Microsoft Patch Tuesday Update Fixes 17 Critical Bugs
Remote code execution vulnerabilities dominate this month’s security bulletin of warnings and patches.
Microsoft’s November Patch Tuesday roundup of security fixes tackled an unusually large crop of remote code execution...
Google: 2021 was a Banner Year for Exploited 0-Day Bugs
Last year, Google Project Zero tracked a record 58 exploited-in-the-wild zero-day security holes.
Google Project Zero reported 58 exploited zero-day vulnerabilities in 2021, a record in the short time...
Hybrid-Work Reality Drives Hardware-based Security Strategies
New remote business reality pushes security teams to retool to protect expanding attack surface.
Remote workforce, hybrid-cloud and Zero-Trust trends are pushing security teams to focus on hardware-assisted...
PDF Feature ‘Certified’ Widely Vulnerable to Attack
Researchers found flaws most of the ‘popular’ PDF applications tested.
Certified portable document format (PDF) files are used to securely sign agreements between two parties while keeping the contents’...
Critical Flaws in Popular ICS Platform Can Trigger RCE
Cisco Talos discovered eight vulnerabilities in the Open Automation Software, two of them critical, that pose risk for critical infrastructure networks.
Critical flaws in a popular platform used by industrial...
Windows Zero-Day Still Circulating After Faulty Fix
The LPE bug could allow an attacker to install programs; view, change, or delete data; or create new accounts with full user rights.
A high-severity Windows zero-day that could lead...
Credential-Stuffing Attack Hits The North Face
The North Face has reset an undisclosed number of customer accounts after detecting a credential-stuffing attack on its website.
The North Face has reset its customers’ passwords after attackers launched...
Strange Cmd.exe Command Allows Execution of Arbitrary Commands
Security researcher Julian Horoszkiewicz discovered a cmd.exe command line shell vulnerability that could allow arbitrary commands to execute.
In search of new attack vectors allowing the introduction of commands in Windows, Khoroshkevich...
Yandex Pummeled by Potent Meris DDoS Botnet
Record-breaking distributed denial of service attack targets Russia’s version of Google – Yandex.
Technical details tied to a record-breaking distributed-denial-of-service (DDoS) attack against Russian internet behemoth Yandex...
Thunderbolt Devices Left Vulnerable To Physical Attacks
The Thunderspy attack affects millions of PCs released before 2019.
A specialist at Eindhoven University of Technology in the Netherlands has demonstrated a new attack method on Windows or Linux computers with...
