HP Omen Hub Exposes Millions of Gamers to Cyberattack
A driver privilege-escalation bug gives attackers kernel-mode access to millions of PCs used for gaming.
Millions of devices running the HP Omen Gaming Hub were using on a driver with...
Adobe Snuffs Critical Bugs in Acrobat, Experience Manager
Adobe releases security updates for 59 bugs affecting its core products, including Adobe Acrobat Reader, XMP Toolkit SDK and Photoshop.
Adobe is urging its throngs of Acrobat Reader users to...
No Patch for High-Severity Bug in Legacy IBM System X Servers
Two of IBM’s aging flagship server models, retired in 2020, won’t be patched for a command-injection flaw.
Two legacy IBM System x server models, retired in 2019, are open...
2021’s Most Dangerous Software Weaknesses
Saryu Nayyar, CEO at Gurucul, peeks into Mitre’s list of dangerous software bug types, highlighting that the oldies are still the goodies for attackers.
Mitre Corp. recently updated its list...
Microsoft Patches Actively Exploited Windows Zero-Day Bug
On Patch Tuesday, Microsoft fixed 66 CVEs, including an RCE bug in MSHTML under active attack as threat actors passed around guides for the drop-dead simple exploit.
In September’s...
Apple Issues Emergency Fix for NSO Zero-Click Zero Day
Citizen Lab urges Apple users to update immediately. The new zero-click zero-day ForcedEntry flaw affects all things Apple: iPhones, iPads, Macs and Watches.
Apple users should immediately update all their...
Pair of Google Chrome Zero-Day Bugs Actively Exploited
The security vulnerabilities bring the web behemoth up to 10 browser zero-days found so far this year.
Google has addressed two zero-day security bugs that are being actively exploited in...
Technical Advisory: PDFTron JavaScript URLs Allowed in WebViewer UI (CVE-2021-39307)
Vendor: PDFTron
Vendor URL: https://www.pdftron.com/
Versions affected: WebViewer UI 8.0 or below
Systems Affected: Web applications hosting the affected software
Author: Liyun Li
CVE Identifier: CVE-2021-39307
Summary
PDFTron’s WebViewer UI 8.0 or below renders dangerous...
WooCommerce Multi Currency Bug Allows Shoppers to Change eCommerce Pricing
The security vulnerability can be exploited with a malicious CSV file.
A security vulnerability in the WooCommerce Multi Currency plugin could allow any customer to change the pricing for products...
Yandex Pummeled by Potent Meris DDoS Botnet
Record-breaking distributed denial of service attack targets Russia’s version of Google – Yandex.
Technical details tied to a record-breaking distributed-denial-of-service (DDoS) attack against Russian internet behemoth Yandex...