Just-Released Dark Souls Game, Elden Ring, Includes Killer Bug
A patch fixes exploit hidden in Elden Ring that traps PC players in a ‘death loop.’
The latest installment of the Dark Souls gaming franchise, Elden Ring, contains a security...
Remote Code Execution on Western Digital PR4100 NAS (CVE-2022-23121)
This blog post describes an unchecked return value vulnerability found and exploited in September 2021 by Alex Plaskett, Cedric Halbronn and Aaron Adams working at the Exploit Development Group...
Misconfigured Firebase Databases Exposing Data in Mobile Apps
Five percent of the databases are vulnerable to threat actors: It’s a gold mine of exploit opportunity in thousands of mobile apps, researchers say.
Thousands of mobile apps – some...
Technical Advisory – Apple macOS XAR – Arbitrary File Write (CVE-2022-22582)
Vendor: Apple
Vendor URL: https://www.apple.com/
Systems Affected: macOS Monterey before 12.3, macOS Big Sur before 11.6.5 and macOS 10.15 Catalina before Security Update 2022-003
Author: Richard Warren
Advisory URLs: https://support.apple.com/en-us/HT213183, https://support.apple.com/en-us/HT213185, https://support.apple.com/en-gw/HT213185
CVE...
Most QNAP NAS Devices Affected by ‘Dirty Pipe’ Linux Flaw
The “Dirty Pipe” Linux kernel flaw – a high-severity vulnerability in all major distros that grants root access to unprivileged users who have local access – affects most of...
APT41 Spies Broke Into 6 US State Networks via a Livestock App
The China-affiliated state-sponsored threat actor used Log4j and zero-day bugs in the USAHerds animal-tracking software to hack into multiple government networks.
USAHerds – an app used (PDF) by farmers to...
Most Orgs Would Take Security Bugs Over Ethical Hacking Help
A new survey suggests that security is becoming more important for enterprises, but they’re still falling back on old “security by obscurity” ways.
Enterprises are putting greater stock in cybersecurity,...
Microsoft Addresses 3 Zero-Days & 3 Critical Bugs for March Patch Tuesday
The computing giant patched 71 security vulnerabilities in an uncharacteristically light scheduled update, including its first Xbox bug.
Microsoft has addressed 71 security vulnerabilities in its scheduled March Patch Tuesday...
Zero-Click Flaws in Widely Used UPS Devices Threaten Critical Infratructure
The ‘TLStorm’ vulnerabilities, found in APC Smart-UPS products, could allow attackers to cause both cyber and physical damage by taking down critical infrastructure.
Three critical security vulnerabilities in widely used...
Critical Firefox Zero-Day Bugs Allow RCE, Sandbox Escape
Both vulnerabilities are use-after-free issues in Mozilla’s popular web browser.
Mozilla has released an emergency update for its Firefox browser that addresses two critical security vulnerabilities that cybercriminals have actively...
