Google Patches Actively Exploited Chrome Bug
The heap buffer overflow issue in the browser’s WebRTC engine could allow attackers to execute arbitrary code.
While people were celebrating the Fourth of July holiday in the United States,...
Technical Advisory – ExpressLRS vulnerabilities allow for hijack of control link
Vendor: ExpressLRS
Vendor URL: https://expresslrs.org
Versions affected: 1.x, 2.x
Author: Richard Appleby
Severity: Medium 7.5 AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Summary
ExpressLRS is a high-performance open source radio control link. It aims to provide...
Patchable and Preventable Security Issues Lead Causes of Q1 Attacks
Attacks against U.S. companies spike in Q1 2022 with patchable and preventable external vulnerabilities responsible for bulk of attacks.
Eighty-two percent of attacks on organizations in Q1 2022...
Discovery of 56 OT Device Flaws Blamed on Lackluster Security Culture
Culture of ‘insecure-by-design’ security is cited in discovery of bug-riddled operational technology devices.
Researchers discovered 56 vulnerabilities affecting devices from 10 operational technology (OT) vendors, most of which they’ve attributed...
Updated: Technical Advisory and Proofs of Concept – Multiple Vulnerabilities in U-Boot (CVE-2022-30790, CVE-2022-30552)
By Nicolas Bidron, and Nicolas Guigo.
U-boot is a popular boot loader for embedded systems with implementations for a large number of architectures and prominent in most linux based embedded...
Technical Advisory – Multiple Vulnerabilities in Trendnet TEW-831DR WiFi Router (CVE-2022-30325, CVE-2022-30326, CVE-2022-30327, CVE-2022-30328,...
The Trendnet TEW-831DR WiFi Router was found to have multiple vulnerabilities exposing the owners of the router to potential intrusion of their local WiFi network and possible takeover of...
Technical Advisory – FUJITSU CentricStor Control Center
Summary
On the 6th of April 2022, NCC Group’s Fox-IT discovered two separate flaws in FUJITSU CentricStor Control Center V8.1 which allows an attacker to gain remote code execution on...
Attackers Use Public Exploits to Throttle Atlassian Confluence Flaw
The vulnerability remains unpatched on many versions of the collaboration tool and has potential to create a SolarWinds-type scenario.
Threat actors are using public exploits to pummel a critical zero-day...
Follina Exploited by State-Sponsored Hackers
A government-aligned attacker tried using a Microsoft vulnerability to attack U.S. and E.U. government targets.
Researchers have added state-sponsored hackers to the list of adversaries attempting to exploit Microsoft’s now-patched...