NachoVPN Tool Exploits Flaws in Popular VPN Clients for System Compromise Cybersecurity researchers have disclosed a set of flaws impacting Palo Alto Networks and SonicWall virtual private network (VPN) clients that could be potentially exploited to gain remote code execution on Windows and macOS systems. “By targeting the implicit trust Read more…
Microsoft Launches Windows Resiliency Initiative to Boost Security and System Integrity Microsoft has announced a new Windows Resiliency Initiative as a way to improve security and reliability, as well as ensure that system integrity is not compromised. The idea, the tech giant said, is to avoid incidents like that of Read more…
Google Warns of Actively Exploited CVE-2024-43093 Vulnerability in Android System Nov 05, 2024Ravie LakshmananMobile Security / Vulnerability Google has warned that a security flaw impacting its Android operating system has come under active exploitation in the wild. The vulnerability, tracked as CVE-2024-43093, has been described as a privilege escalation flaw Read more…
Critical Linux CUPS Printing System Flaws Could Allow Remote Command Execution Sep 27, 2024Ravie LakshmananLinux / Vulnerability A new set of security vulnerabilities has been disclosed in the OpenPrinting Common Unix Printing System (CUPS) on Linux systems that could permit remote command execution under certain conditions. “A remote unauthenticated attacker Read more…
ZKTeco Biometric System Found Vulnerable to 24 Critical Security Flaws An analysis of a hybrid biometric access system from Chinese manufacturer ZKTeco has uncovered two dozen security flaws that could be used by attackers to defeat authentication, steal biometric data, and even deploy malicious backdoors. “By adding random user data Read more…
Xiaomi Android Devices Hit by Multiple Flaws Across Apps and System Components Multiple security vulnerabilities have been disclosed in various applications and system components within Xiaomi devices running Android. “The vulnerabilities in Xiaomi led to access to arbitrary activities, receivers and services with system privileges, theft of arbitrary files with system privileges, Read more…
NIST Warns of Security and Privacy Risks from Rapid AI System Deployment Jan 08, 2024NewsroomArtificial Intelligence / Cyber Security The U.S. National Institute of Standards and Technology (NIST) is calling attention to the privacy and security challenges that arise as a result of increased deployment of artificial intelligence (AI) systems Read more…
Critical Zero-Day in Apache OfBiz ERP System Exposes Businesses to Attack Dec 27, 2023NewsroomZero-Day / Vulnerability A new zero-day security flaw has been discovered in the Apache OfBiz, an open-source Enterprise Resource Planning (ERP) system that could be exploited to bypass authentication protections. The vulnerability, tracked as CVE-2023-51467, resides in Read more…
Okta Discloses Broader Impact Linked to October 2023 Support System Breach Nov 29, 2023NewsroomCyber Attack / Data Breach Identity services provider Okta has disclosed that it detected “additional threat actor activity” in connection with the October 2023 breach of its support case management system. “The threat actor downloaded the names Read more…
U.S., U.K., and Global Partners Release Secure AI System Development Guidelines Nov 27, 2023NewsroomArtificial Intelligence / Privacy The U.K. and U.S., along with international partners from 16 other countries, have released new guidelines for the development of secure artificial intelligence (AI) systems. “The approach prioritizes ownership of security outcomes for Read more…