November 6, 2023 at 01:00PM QNAP has released security updates to address two critical vulnerabilities in its operating system. The first vulnerability, tracked as CVE-2023-23368, is a command injection bug affecting QTS, QuTS hero, and QuTScloud. The second vulnerability, CVE-2023-23369, is a command injection flaw in QTS, Multimedia Console, and Media Streaming add-on. Users are … Read more
November 2, 2023 at 05:30AM The Forum of Incident Response and Security Teams (FIRST) has announced CVSS v4.0, the next generation of the Common Vulnerability Scoring System standard. This update aims to provide a more accurate assessment of vulnerabilities and introduces new metrics for assessment. It also emphasizes that CVSS should not be the sole … Read more
November 1, 2023 at 02:49PM Threat actors are targeting government, technical, and legal organizations globally by exploiting the ‘Citrix Bleed’ vulnerability (CVE-2023-4966) in Citrix NetScaler ADC and Gateway appliances. The attacks have been ongoing since August 2023 and involve credential theft and lateral movement. The attacks are difficult to detect due to limited forensic evidence. … Read more
November 1, 2023 at 10:09AM The cost to hack an iPhone ranges from $0 to $65,000 depending on security updates. Exploiting an individual’s iPhone can cost up to $8 million. Apple’s investment in hardening the iPhone has contributed to the higher cost compared to exploiting software like Adobe Acrobat. Big tech companies have spent significant … Read more
October 26, 2023 at 01:02PM Consumers worldwide are increasingly demanding secure devices that are supported for longer periods, according to a survey by Omdia. Companies like Google and Fairphone are driving this trend, but governments are also stepping in to ensure security and benefit consumer safety and the environment. Longer support periods and frequent security … Read more
October 25, 2023 at 09:19AM The Winter Vivern Russian hacking group has been targeting European government entities and think tanks since at least October 11. They have been exploiting a Roundcube Webmail zero-day vulnerability and using phishing emails to inject arbitrary JavaScript code. The group has also targeted Zimbra and previously exploited vulnerabilities in Roundcube … Read more
October 25, 2023 at 07:03AM VMware has released security updates to fix a critical flaw in the vCenter Server that could allow remote code execution. The vulnerability, tracked as CVE-2023-34048, is an out-of-bounds write issue in the DCE/RPC protocol. The company has urged users to apply the patches without delay as there are no workarounds … Read more