vulnerabilities

Google and Samsung's new file sharing service may become a target for hackers. Google's Quick Share is a feature-rich utility for sharing data between Android, Windows, and Chrome OS devices. It uses a wide range of communication protocols, including Bluetooth, Wi-Fi, Wi-Fi Direct, WebRTC, and...

Four vulnerabilities can compromise your security. This week, Microsoft reported four moderate security vulnerabilities in the OpenVPN open source software. These vulnerabilities can be exploited by attackers to execute remote code (RCE) and elevate privileges on the local system (LPE). An...

Researchers from the University of Pennsylvania at the Black Hat conference, which takes place in Las Vegas, demonstrated a method for tracking mobile device owners using baseband gaps in 5G. Using the custom 5GBaseChecker tool, experts identified vulnerabilities in the baseband that are used...

Positive Technologies presented the top trending vulnerabilities. In July 2024, Positive Technologies identified three vulnerabilities as trending: in the document conversion product Ghostscript, in the hyperconverged Acronis Cyber Infrastructure platform, and in the engine for processing and...

Microsoft's July patch package closed a total of 142 vulnerabilities, including two breaches that are actively used in real cyber attacks, and two more with a ready-made exploit. Among the closed holes, there are five critical ones. If exploited, they can lead to remote code execution. The...

The study showed a 200-fold gap between real risks and traditional scanning. The new NetRise report analyzes the software composition, vulnerabilities, and non-CVE risks present in enterprise network equipment software-routers, switches, firewalls, VPN gateways, and wireless access points...

How machines search for vulnerabilities better than humans. Palo Alto Networks is actively developing security technologies using artificial intelligence. In 2023, the company's researchers created an automated tool for detecting BOLA (Broken Object-Level Authorization) vulnerabilities. This...

Hackers could gain access to confidential information. The study, codenamed "SAPwned", identified serious vulnerabilities in the SAP AI Core system that allowed attackers to gain access to customers cloud environments and their confidential data. Attack stages The main reason for the...

CISA and NIST are losing their grip, but the private sector is saving the day. In May 2024, recorded 103 vulnerabilities (CVE) that were publicly disclosed as exploitable for the first time. Compared to April, this number increased by 90.7%, which corresponds to an overall increase in the...

Upgrading is the best thing users can do to protect their systems. Two of the largest companies developing GPUs and other semiconductor components, Arm and Nvidia, urged their customers to install security patches as soon as possible to fix a series of dangerous vulnerabilities in GPU drivers...

Kaspersky Lab has identified numerous vulnerabilities in the biometric terminal of the international manufacturer ZKTeco. They can be used to bypass the access control system and physically enter protected areas, as well as to steal biometric data, make changes to databases, and install...

Attackers can use SQL injection to bypass authorization and steal data. Kaspersky Lab has discovered 24 vulnerabilities in biometric terminals of the international manufacturer ZKTeco. These breaches can be used by attackers to bypass access control systems, physically enter protected areas...

The content of the article Installing and running OWASP Juice Shop Installing Node.js Installing OWASP Juice Shop Setting up Burp Suite Search for a board with tasks Opening the admin panel Registering an Administrator Account Using SQL injection to login Selecting the administrator password...

Update to the latest version to avoid becoming another victim of cyber bandits. SolarWinds, an American company specializing in the development of software for managing IT infrastructure, announced the release of security updates aimed at eliminating several critical vulnerabilities in its...

A recent Forescout report has revealed the most insecure category of electronic devices. According to a recent report by Forescout titled "The Most risky Connected Devices of 2024", the number of vulnerable Internet of Things (IoT) devices increased by 136% compared to last year. The study...

Perhaps the United States will not need sanctions in order for the Middle Kingdom to abandon the popular standard. A research team from Northwestern Polytechnic University (NPU) led by Professor Hu Wei discovered a serious security flaw in the design of processors based on the open RISC-V...

Update your network storage as soon as possible – the exploits are already in the hands of hackers. Zyxel has released an emergency security update to address three critical vulnerabilities in older NAS models that have already expired. The vulnerabilities affect NAS326 models with firmware...

A security researcher has discovered a number of bugs that allow ATMs and a wide range of point-of-sale terminals to be hacked in a new way - by waving the phone over a contactless bank card reader. To mark the start of the Ethical Hacker course , we are sharing a translation of an article about...

Since 2016, researchers have submitted nearly 8,000 unique Bug Bounty reports. Recently, Netflix reported that since the launch of the Bug Bounty program in 2016, the streaming giant has already paid researchers more than a million dollars in rewards for discovered bugs and vulnerabilities in...

It seems that the company has decided to take a more responsible approach to security issues. No sooner did we publish yesterday's news that Watchtower Labs researchers accused the company in QNAP of being slow to respond to responsible vulnerability disclosure, but today it became known that...