vulnerability

The maximum CVSS score indicates an increased risk for enterprise systems. Warns Docker about a critical vulnerability in some versions of the Docker Engine that allows attackers to bypass authorization plugins (AuthZ). The vulnerability, tracked as CVE-2024-41110, has a maximum rating of...

How European laws opened CrowdStrike's doors to the heart of the system. Microsoft found itself in the spotlight after an incident with the CrowdStrike software. The CrowdStrike update caused major disruptions to the Windows operating system and a wave of blue screens of death for users around...

A group of researchers from several American universities and Cloudflare and Microsoft companies has developed a new attack technique on the RADIUS protocol used by telecom operators, cloud services, and VPN providers for user authentication, authorization, and accounting. The attack, which was...

Fedor Indutny, author of the platform Io.js (Node fork.js), a member of the technical committee that manages Node development.js, tried to draw attention to the problem with assigning CVE identifiers to incorrect vulnerability reports that do not correspond to reality or do not adequately...

Four Russians (one from the Krasnoyarsk Territory, the rest from the Omsk Region) found a way to exploit the vulnerability they discovered in a taxi ordering application. According to the Ministry of Internal Affairs Media portal, the scheme has been in operation since November 2022. “The...

ZeroClick - Zero click attacks allow you to access a device without any action on the part of the user, i.e. no keystrokes or mouse clicks, which can trap even the most tech-savvy people.

The latest Patch Tuesday addresses 51 vulnerabilities in Microsoft branded products. Microsoft released a monthly security update as part of its June Patch Tuesday, fixing 51 vulnerabilities at once. One of them was classified as "Critical" (CVSS above 9 points), and the remaining 50 were...

A vulnerability has been identified in PHP (CVE-2024-4577), which allows you to run your code on the server or view the source code of a PHP script if you use PHP in CGI mode on the Windows platform (configurations with mod_php, php-fpm and FastCGI are not affected). The issue is fixed in PHP...

Administrators need to update immediately, as exploits only increase the risk of losing control of the server and data. SecureLayer7 specialists provided a detailed analysis of the vulnerability in the popular Apache HugeGraph graph database, which allows Remote Code Execution( RCE)...

Kaspersky Lab identified serious vulnerabilities in the iPhone, but did not receive anything from Apple under the Apple Security Bounty program. The reward could be up to $1 million. Payments were denied Apple refused to pay Kaspersky Lab a reward for vulnerabilities discovered in 2023 in iOS...

Positive Technologies application analysis specialist Maxim Kozhevnikov discovered a dangerous 0-day vulnerability in the security system for Solidcore ATMs, which is part of the McAfee Application Control (MAC) product. The bug allows an attacker to execute arbitrary code and escalate...

How NIST plans to return to the previous pace of work with errors. The National Institute of Standards and Technology (NIST) has announced a new contract with an external contractor that will help the federal government handle software and hardware vulnerabilities from the NVD database. In...

The open source Fluent Bit project has identified vulnerability (CVE-2024-4323) that allows you to remotely cause memory corruption, which can be used to cause denial of service, data leakage, and potentially execute your code on the server. The problem, which is codenamed "Linguistic...

Experts warn about the possibility of bypassing encryption to track users. In March, the WhatsApp security team reported a serious threat to messenger users. Despite strong encryption, users are still vulnerable to government surveillance. An internal document obtained by The Intercept claims...

Online Database Monitoring Company Webz.io I found out that the darknet sells an exploit of a new zero-day vulnerability for iOS and macOS devices. It is based on the vulnerability CVE-2022-32893, which the company fixed the other day. However, the researchers claim that the exploit is intended...

Solar 4RAYS has revealed details of the Obstruct Mogwai attack on a telecom company. In 2023, the Solar 4RAYS team investigated an attack on a Russian telecommunications company organized by the Asian APT group Obstinate Mogwai. Hackers have repeatedly exploited the deserialization...

The detected error may remain uncorrected for many years. Belgian University KU Leuven has identified a vulnerability in the IEEE 802.11 Wi-Fi standard, which allows an attacker to trick victims into connecting to a fake Wi-Fi network and intercept traffic. According to the Top10VPN service...

This is the third zero gap in a week. How many more errors will be detected? Google released updates to address nine vulnerabilities in the Chrome browser, including a new zero-day vulnerability that is actively used by attackers. The vulnerability was identified as CVE-2024-4947 and is related...

Security specialist Karsten Nohl, founder of Security Research Labs, made a statement about the vulnerability of the data transfer protocol used by pos payment terminals to transfer bank card data. Employees of Security Research Labs in front of a surprised RT correspondent hacked the PIN code...

Vulnerability CVE-2024-4671 has been fixed in the latest version. Google has urgently released another security update for its Chrome browser. The reason was the discovery of a critical vulnerability with active exploitation in real attacks. The vulnerability was identified as CVE-2024-4671...