Tech

Microsoft discovers critical SolarWinds zero-day under active attack

Enlarge (credit: Getty Images ) SolarWinds, the company} at the center of a supply chain attack that compromised nine US agencies and 100 private companies, is scrambling to contain a new security threat: a critical zero-day vulnerability in its Serv-U product line. Ms discovered the exploits and privately reported them to SolarWinds, the latter company […]

Tech

Microsoft’s emergency patch fails to fix critical “PrintNightmare” vulnerability

Enlarge (credit: Getty Images) An emergency patch Microsoft issued on Tuesday fails to fully fix a critical security vulnerability in all supported versions of Windows that allows attackers to take control of infected systems and run code of their choice, researchers said. The threat, colloquially known as PrintNightmare, stems from bugs in the Windows print […]

Tech

Hackers exploited 0-day, not 2018 bug, to mass-wipe My Book Live devices

Enlarge (credit: Getty Images) Last week’s mass-wiping of Western Digital My Book Live storage devices involved the exploitation of not just one vulnerability, but a second critical security bug that allowed hackers to remotely perform a factory reset without a password, an investigation shows. The vulnerability is remarkable not only because it made it trivial […]

Tech

Covert channel in Apple’s M1 is mostly harmless, but it sure is interesting

Enlarge (credit: Apple) Apple’s new M1 CPU has a flaw that creates a covert channel that two or more malicious apps—already installed—can use to transmit information to each other, a developer has found. The surreptitious communication can occur without using computer memory, sockets, files, or any other operating system feature, developer Hector Martin said. The […]

Tech

No, it doesn’t just crash Safari. Apple has yet to fix exploitable flaw

Enlarge (credit: Getty Images) Apple has yet to patch a security bug found in iPhones and Macs despite the availability of a fix released almost three weeks ago, a researcher said. The vulnerability resides in WebKit, the browser engine that powers Safari and all browsers that run on iOS. When the vulnerability was fixed almost […]

Tech

Vulnerability in VMware product has severity rating of 9.8 out of 10

Enlarge (credit: Michael Theis / Flickr) Data centers around the world have a new concern to contend with—a remote code vulnerability in a widely used VMware product. The security flaw, which VMware disclosed and patched on Tuesday, resides in the vCenter Server, a tool used for managing virtualization in large data centers. vCenter Server is […]

Tech

Hackers have been exploiting 4 critical Android vulnerabilities

Enlarge (credit: Getty Images) Unknown hackers have been exploiting four Android vulnerabilities that allow the execution of malicious code that can take complete control of devices, Google warned on Wednesday. All four of the vulnerabilities were disclosed two weeks ago in Google’s Android Security Bulletin for May. Google has released security updates to device manufacturers, […]

Tech

Fix for critical Qualcomm chip flaw is making its way to Android devices

Enlarge (credit: Getty Images) Makers of high-end Android devices are responding to the discovery of a Qualcomm chip flaw that researchers say could be exploited to partially backdoor about a third of the world’s smartphones. The vulnerability, discovered by researchers from security firm Check Point Research, resides in Qualcomm’s Mobile Station Modem, a system of […]

Tech

Apple reports 2 iOS 0-days that let hackers compromise fully patched devices

Enlarge / The 2020 iPhone lineup. From left to right: iPhone 12 Pro Max, iPhone 12 Pro, iPhone 12, iPhone SE, and iPhone 12 mini. (credit: Samuel Axon) A week after Apple issued its biggest iOS and iPadOS update since last September’s release of version 14.0, the company has released a new update to patch […]

Tech

More US agencies potentially hacked, this time with Pulse Secure exploits

Enlarge (credit: Getty Images) At least five US federal agencies may have experienced cyberattacks that targeted recently discovered security flaws that give hackers free rein over vulnerable networks, the US Cybersecurity and Infrastructure Security Agency said on Friday. The vulnerabilities in Pulse Connect Secure, a VPN that employees use to remotely connect to large networks, […]