vulnerabilities

Which ones are already being used in attacks, and which ones will fully manifest themselves a little later? Positive Technologies identified five critical vulnerabilities, the most dangerous for corporate infrastructure, as of April this year. Some of them are already actively exploited by...

Table of contents What is a zero-day vulnerability? Where do zero-day vulnerabilities come from? Preventive protection Preventive protection Responding to the exploitation of a zero-day vulnerability Results The "wild nature" of the information security world is saturated with a variety of...

Japanese experts have identified 3 flaws that affect the security of WordPress. JPCERT experts warn about a number of critical vulnerabilities in the Forminator plugin for WordPress, developed by WPMU DEV. The popular plugin is used on more than 500,000 sites and provides the ability to create...

Incorrect DOS paths in the file name nomenclature in Windows can be used to hide malicious content, files, and processes. A researcher from SafeBreach, Or Yair, identified a problem related to the process of converting a DOS path to NT format in Windows. Attackers gain rootkit capabilities to...

A study conducted at the University of Illinois (UIUC) showed that GPT-4 in combination with automation tools is able to exploit vulnerabilities of one day (disclosed, but without a patch) by reading their descriptions. The success rate can reach 87%. In a comment for The Register, one of the...

In the coming years, AI will become the most experienced cybercriminal on Earth. Scientists from the University of Illinois at Urbana-Champaign recently published a study in which they proved that the GPT-4 artificial intelligence model from OpenAI is able to independently exploit...

Increased security leads to higher prices for exploits. In recent years, the cost of hacking tools for smartphones, popular browsers and instant messengers has increased significantly. Currently, exploits are estimated at millions of dollars, which is due to the increasing complexity of hacking...

Update your system now to avoid cyber attacks. Positive Technologies specialists have discovered a number of dangerous vulnerabilities in the Nagios XI system designed for monitoring IT infrastructure. The software is used in data centers, telecommunications companies, hosting providers, and...

NIST explained the reason for the lack of vulnerability analysis in NVD. The National Institute of Standards and Technology (NIST) attributed delays in vulnerability analysis to an increase in the volume of software and changes in support for interagency programs. The National Vulnerability...

The rapid appearance of publicly available exploits increases the likelihood of attacks. The Cybersecurity and Infrastructure Security Agency (CISA) has expressed concern about the active exploitation of a vulnerability in the Microsoft SharePoint system that allows attackers to carry out...

Google researchers have proposed a working strategy to reduce the level of malicious exploitation. A recent report from Google's cyber experts found that the number of zero-day exploits of vulnerabilities increased by 50% in 2023, reaching 97 cases compared to 62 in the previous year. Zero-day...

A vulnerability (CVE-2024-1086) has been identified in Netfilter, a subsystem of the Linux kernel used to filter and modify network packets, which allows a local user to execute code at the kernel level and raise their privileges in the system. The problem is caused by double-free memory in the...

The erroneous equating of criticality of threats caused dissatisfaction of researchers. Last month, two DNSSEC vulnerabilities were made public with similar descriptions and the same severity rating. Many administrators might have thought that this was the same problem, but in fact these are...

Testing programs for vulnerabilities will become legal. The State Duma Committee on State Construction recommended that the Duma adopt in the first reading a bill legalizing the activities of "white" hackers in Russia, RIA News reports. The authors of the legislative initiative were...

Published information about a vulnerability in Saflok electronic locks that can be unlocked with a card with an RFID tag. Vulnerable lock models are most widely used in hotels and are used in approximately 13,000 hotels worldwide that use the System 6000, Ambiance, or Community platforms to...

Why does the institute no longer provide answers to the most important questions? The US National Institute of Standards and Technology (NIST) is trying to improve its National Vulnerability Database (NVD). However, the current changes are of concern to many organizations that use this database...

Modern attack vectors exploit the excessive openness of the digital infrastructure. In a recent report titled "API Security Status in 2024" from Imperva, it was revealed that the majority of Internet traffic (about 70%) is accounted for by API calls. So, in 2023, the average corporate website...

Positive Technologies: Hackers could have taken control of ABB's management systems. Positive Technologies identified two vulnerabilities in the ABB Freelance AC 900F and AC 700F controllers, which received the same CVSS v3.1 score of 8.6. These devices are used in metallurgy, chemical industry...

Fortinet, Microsoft, and Ivanti products are the focus of our analysis over the past month. In February, Positive Technologies identified eight more vulnerabilities as trending. These are vulnerabilities that have already been used in cyber attacks and those that are expected to be exploited in...

Regulators are confident that there will be no problems if you approach the development a little more seriously. The Biden administration continues to put pressure on the IT industry to change its approach to software development. Regulators are concerned that over time, the problem of...