Collaborate Disseminate
Google’s decision to write new code into Android’s codebase in Rust, a memory-safe programming language, has resulted in a significant drop in memory safety vulnerabilities, despite old code (written in C/C++) not having been rewritten. The… Continue reading The number of Android memory safety vulnerabilities has tumbled, and here’s why
Details about and proof-of-concept (PoC) exploit code for CVE-2024-28987, a recently patched SolarWinds Web Help Desk (WHD) vulnerability that could be exploited by unauthenticated attackers to remotely read and modify all help desk ticket details, are… Continue reading PoC for critical SolarWinds Web Help Desk vulnerability released (CVE-2024-28987)
CVE-2024-7593, a critical authentication bypass vulnerability affecting Ivanti Virtual Traffic Manager (vTM) appliances, is actively exploited by attackers. The confirmation comes from the Cybersecurity and Infrastructure Security Agency (CISA), which … Continue reading Ivanti vTM auth bypass flaw exploited in attacks, CISA warns (CVE-2024-7593)
Financially motivated threat actors are targeting North American companies in the transportation and logistics sector with tailored lures, info-stealing malware, and a clever new trick. How the attack unfolds According to Proofpoint threat researchers,… Continue reading Transportation, logistics companies targeted with lures impersonating fleet management software
A poorly executed “handover” of US-based Kaspersky customers has led some users to panic when software named UltraAV popped up on their computers without any action on their part. What happened? Earlier this year, for national security reas… Continue reading US-based Kaspersky users startled by unexpected UltraAV installation
Telegram will start handing over the IP addresses and phone numbers of users who violate their Terms of Service “to relevant authorities in response to valid legal requests”, Telegram founder and CEO Pavel Durov has announced on Monday. Thi… Continue reading Telegram will share IP addresses, phone numbers of criminal suspects with cops
Organizations that plan to upgrade to Windows Server 2025 once it becomes generally available will be able to implement some security updates by hotpatching running processes. What is hotpatching? “Hotpatching has been around for years in Windows… Continue reading Windows Server 2025 gets hotpatching option, without reboots
More often than not, a cyber attack or a cyber incident that results in business disruption will spur organizations to make changes to improve their cybersecurity and cyber resilience – and sometimes that means changing cybersecurity providers. T… Continue reading Organizations are changing cybersecurity providers in wake of Crowdstrike outage
For a while now, security researchers have been warning about fake human verification pages tricking Windows users into inadvertently installing malware. A recently exposed campaign showed how some users end up on these pages. Beware of fake human veri… Continue reading Windows users targeted with fake human verification pages delivering malware
Researchers have released technical details about CVE-2024-45488, a critical authentication bypass vulnerability affecting One Identity’s Safeguard for Privileged Passwords (SPP), which could allow attackers to gain full administrative access to … Continue reading Patch this critical Safeguard for Privileged Passwords auth bypass flaw (CVE-2024-45488)