Cisco Talos discovered eight vulnerabilities in Microsoft 365 apps on macOS. These vulnerabilities allow hackers to bypass macOS permissions and perform actions like sending emails or recording audio.
Vulnerabilities RSS
GitHub users will now be able to privately report vulnerabilities to code maintainers. The feature was in public beta since last year but has been graduated to general availability.
Open-Source code is quite popular as it reduces the software development cycle. However, rampant use of the same is increasing security concerns. Companies must have some policy to deal with risks.
Microsoft released two small updates for the Chromium-based Edge browser over the weekend. The latest update addresses a bug that prevented PDF files from being printed using the browser.
A newly discovered zero-day vulnerability in modern Windows versions allows bad actors to launch a Windows Search window and connect to infected directories using a single Word file.
The infamous Hafnium group which successfully targeted on-premises Microsoft Exchange servers is now going after Windows using Tarrask malware which evades detection by cleaning its activities.
Azure Defender for IoT had five security vulnerabilities that SentinelOne‘s SentinelLabs had discovered and proactively reported to Microsoft. Some of the flaws are rated "Critical" for severity.
Mozilla has released Firefox v97.0.2. It's an out-of-band security update to patch two "Critical" security flaws that are being exploited in the wild. These 0-Days rely on the 'Use-after-free' bug.
_medium.jpg)
IBM researchers discovered three vulnerabilities in Cisco's Webex that allowed attackers to join meetings without being detected, even after being expelled. The bugs have now been fixed.
Apple has kicked off a new security research program that will provide specialized devices to bug hunters to make it easier for them to identify issues in iOS. Devices will be limited initially.
Mozilla has released Firefox 74.0.1 which includes patches for two zero-day vulnerabilities that are actively being exploited in the wild. The vulnerabilities allow hackers to run code on systems.
Researchers discovered security flaws in the immensely popular social media application that would have allowed hackers to access users' personal data and manipulate the content on their accounts.
A fair few bits of news surfaced this past week, including the cancellation of Minecraft's Super Duper Graphics Pack, the arrival of this month's Patch Tuesday, and more. catch up below.
The hard times for Intel may not be over yet, as sources say that the promised silicon-level fix for the Spectre and Meltdown vulnerabilities may not protect from the variant discovered this week.
Intel has been taking the brunt of the consumer backlash over the Spectre and Meltdown vulnerabilities found in its CPUs, but AMD is also starting to take some heat in the form of legal action.
A recent report by The Wall Street Journal states that according to sources, Intel did not warn the U.S. Government of the Meltdown and Spectre vulnerabilities, but did inform Chinese tech giants.
A new lawsuit filed in the United States claims malfeasance on the smartphone maker's part by not informing its users of the existence of these processor vulnerabilities at an earlier date.
AMD has maintained that its processors are immune to Meltdown and that its chip architecture made it likely that Spectre posed zero risk. However, it is still issuing updates to mitigate risk.
Intel has been battered by the revelation of vulnerabilities in its chips. For his part, CEO Brian Krzanich has owned up to the company's missteps, and now offers an open letter to the tech community.
Google has quickly updated most of its hardware to help mitigate against the Meltdown and Spectre security holes, but if you have questions about your Chromebook, you can find out its update status.
Users of the Ubuntu are also reporting issues with the patches aimed at mitigating the Meltdown and Spectre CPU exploits, with some systems having boot-up issues after installation.
Hardware and software makers continue to deal with the potential problems caused by processor vulnerabilities Meltdown and Spectre. Nvidia is the latest to do so, with updates for its SoCs and GPUs.
The new security updates are designed purely to help make it tougher for hackers to utilize the Spectre vulnerability found is all processors. Apple released an update for Safari 11.0.2, as well.
Intel has been getting battered from all sides because of the Meltdown and Spectre flaws found in its chips. While other chip designs face the same Spectre issues, Torvalds chose to target Intel.
Welcome to a new column that rounds up the news of the week out of Redmond. For the week of December 30 to January 5, we have chip vulnerabilities that needed attention and some problems for Cortana.
Singapore is currently taking feedback on a new cybersecurity bill which will require ethical hackers to be licensed before undertaking their work. The law could benefit both hackers and companies.
Four major security flaws, collectively dubbed 'QuadRooter', have left around 900 million Android devices with Qualcomm chipsets - including many of the latest flagships - vulnerable to attack.
Chrome 51 was recently added to the stable channel with numerous bug fixes and the company has now revealed the list of vulnerabilities reported by external researchers along with the amount paid out.
According to a database run by the U.S. government, the number of disclosed and fixed vulnerabilities by product was led by OS X, iOS and Flash, with Android at #20 and Windows at #14.
Security researchers have showcased the hazards of having an unpatched BIOS using a proof of concept malware called "LightEater" at a recent information security conference in Canada.
In an open letter, Lenovo CTO Peter Hortensius said the company is in the midst of developing a concrete plan to address software vulnerabilities, which will be announced later in the week.
It's that "time of the month" for Windows where patches get applied to plug vulnerabilities found in the OS. This time around eight were delivered and none affecting Internet Explorer.
Open source encryption application TrueCrypt has been audited for potential security flaws and has been found to contain some vulnerabilities but no backdoors which could be used to spy on users.
Pwn2Own inches closer and closer to having a million dollar event payout as the famed competition continues to grow in popularity and participation.
Microsoft has announced a 'bounty program' for people who find exploits inside Windows 8.1, with up to $100,000 offered, plus rewards for finding vulnerabilities in the Internet Explorer 11 preview.
More vulnerabilities have been found after Stuxnet infected Iranian programmable logic controllers designed by Siemens.
If you were counting on WebGL support in upcoming versions of Internet Explorer, you're out of luck for now. Microsoft made the decision to not support WebGL in its current form due to serious security...
Microsoft has issued an advanced notification for their last Patch Tuesday of the year, with a whopping 17 bulletins and 40 vulnerabilities. Out of the 17 bulletins, two are marked as "critical", Microsoft's highest security...
As expected, yesterday Microsoft rolled out five "critical" and three "important" patches for Windows Server 2008, Vista, Office, Internet Explorer and other software as part of its regularly scheduled Patch Tuesday release. The eight-patch rollout...
The latest Month of Bugs project, Month of ActiveX Bugs (MoAxB) started up on May 1 and has already found two critical flaws. First off, Microsoft's ActiveX controls, used to make Web pages richer and...
