Categories: News Tags: Exploit Tags: vulnerability Tags: Tik-Tok Tags: Microsoft Tags: JavaScript We take a look at a TikTok exploit discovered by Microsoft and passed on to the social media giant to have fixed. (Read more...) The post TikTok vulnerability could have allowed hijackers to take over accounts appeared first on Malwarebytes Labs.

...more

Google patches “in-the-wild” Chrome zero-day – update now!

Published: 2022-07-05 15:55:14

Popularity: 162

Author: Paul Ducklin

Keywords:

Running Chrome? Do the "Help-About-Update" dance move right now, just to be sure...

...more

Big bad decryption bug in OpenSSL – but no cause for alarm

Published: 2021-08-27 01:03:21

Popularity: 44

Author: Paul Ducklin

Keywords:

The buggy code's in there, alright. Fortunately, it's hard to get OpenSSL to use it even if you want to, which mitigates the risk.

...more

Critical Intel Flaws Fixed in Active Management Technology

Published: 2020-06-10 18:37:53

Popularity: 138

Author: Lindsey O'Donnell

Keywords:

intel security update

Security

vulnerability

Two critical flaws in Intel AMT, which could enable privilege escalation, were patched along with 20 other bugs in its June security update.

...more

Your “smart” household appliance might have a short lifespan

Published: 2020-06-08 19:34:45

Popularity: 26

Author: Graham Cluley

Keywords:

IoT

Are you itching for an internet fridge? Hankering for a smart washing machine? Thirsting for an IoT-enabled thermostat? Well, think twice before you make a potentially costly mistake when deciding what appliance you will be next be purchasing for your home. Read more in my article on the Bitdefender BOX blog.

...more

Billions of Devices Open to Wi-Fi Eavesdropping Attacks

Published: 2020-02-27 04:07:18

Popularity: 990

Author: Tara Seals

Keywords:

IoT

The Kr00k bug arises from an all-zero encryption key in Wi-Fi chips that reveals communications from devices from Amazon, Apple, Google, Samsung and others.

...more

Webex flaw allowed anyone to join private online meetings – no password required

Published: 2020-01-26 13:13:09

Popularity: 93

Author: Graham Cluley

Keywords:

Cisco, the makers of Webex, had warned users of the online conferencing service that a vulnerability allowed unauthorised remote users to listen in on private online meetings – without having to enter a password.

...more

Shitrix: Hackers target unpatched Citrix systems over weekend

Published: 2020-01-13 12:14:18

Popularity: 137

Author: Graham Cluley

Keywords:

Over the last few days hackers have made multiple attempts to exploit a critical vulnerability found in Citrix technology, used by tens of thousands of businesses worldwide. Take action to protect your systems now before the exploit hits you in the face.

...more

Security researcher arrested after data on every adult in Bulgaria hacked from government site

Published: 2019-07-18 07:58:06

Popularity: 105

Author: Graham Cluley

Keywords:

Police in Bulgaria have arrested a 20-year-old man after a hack against the Bulgarian tax authority, known as the National Revenue Agency (NRA), which saw data on every single adult living in Bulgaria stolen, and offered to the media.

...more

FDA Warns of Potentially Fatal Flaws in Medtronic Insulin Pumps

Published: 2019-06-28 15:14:43

Popularity: 259

Author: Lindsey O'Donnell

Keywords:

IoT

Vulnerabilities

FDA

Medical device security

Medtronic

MiniMed 508 insulin pump

MiniMed insulin pumps

MiniMed Paradigm series insulin pumps

vulnerability

The FDA sent out an urgent advisory warning of serious flaws in Medtronic's insulin pumps, which are used by thousands across the U.S.

...more

Intel NUC Firmware Open to Privilege Escalation, DoS and Information Disclosure

Published: 2019-06-12 13:25:43

Popularity: 168

Author: Lindsey O'Donnell

Keywords:

Next Unit of Computing

NUC

vulnerability

Intel has patched seven high-severity vulnerabilities in its mini PC NUC kit firmware.

...more

MacOS Zero-Day Allows Trusted Apps to Run Malicious Code

Published: 2019-06-03 12:28:42

Popularity: 1233

Author: Tom Spring

Keywords:

synthetic mouse clicks

vulnerability

zero-day

Apple 0-Day allows hackers to mimic mouse-clicks to allow malicious behavior on macOS Mojave, despite mitigations.

...more

Linux Kernel Flaw Allows Remote Code-Execution

Published: 2019-05-14 15:21:17

Popularity: 362

Author: Tara Seals

Keywords:

remote code execution

use-after-free

vulnerability

The bug is remotely exploitable without authentication or user interaction.

...more

Google Titan Security Key Recalled After Bluetooth Pairing Bug

Published: 2019-05-15 20:01:32

Popularity: 331

Author: Lindsey O'Donnell

Keywords:

Google is offering free replacements for its Titan Security Key after discovering a misconfiguration in its pairing protocols.

...more

Ad blocker firms rush to fix security bug

Published: 2019-04-17 10:59:56

Popularity: 741

Author: Danny Bradbury

Keywords:

If you’re using an ad blocker to filter out online commercials, then beware: You might be vulnerable to a new attack revealed on Monday that enables hackers to compromise your browser.

...more

Unpatched Windows Bug Allows Attackers to Spoof Security Dialog Boxes

Published: 2019-03-12 15:09:12

Popularity: 92

Author: Tara Seals

Keywords:

Vulnerabilities

Microsoft

Proof of Concept

remote code execution backdoor

Microsoft won't be patching the bug, but a proof of concept shows the potential for successful malware implantation.

...more

Windows Servers in danger of being compromised via WDS bug

Published: 2019-03-07 13:49:00

Popularity: 129

Author: Zeljka Zorz

Keywords:

Don't miss

🤖: "windows crashed"

Checkpoint has released more details about CVE-2018-8476, a critical remote code execution vulnerability affecting all Windows Servers since 2008 SP2. The bug was responsibly disclosed to Microsoft last year and was fixed last November, but there are likely still servers out there that haven’t been upgraded and are open to attack. About the vulnerability CVE-2018-8476 exists in the way that Windows Deployment Services (WDS) TFTP Server handles objects in memory. WDS is a popular Windows … More → The post Windows Servers in danger of being compromised via WDS bug appeared first on Help Net Security.

...more