Security researchers have disclosed a new firmware vulnerability named LogoFAIL, which is capable of infiltrating a wide array of Windows and Linux machines. The attack allows threat actors to use malicious logo images to potentially compromise the security of devices from major vendors, including Intel, Acer, and Lenovo. Cybersecurity company Binarly has discovered a security...
Last Update: Dec 09, 2023
Microsoft announced this morning its new Secure Future Initiative (SFI) to protect customers against the evolving threat landscape. The initiative comprises three pillars of advanced protection, focusing on: Microsoft Vice Chair and President Brad Smith highlighted that ransomware attacks have increased by over 200 percent. Since September 2022, threat actors have increasingly targeted small businesses,…
Key takeaways: RARLAB has released a crucial update aimed at addressing a high-severity security loophole within its popular WinRAR compression and archiving tool. This flaw enables threat actors to execute arbitrary code upon the launch of a RAR file, thus raising significant concerns about user data safety and system integrity. The WinRAR vulnerability, tracked as…
Key Takeaways: US Cybersecurity and Infrastructure Security Agency (CISA) has warned about a critical vulnerability present in Citrix ShareFile. CISA has mandated that all federal agencies undertake necessary measures to apply patches for the security flaw by September 6, 2023. Citrix ShareFile is a cloud-based file sharing and storage platform that enables organizations to securely…
Key Takeaways: Attention all IT Pros! Security researchers have unveiled three design flaws within the PowerShell Gallery, an online platform for distributing PowerShell code modules. These vulnerabilities have the potential to let malicious hackers upload harmful packages onto the repository, introducing risks such as typosquatting and supply chain attacks. Specifically, researchers at Aqua Nautilus first…
Security researchers have disclosed a new campaign that exploited a critical Citrix NetScaler vulnerability to infect thousands of devices. They found that hackers have abused the security flaw to target around 2,000 NetScaler instances in Europe. Last month, Citrix disclosed a zero-day vulnerability, tracked as CVE-2023-3519, which impacts NetScaler Citrix Application Delivery Controller (ADC) and…
The Cybersecurity and Infrastructure Security Agency (CISA) has warned about two vulnerabilities in Ivanti’s Endpoint Manager Mobile (EPMM). The security flaws allowed threat actors to compromise 12 Norwegian government agencies. Ivanti’s Endpoint Manager Mobile is a solution that lets IT admins secure and manage mobile devices in enterprise environments. They can enforce policies, deploy applications,…
Last Update: Jul 17, 2023
Microsoft has patched a new security vulnerability that was discovered in some applications leveraging Azure Active Directory (recently renamed Microsoft Entra ID). The authentication bypass flaw could allow threat actors to completely take over the victim’s account. The security vulnerability, dubbed nOAuth, was first discovered by the security researchers at Descope. It lets threat actors…
ASUS has rolled out a new set of firmware updates to address critical vulnerabilities in its several router models. The company published a security advisory yesterday recommending customers to apply the security patches or restrict WAS access. Specifically, the latest firmware updates aim to fix two critical vulnerabilities with a 9.8 severity rating out of…
Last Update: Jun 02, 2023
Microsoft has discovered a new macOS vulnerability dubbed Migraine. The company detailed in its security advisory that the flaw allows attackers to bypass System Integrity Protection (SIP) and perform malicious operations on macOS machines. Apple first launched System Integrity Protection (SIP) in macOS Yosemite back in 2014. The feature is designed to prevent threat actors…