July 18, 2024 at 07:45AM Cisco announced software updates for around a dozen vulnerabilities, which included critical-severity bugs in Secure Email Gateway and Smart Software Manager On-Prem. The flaws could allow an attacker to execute arbitrary code, initiate denial-of-service conditions, or access the web UI with compromised user privileges. Cisco also addressed high-severity vulnerabilities in … Read more
April 26, 2024 at 01:46AM Many Chinese keyboard apps, including those from major handset manufacturers, have been found to be leaking keystrokes, leaving potentially three quarters of a billion people at risk. These apps use input method editor (IME) software, such as the Pinyin scheme, which uploads keystrokes to the cloud for processing. Vulnerabilities have … Read more
April 9, 2024 at 04:58PM Researchers at Bitdefender have identified four vulnerabilities in LG webOS, affecting various smart TV models and exposing around 91,000 devices. These bugs include command injection, privilege escalation, and bypass vulnerabilities, tracked as CVE-2023-6317, CVE-2023-6318, CVE-2023-6319, and CVE-2023-6320. LG released security updates after being alerted in November 2023. Users should check … Read more
February 20, 2024 at 06:27AM ConnectWise released software updates to fix critical security flaws in its ScreenConnect remote desktop and access software. The vulnerabilities could enable remote code execution and impact confidential data or critical systems. Users of affected versions are urged to update to version 23.9.8 to mitigate the risk of exploitation. Key Takeaways … Read more
February 6, 2024 at 07:36AM Google announced patches for 46 Android vulnerabilities, including a critical bug (CVE-2024-0031) in the System component, enabling remote code execution. The 2024-02-01 security patch level fixed this flaw and 14 other high-severity defects. A subsequent update on 2024-02-05 addressed 31 high-severity issues in various components. Google also patched seven Pixel … Read more
January 11, 2024 at 04:01AM Cisco has issued software updates to address a critical security flaw (CVE-2024-20272 – CVSS score: 7.3) in Unity Connection, allowing arbitrary file upload and execution of commands. Users are advised to update to patched versions to mitigate potential threats. Additionally, 11 medium-severity vulnerabilities have been resolved across Cisco software. Cisco … Read more
November 17, 2023 at 05:08PM VicOne and Block Harbor have unveiled an integrated workflow-based system for the automotive industry that provides cybersecurity intelligence. The system improves the efficiency of software updates in vehicles and manages growing cybersecurity threats. It allows automakers to quickly assess risks and take appropriate actions. The solution also enables testing of … Read more
November 6, 2023 at 01:00PM QNAP has released security updates to address two critical vulnerabilities in its operating system. The first vulnerability, tracked as CVE-2023-23368, is a command injection bug affecting QTS, QuTS hero, and QuTScloud. The second vulnerability, CVE-2023-23369, is a command injection flaw in QTS, Multimedia Console, and Media Streaming add-on. Users are … Read more
October 24, 2023 at 05:10PM Cybersecurity Awareness Month celebrates its 20th anniversary by promoting the importance of cybersecurity education. The initiative, which began in the US and has now become a global movement, encourages proactive measures and knowledge-sharing to address human risk, which accounts for over 80% of cybersecurity incidents. Microsoft recommends focusing on enabling … Read more
October 13, 2023 at 09:19AM Juniper Networks has released patches for over 30 vulnerabilities in Junos OS and Junos OS Evolved. The most critical flaw is an incorrect default permissions bug that allows unauthorized access and the creation of a backdoor with root privileges. Other vulnerabilities include denial of service (DoS) risks and impacts on … Read more