Vulnerability

Security hero image

LogoFAIL Attack Exploits UEFI Logos, Posing Risks to Enterprise and Consumer Devices

Security researchers have disclosed a new firmware vulnerability named LogoFAIL, which is capable of infiltrating a wide array of Windows and Linux machines. The attack allows threat actors to use malicious logo images to potentially compromise the security of devices from major vendors, including Intel, Acer, and Lenovo. Cybersecurity company Binarly has discovered a security...

Last Update: Dec 09, 2023

LATEST

microsoft security hero approved

Microsoft Announces New Secure Future Initiative to Counter Evolving Cyberthreats

Microsoft announced this morning its new Secure Future Initiative (SFI) to protect customers against the evolving threat landscape. The initiative comprises three pillars of advanced protection, focusing on: Microsoft Vice Chair and President Brad Smith highlighted that ransomware attacks have increased by over 200 percent. Since September 2022, threat actors have increasingly targeted small businesses,…

View Article
Security

WinRAR Patches Flaw That Lets Attackers Run Malicious Code When Opening RAR Files

Key takeaways: RARLAB has released a crucial update aimed at addressing a high-severity security loophole within its popular WinRAR compression and archiving tool. This flaw enables threat actors to execute arbitrary code upon the launch of a RAR file, thus raising significant concerns about user data safety and system integrity. The WinRAR vulnerability, tracked as…

View Article
Security hero image

CISA Issues Advisory on Critical File Transfer Flaw in Citrix ShareFile

Key Takeaways: US Cybersecurity and Infrastructure Security Agency (CISA) has warned about a critical vulnerability present in Citrix ShareFile. CISA has mandated that all federal agencies undertake necessary measures to apply patches for the security flaw by September 6, 2023. Citrix ShareFile is a cloud-based file sharing and storage platform that enables organizations to securely…

View Article
PowerShell

Researchers Disclose PowerShell Gallery Design Flaws Vulnerable to Supply Chain Attacks

Key Takeaways: Attention all IT Pros! Security researchers have unveiled three design flaws within the PowerShell Gallery, an online platform for distributing PowerShell code modules. These vulnerabilities have the potential to let malicious hackers upload harmful packages onto the repository, introducing risks such as typosquatting and supply chain attacks. Specifically, researchers at Aqua Nautilus first…

View Article
warning-cyber-attack

Hackers Exploit Critical Citrix Flaw to Compromise 2,000 NetScaler Instances

Security researchers have disclosed a new campaign that exploited a critical Citrix NetScaler vulnerability to infect thousands of devices. They found that hackers have abused the security flaw to target around 2,000 NetScaler instances in Europe. Last month, Citrix disclosed a zero-day vulnerability, tracked as CVE-2023-3519, which impacts NetScaler Citrix Application Delivery Controller (ADC) and…

View Article
Security

CISA Warns About New Ivanti EPMM Vulnerabilities

The Cybersecurity and Infrastructure Security Agency (CISA) has warned about two vulnerabilities in Ivanti’s Endpoint Manager Mobile (EPMM). The security flaws allowed threat actors to compromise 12 Norwegian government agencies. Ivanti’s Endpoint Manager Mobile is a solution that lets IT admins secure and manage mobile devices in enterprise environments. They can enforce policies, deploy applications,…

View Article
Security – 4

Microsoft Patches Critical ‘nOAuth’ Flaw in Azure AD Apps

Last Update: Jul 17, 2023

Microsoft has patched a new security vulnerability that was discovered in some applications leveraging Azure Active Directory (recently renamed Microsoft Entra ID). The authentication bypass flaw could allow threat actors to completely take over the victim’s account. The security vulnerability, dubbed nOAuth, was first discovered by the security researchers at Descope. It lets threat actors…

View Article
Security

ASUS Routers Get New Firmware Updates to Patch Critical Vulnerabilities

ASUS has rolled out a new set of firmware updates to address critical vulnerabilities in its several router models. The company published a security advisory yesterday recommending customers to apply the security patches or restrict WAS access. Specifically, the latest firmware updates aim to fix two critical vulnerabilities with a 9.8 severity rating out of…

View Article
Security

Microsoft Discloses New ‘Migraine’ Flaw That Bypasses Built-In Protections on macOS

Last Update: Jun 02, 2023

Microsoft has discovered a new macOS vulnerability dubbed Migraine. The company detailed in its security advisory that the flaw allows attackers to bypass System Integrity Protection (SIP) and perform malicious operations on macOS machines. Apple first launched System Integrity Protection (SIP) in macOS Yosemite back in 2014. The feature is designed to prevent threat actors…

View Article
Go to page