Flaws in Chinese keyboard apps leave 750 million users open to snooping, researchers claim

April 26, 2024 at 01:46AM Many Chinese keyboard apps, including those from major handset manufacturers, have been found to be leaking keystrokes, leaving potentially three quarters of a billion people at risk. These apps use input method editor (IME) software, such as the Pinyin scheme, which uploads keystrokes to the cloud for processing. Vulnerabilities have … Read more

LG Smart TVs at Risk of Attacks, Thanks to 4 OS Vulnerabilities

April 9, 2024 at 04:58PM Researchers at Bitdefender have identified four vulnerabilities in LG webOS, affecting various smart TV models and exposing around 91,000 devices. These bugs include command injection, privilege escalation, and bypass vulnerabilities, tracked as CVE-2023-6317, CVE-2023-6318, CVE-2023-6319, and CVE-2023-6320. LG released security updates after being alerted in November 2023. Users should check … Read more

Critical Flaws Found in ConnectWise ScreenConnect Software – Patch Now

February 20, 2024 at 06:27AM ConnectWise released software updates to fix critical security flaws in its ScreenConnect remote desktop and access software. The vulnerabilities could enable remote code execution and impact confidential data or critical systems. Users of affected versions are urged to update to version 23.9.8 to mitigate the risk of exploitation. Key Takeaways … Read more

Critical Remote Code Execution Vulnerability Patched in Android

February 6, 2024 at 07:36AM Google announced patches for 46 Android vulnerabilities, including a critical bug (CVE-2024-0031) in the System component, enabling remote code execution. The 2024-02-01 security patch level fixed this flaw and 14 other high-severity defects. A subsequent update on 2024-02-05 addressed 31 high-severity issues in various components. Google also patched seven Pixel … Read more

Cisco Fixes High-Risk Vulnerability Impacting Unity Connection Software

January 11, 2024 at 04:01AM Cisco has issued software updates to address a critical security flaw (CVE-2024-20272 – CVSS score: 7.3) in Unity Connection, allowing arbitrary file upload and execution of commands. Users are advised to update to patched versions to mitigate potential threats. Additionally, 11 medium-severity vulnerabilities have been resolved across Cisco software. Cisco … Read more

VicOne and Block Harbor Deliver Integrated Workflow-Based Cybersecurity System

November 17, 2023 at 05:08PM VicOne and Block Harbor have unveiled an integrated workflow-based system for the automotive industry that provides cybersecurity intelligence. The system improves the efficiency of software updates in vehicles and manages growing cybersecurity threats. It allows automakers to quickly assess risks and take appropriate actions. The solution also enables testing of … Read more

QNAP Releases Patch for 2 Critical Flaws Threatening Your NAS Devices

November 6, 2023 at 01:00PM QNAP has released security updates to address two critical vulnerabilities in its operating system. The first vulnerability, tracked as CVE-2023-23368, is a command injection bug affecting QTS, QuTS hero, and QuTScloud. The second vulnerability, CVE-2023-23369, is a command injection flaw in QTS, Multimedia Console, and Media Streaming add-on. Users are … Read more

This Cybersecurity Awareness Month, Don’t Lose Sight of Human Risk

October 24, 2023 at 05:10PM Cybersecurity Awareness Month celebrates its 20th anniversary by promoting the importance of cybersecurity education. The initiative, which began in the US and has now become a global movement, encourages proactive measures and knowledge-sharing to address human risk, which accounts for over 80% of cybersecurity incidents. Microsoft recommends focusing on enabling … Read more

Juniper Networks Patches Over 30 Vulnerabilities in Junos OS

October 13, 2023 at 09:19AM Juniper Networks has released patches for over 30 vulnerabilities in Junos OS and Junos OS Evolved. The most critical flaw is an incorrect default permissions bug that allows unauthorized access and the creation of a backdoor with root privileges. Other vulnerabilities include denial of service (DoS) risks and impacts on … Read more