October 4, 2024 at 08:05AM Apple has addressed two security bugs in iOS 18.0.1 and iPadOS 18.0.1. One bug may read users’ saved passwords aloud, posing a risk to the visually impaired. Another bug affects iPhone 16’s audio capture in iMessage, capturing audio before indicating recording. Apple urges users to apply the latest update for … Read more
October 3, 2024 at 11:49PM Numerous well-known brands’ web stores, including Ray-Ban and National Geographic, were targeted by criminals using the CosmicSting flaw in Adobe’s Commerce and Magento software. The vulnerability, CVE-2024-34102, allowed stolen shopper payment card information. At least seven cybercrime gangs exploited the flaw, despite Adobe’s patch. Multiple groups are fighting for control … Read more
September 17, 2024 at 11:33AM Google has patched a vulnerability in its Google Cloud Platform (GCP) that could have led to supply chain attacks on customer cloud servers. Researchers discovered the flaw, dubbed “CloudImposer,” in GCP’s Cloud Composer service, posing a dependency confusion risk. Google addressed the issue by fixing the vulnerable script and updating … Read more
September 5, 2024 at 05:35PM Apache has addressed a critical security vulnerability in its OFBiz software, allowing attackers to execute arbitrary code on Linux and Windows servers. The flaw, tracked as CVE-2024-45195, was discovered by Rapid7. This is a remote code execution issue caused by a forced browsing weakness. Users are urged to upgrade to … Read more
August 27, 2024 at 04:11PM Intel’s SGX security system vulnerability has been highlighted, allowing an attacker full access to secure enclaves due to a coding error. Although Intel claims physical access is required, and prior vulnerabilities need exploiting, the risk remains significant. The issue lies in SGX software, potentially compromising trusted enclaves. This poses a … Read more
August 23, 2024 at 03:00PM SolarWinds has released a patch for a second critical vulnerability in its Web Help Desk software, addressing hardcoded credentials that could allow remote attackers to modify data. The patch also addresses a previous Java deserialization issue. Customers are urged to update immediately to mitigate potential exploitation by threat actors. Based … Read more
August 5, 2024 at 03:25PM A critical RCE security vulnerability (CVE-2024-38856) in Apache OFBiz poses a high risk with a CVSS score of 9.8. Threat actors could exploit this bug to access critical endpoints, potentially leading to data theft and lateral network movement. Admins are advised to upgrade to version 18.12.15 or newer to mitigate … Read more
July 30, 2024 at 07:22AM Recent Microsoft news serves as a caution to not join VMware ESXi hypervisor to Active Directory due to a newly patched vulnerability, CVE-2024-37085. Exploiting this allows attackers to gain full control of an ESXi hypervisor, potentially causing data theft, network disruption, or ransomware deployment. Patches are available, and enhanced credential … Read more
July 10, 2024 at 03:29AM Columnist discovered a bug after reporting it in The Register, receiving an influx of emails requesting the bug’s details. Despite brushing off these requests, they engaged with genuine inquiries. After Microsoft initially dismissed the bug, they reopened their investigation. The bug’s impact on AI chatbots remains unclear, highlighting the lack … Read more
June 18, 2024 at 12:30PM The European Union’s proposal for mass scanning of private messages to detect child sexual abuse material (CSAM) is strongly opposed by Signal Foundation’s president, Meredith Whittaker. The proposal poses threats to end-to-end encryption (E2EE) and has sparked a debate about balancing privacy and combating serious crimes. Apple’s previous plan for … Read more