Following recent fixes for a large number of UEFI vulnerabilities, worldwide-known PC and laptop vendor HP is releasing a new BIOS update. This time around, two serious vulnerabilities affecting a wide range of over 200 PC and laptop models that allow code to run with kernel privileges, including driver management and BIOS access, were the… Continue reading Vulnerability in HP BIOS causes system takeover
Tag: vulnerability
Dark Souls 3 found an RCE vulnerability that allows taking control of someone else’s PC
Over the weekend, the developers of the Dark Souls series of games reported that the PC servers of Dark Souls: Remastered, Dark Souls 2, Dark Souls 3 and Dark Souls: PtDE are temporarily disabled due to a dangerous RCE vulnerability that allows remotely taking control of someone else’s machine. One of the first to report… Continue reading Dark Souls 3 found an RCE vulnerability that allows taking control of someone else’s PC
Critical vulnerability in Office fixed, but macOS update is delayed
As part of the January Patch Tuesday, Microsoft engineers fixed a critical vulnerability in Office that could allow attackers to remotely run malicious code on vulnerable systems. The RCE vulnerability identified as CVE-2022-21840 can be exploited on target devices with even the lowest privileges and in simple attacks that require user interaction. Basically, the user… Continue reading Critical vulnerability in Office fixed, but macOS update is delayed
Another vulnerability found in Log4j, this time it is a denial of service
Log4Shell, recently discovered in the popular logging library Log4j, which is part of the Apache Logging Project, continues to get worse, as another vulnerability has been found. This time it is time a “denial of service” vulnerability. The problem was originally discovered while catching bugs on Minecraft servers, but the Log4j library is present in… Continue reading Another vulnerability found in Log4j, this time it is a denial of service
Log4j vulnerability threatens 35,000 Java packages
Google scanned Maven Central, the largest Java repository to date, and found that the Log4j vulnerability threatened 35,863 Java packages. The packages are vulnerable to either the original Log4Shell exploit (CVE-2021-44228) or the second RCE problem discovered after the patch was released (CVE-2021-45046). This vulnerability has gripped the information security ecosystem since its disclosure on… Continue reading Log4j vulnerability threatens 35,000 Java packages
Microsoft patches Windows AppX Installer vulnerability that spreads Emotet malware
The latest of this year, December’s patch Tuesday brought fixes for six 0-day vulnerabilities in Microsoft products, including a bug in the Windows AppX Installer that uses Emotet malware to spread. Microsoft patched 67 vulnerabilities in its products this month, seven of which are classified as critical and 60 are classified as important. Separately, Microsoft… Continue reading Microsoft patches Windows AppX Installer vulnerability that spreads Emotet malware
Vulnerability in Apple iCloud puts billion users at risk
Security of over a billion iPhone owners and users of popular instant messengers is at risk due to a vulnerability in Apple iCloud. As the Forbes reports, private messages sent via iMessage and WhatsApp on iPhone are not secure when using factory settings. While encrypted apps like iMessage and WhatsApp keep messages on the device… Continue reading Vulnerability in Apple iCloud puts billion users at risk
Clop ransomware exploits vulnerability in SolarWinds Serv-U
The NCC Group warns of a spike of Clop ransomware attacks (hack group also known as TA505 and FIN11), which exploits a vulnerability in SolarWinds Serv-U. Most of them start off by exploiting the CVE-2021-35211 bug in Serv-U Managed File Transfer and Serv-U Secure FTP. This issue allows a remote attacker to execute commands with… Continue reading Clop ransomware exploits vulnerability in SolarWinds Serv-U
NUCLEUS: 13 Problems Threat to Medical Devices, Automobiles and Industrial Systems
Forescout and Medigate Labs issued a report on NUCLEUS:13 problems – A Set of 13 vulnerabilities which affect Siemens Software Library that is widely used in medical devices, automotive and industrial systems. NUCLEAUS:13 affects Nucleus NET, the TCP/IP stack that is part of Siemens’ RTOS Nucleus. Typically, Nucleus runs on SoCs in medical devices, cars,… Continue reading NUCLEUS: 13 Problems Threat to Medical Devices, Automobiles and Industrial Systems
Microsoft warns of dangerous vulnerability in Surface Pro 3 devices
Microsoft engineers have published a security bulletin on a new vulnerability affecting Surface Pro 3 tablets. The bug could be used by an attacker to inject malicious devices into corporate networks and bypass the Device Health Attestation. Other Surface devices, including Surface Pro 4 and Surface Book, are not considered affected by this issue. Although… Continue reading Microsoft warns of dangerous vulnerability in Surface Pro 3 devices