vulnerabilities

Why does the institute no longer provide answers to the most important questions? The US National Institute of Standards and Technology (NIST) is trying to improve its National Vulnerability Database (NVD). However, the current changes are of concern to many organizations that use this database...

Modern attack vectors exploit the excessive openness of the digital infrastructure. In a recent report titled "API Security Status in 2024" from Imperva, it was revealed that the majority of Internet traffic (about 70%) is accounted for by API calls. So, in 2023, the average corporate website...

Positive Technologies: Hackers could have taken control of ABB's management systems. Positive Technologies identified two vulnerabilities in the ABB Freelance AC 900F and AC 700F controllers, which received the same CVSS v3.1 score of 8.6. These devices are used in metallurgy, chemical industry...

Fortinet, Microsoft, and Ivanti products are the focus of our analysis over the past month. In February, Positive Technologies identified eight more vulnerabilities as trending. These are vulnerabilities that have already been used in cyber attacks and those that are expected to be exploited in...

Regulators are confident that there will be no problems if you approach the development a little more seriously. The Biden administration continues to put pressure on the IT industry to change its approach to software development. Regulators are concerned that over time, the problem of...

Eclypsium experts have smashed the vaunted Pulse Secure security to smithereens. A recent study of Ivanti's Pulse Secure device firmware sheds light on deep security issues in software supply chains. Eclypsium specialists have discovered numerous vulnerabilities that demonstrate the complexity...

The next security update from Microsoft is already ready for download. Microsoft's latest Patch Tuesday update, released in February 2024, addresses 73 vulnerabilities in the company's software, including two zero-day vulnerabilities that are actively exploited by attackers, and one truly...

The PoC for CVE-2024-21893 worsened the situation, with about 22,500 devices affected. The massive exploitation of a vulnerability in the Ivanti Connect Secure and Policy Secure servers, identified as CVE-2024-21893, is causing alarm among cybersecurity experts. This major flaw affects software...

Denial of service, outdated software-there is something to pay attention to. The Tor published a report on the results of the second inspection carried out by Radically Open Security from April to August 2023. As part of the review, the code for ensuring the operation of exit nodes, the Tor...

Problems in DALL-E 3 have raised fears of Shane Jones abusing the technology. The network is actively discussing the scandalous statement of a Microsoft manager about flaws in the DALL-E 3 security system from OpenAI. According to Shane Jones, the technology allows you to create violent and...

IOActive analysts have discovered three vulnerabilities in Lamassu Douro cryptocurrency ATMs. These issues allow an attacker with physical access to the device to gain full control of the ATM and steal user funds. The vulnerabilities have been identified as CVE-2024-0175, CVE-2024-0176 and...

Corrective updates to the platform for organizing collaborative development have been published - GitLab 16.7.2, 16.6.4 and 16.5.6, which eliminate two critical vulnerabilities. The first vulnerability (CVE-2023-7028), which is assigned the maximum severity level (10 out of 10), allows you to...

Aqua Security reveals weaknesses in popular Apache products. Cybersecurity researchers have discovered a new type of attack that exploits flaws in the configuration of Apache's Hadoop and Flink software for deploying cryptocurrency miners to target systems. "This attack is particularly...

Tuesday fixes in January prepared for users a reliable protection against hacking systems. Microsoft has released patches for 49 vulnerabilities, including 12 remote code execution vulnerabilities, as part of its monthly Patch Tuesday update cycle in January 2024. Of all the updates, only 2...

The agency called on government agencies to urgently update the software to avoid devastating cyber attacks. The U.S. Cybersecurity and Infrastructure Protection Agency (CISA) has updated its Known Exploited Vulnerability (KEV) catalog to include 6 vulnerabilities affecting Apple, Adobe...

Improving security in Android will lead to drastic changes in the codebase. Google is strengthening the protection of the Android operating system, focusing on cellular security and vulnerability prevention. For this purpose, Clang code analysis tools are used, in particular, Integer Overflow...

Users of the current Apple system are not afraid of hacker attacks — keep updating. On December 11, Apple released the iOS 17.2 and iPadOS 17.2 update, which, in addition to many new features, also includes important security fixes that make the Apple-branded system even more secure and...

The problem was discovered back in October. What did you learn during this time? Qualcomm, a world-renowned chip manufacturer, has released additional information about three highly critical vulnerabilities in its products. The bugs, which became known back in October 2023, affect the Adreno...

Hackers have already targeted critical infrastructure, will they have time to implement their insidious plan? Security experts from Forescout Vedere Labs discovered a set of 21 vulnerabilities in OT / IoT routers of the Canadian company Sierra Wireless, which can lead to remote code execution...

The developers gave recommendations for mitigating the consequences, so you should not delay them. Developers of the ownCloud open source software used for syncing data and working together with files, warned on November 21 about three critical vulnerabilities that can be used to disclose...