vulnerability

A security researcher demonstrated the hacking method. Pavel Zhovner, a security researcher, demonstrated a method for hacking some electronic safes manufactured by SentrySafe using the Flipper Zero device and exploiting a vulnerability in the controller's control protocol. A detailed video...

How did a well-known brand suddenly become a participant in a fraudulent scheme? Cybersecurity researchers from Perception Point recently discovered a vulnerability on the website of the manufacturer of coffee machines and capsules Nespresso, which is actively used by fraudsters to redirect...

Experts from Palo Alto are doing everything possible to protect users, but even this may not be enough. An exploit was recently discovered on the Internet for a critical vulnerability in the PAN-OS software used in Palo Alto Networks firewalls. Vulnerability CVE-2024-3400, which we wrote about...

Update the client version before it's too late. PuTTY warn about a critical vulnerability affecting versions from 0.68 to 0.80. The flaw may allow an attacker to fully recover NIST-P521 private keys. Vulnerability CVE-2024-31497 occurs due to failures in the generation of cryptographic ECDSA...

After so many patches: a flaw discovered 6 years ago still threatens our systems. About 6 years ago, vulnerabilities affecting most Intel and AMD processors were discovered. These defects, known as Spectre and Meltdown, can be used to steal sensitive data from compromised systems. In March...

Two exploits discovered in the public domain, which involve a previously unknown vulnerability in the n_gsm driver, which is part of the Linux kernel. The vulnerability allows an unprivileged local user to execute code at the kernel level and raise their privileges in the system. No CVE ID...

An error that threatens accidents during testing of hypersonic weapons has been found. A research team from China has reported a critical flaw in NASA's hypersonic aerodynamics simulation software. This is stated in an article published on March 14 in the authoritative Chinese scientific...

"CONTINUATION Flood" allows you to conduct powerful DoS attacks. A new vulnerability in the HTTP/2 protocol can be used to conduct denial-of-service (DoS) attacks. The discovery, dubbed the "HTTP/2 CONTINUATION Flood", belongs to cybersecurity researcher Bartek Novotarski, who reported the...

A vulnerability (CVE-2024-0582) has been identified in the asynchronous io_uring I/O interface provided by the Linux kernel, which allows an unprivileged user to gain root rights in the system. Normal local access to the system is sufficient to exploit the vulnerability, without the need for...

A vulnerability CVE-2024-28085) has been identified in the wall utility, which is supplied in the util-linux package and is intended for sending messages to terminals, which allows an attack on other users terminals by manipulating escape sequences. The problem is caused by the fact that the...

The aggregator of liquidity from decentralized exchanges ParaSwap began to return cryptocurrency to users after fixing a critical vulnerability in the recently launched Augustus v6 smart contract. According to the platform, 213 addresses have not yet revoked their permissions. On March 20...

A critical vulnerability (CVE-2024-29937) has been identified in the implementation of the NFS server used by BSD systems, which allows you to remotely execute your code with root rights on the server. The problem appears in all OpenBSD and FreeBSD releases, up to and including OpenBSD 7.4 and...

On March 21, the accounts of several crypto industry influencers in X were compromised to promote the PACKY scam token. Probably, the hacker got access through the automatic post publishing service IFTTT (If This then That). One of the victims was the adviser Andreessen Horowitz (a16z) Packy...

High competition forces you to exploit 5 errors at once to gain access to corporate networks. Mandiant report that Chinese hackers UNC5174 exploit vulnerabilities in popular products to distribute malware that can install additional backdoors on compromised Linux hosts. The UNC5174 attacks...

On March 18, attackers attacked the servers of a Russian domain registrar. The Russian domain registrar and hosting provider reg.ru, which serves 44% of domains in the .ru zone, was attacked by hackers. The attackers tried to break into one of the company's virtual hosting servers, the reg.ru...

The SmartScreen security bug served hackers well. Maybe you also managed to become a victim of it? In mid-January, security researchers noticed a new large-scale campaign to distribute malicious software DarkGate, exploiting a recently fixed vulnerability in the Microsoft Windows security...

The US National Vulnerability Database has stopped analyzing vulnerabilities in software and services. It is not maintained for more than a month, which affects the process of eliminating "holes". The same thing happens with the database of well-known information security vulnerabilities-CVE...

A bug in Pixel 8 allows you to take control of the device. The GrapheneOS project team, which is working on a secure version of the Android Open Source Project (AOSP), has discovered a problem in the Android 14 Bluetooth stack, leading to remote code execution. A Use-After-Free (UAF)...

To fix the breach, you need to install the latest firmware version. Moxa Company thanked Positive Technologies specialists for detecting a dangerous vulnerability in the NPort line of industrial wireless converters. Identified as CVE-2024-1220, this vulnerability received a high score of 8.2 on...

A botched fix allowed hackers to inject a backdoor into the device's codebase. Hackers are exploiting an SSRF (Server-Side Request Forgery) vulnerability in Ivanti Connect Secure (ICS), Policy Secure (IPS), and ZTA products to deploy a new DSLog backdoor on vulnerable devices. Bug...