, 142 important, three moderate, and one low. Two actively exploited flaws allow attackers to bypass security features. Additionally, other security updates were released by different vendors during … Read more
April 9, 2024 at 02:09PM Multiple bugs in LG’s WebOS on smart TVs permit attackers to gain root access and control the device. Bitdefender Labs identified four vulnerabilities, affecting WebOS versions 4-7, with CVSS ratings of up to 9.1. These flaws enable account creation and command execution, a PIN/prompt bypass, and manipulation of the music-lyrics … Read more
April 4, 2024 at 12:57AM Ivanti has released security updates to fix four flaws affecting Connect Secure and Policy Secure Gateways. These flaws could lead to code execution and denial-of-service attacks. The vulnerabilities include heap overflow, null pointer dereference, and XML entity expansion issues. Ivanti has been addressing security flaws and is working on improving … Read more
March 22, 2024 at 01:10PM Vulnerabilities in Saflok keycard locks, affecting 3 million hotel locks globally, allow intruders to access locked rooms. Exploit requires access to a valid keycard, enabling attackers to create and rewrite data on the lock. Manufacturer is working on a fix, but upgrades are slow. Guests can verify updates with MIFARE … Read more
March 21, 2024 at 02:19PM Researchers discovered a series of vulnerabilities, called “Unsaflok,” in Saflok electronic RFID locks deployed in 13,000 properties worldwide, impacting 3 million doors. The flaws allow attackers to unlock any door using forged keycards, posing a serious security risk. Dormakaba is working on mitigations, but the process is complex and time-consuming. … Read more
March 21, 2024 at 12:48AM Ivanti has disclosed a critical remote code execution flaw, CVE-2023-41724, in Standalone Sentry with a CVSS score of 9.6. All supported versions are affected, and patches are available for download. The company credited security experts and mentioned that no customers are known to be affected. Other security flaws in Ivanti … Read more
March 15, 2024 at 08:15AM Third-party plugins for OpenAI ChatGPT pose a security risk, allowing attackers to gain unauthorized access to sensitive data. Vulnerabilities in ChatGPT and its ecosystem enable the installation of malicious plugins without consent, potentially leading to hijacked accounts on third-party websites. Additionally, a side-channel attack method has been discovered, which can … Read more
March 14, 2024 at 04:35PM CVE-2024-48788, a recent Fortinet flaw, is expected to be a prime target, particularly for nation-state sponsored actors, due to its similarity to other vulnerabilities. Based on the meeting notes, the key takeaway is that CVE-2024-48788, similar to other recent Fortinet vulnerabilities, is expected to be a highly desirable target, particularly … Read more