vulnerabilities

Who are they – the real enemies of modern companies? Conclusions of the new report "Navigating the Paths of Risk: The State of Exposure Management in 2024" by XM Cyber shows that cybersecurity specialists spend too much effort on fixing critical vulnerabilities, ignoring other, even more...

Update your machines as soon as possible so that no hacker gets elevated privileges. Four serious vulnerabilities have been identified in the VMware Workstation and Fusion products, which can be used by attackers to gain access to confidential information, create conditions for conducting DoS...

3 months without updates is a great opportunity for cybercriminals. The world's largest vulnerability database, NVD, managed by the US National Institute of Standards and Technology (NIST), recently experienced a major outage that resulted in a significant increase in the number of unpublished...

Update as soon as possible to protect vulnerable servers. The developers of Cacti, an open source network monitoring and management system, have fixed 12 vulnerabilities, including two critical ones that lead to arbitrary code execution. Here are the most serious of the patched...

Enthusiasts have created a multifunctional platform for pentesting based on the Raspberry Pi. Ethical hacking, or pentesting, is a fascinating field that requires deep knowledge and skills. Enthusiasts and professionals in the field of cybersecurity have acquired an interesting novelty-a...

Which ones are already being used in attacks, and which ones will fully manifest themselves a little later? Positive Technologies identified five critical vulnerabilities, the most dangerous for corporate infrastructure, as of April this year. Some of them are already actively exploited by...

Table of contents What is a zero-day vulnerability? Where do zero-day vulnerabilities come from? Preventive protection Preventive protection Responding to the exploitation of a zero-day vulnerability Results The "wild nature" of the information security world is saturated with a variety of...

Japanese experts have identified 3 flaws that affect the security of WordPress. JPCERT experts warn about a number of critical vulnerabilities in the Forminator plugin for WordPress, developed by WPMU DEV. The popular plugin is used on more than 500,000 sites and provides the ability to create...

Incorrect DOS paths in the file name nomenclature in Windows can be used to hide malicious content, files, and processes. A researcher from SafeBreach, Or Yair, identified a problem related to the process of converting a DOS path to NT format in Windows. Attackers gain rootkit capabilities to...

A study conducted at the University of Illinois (UIUC) showed that GPT-4 in combination with automation tools is able to exploit vulnerabilities of one day (disclosed, but without a patch) by reading their descriptions. The success rate can reach 87%. In a comment for The Register, one of the...

In the coming years, AI will become the most experienced cybercriminal on Earth. Scientists from the University of Illinois at Urbana-Champaign recently published a study in which they proved that the GPT-4 artificial intelligence model from OpenAI is able to independently exploit...

Increased security leads to higher prices for exploits. In recent years, the cost of hacking tools for smartphones, popular browsers and instant messengers has increased significantly. Currently, exploits are estimated at millions of dollars, which is due to the increasing complexity of hacking...

Update your system now to avoid cyber attacks. Positive Technologies specialists have discovered a number of dangerous vulnerabilities in the Nagios XI system designed for monitoring IT infrastructure. The software is used in data centers, telecommunications companies, hosting providers, and...

NIST explained the reason for the lack of vulnerability analysis in NVD. The National Institute of Standards and Technology (NIST) attributed delays in vulnerability analysis to an increase in the volume of software and changes in support for interagency programs. The National Vulnerability...

The rapid appearance of publicly available exploits increases the likelihood of attacks. The Cybersecurity and Infrastructure Security Agency (CISA) has expressed concern about the active exploitation of a vulnerability in the Microsoft SharePoint system that allows attackers to carry out...

Google researchers have proposed a working strategy to reduce the level of malicious exploitation. A recent report from Google's cyber experts found that the number of zero-day exploits of vulnerabilities increased by 50% in 2023, reaching 97 cases compared to 62 in the previous year. Zero-day...

A vulnerability (CVE-2024-1086) has been identified in Netfilter, a subsystem of the Linux kernel used to filter and modify network packets, which allows a local user to execute code at the kernel level and raise their privileges in the system. The problem is caused by double-free memory in the...

The erroneous equating of criticality of threats caused dissatisfaction of researchers. Last month, two DNSSEC vulnerabilities were made public with similar descriptions and the same severity rating. Many administrators might have thought that this was the same problem, but in fact these are...

Testing programs for vulnerabilities will become legal. The State Duma Committee on State Construction recommended that the Duma adopt in the first reading a bill legalizing the activities of "white" hackers in Russia, RIA News reports. The authors of the legislative initiative were...

Published information about a vulnerability in Saflok electronic locks that can be unlocked with a card with an RFID tag. Vulnerable lock models are most widely used in hotels and are used in approximately 13,000 hotels worldwide that use the System 6000, Ambiance, or Community platforms to...