Malware & Threats Google Report: Despite Surge in Zero-Day Attacks, Exploit Mitigations Are Working Despite a surge in zero-day attacks, data shows that security investments into OS and software exploit mitigations are forcing attackers to find new attack... Ryan NaraineMarch 27, 2024
Vulnerabilities CISA: Second SharePoint Flaw Disclosed at Pwn2Own Exploited in Attacks CISA says a second SharePoint vulnerability demonstrated last year at Pwn2Own, CVE-2023-24955, has been exploited in the wild. Eduard KovacsMarch 27, 2024
Endpoint Security ZenHammer Attack Targets DRAM on Systems With AMD CPUs A new Rowhammer attack named ZenHammer has been demonstrated against DRAM on systems with AMD CPUs, including DDR5. Eduard KovacsMarch 26, 2024
Vulnerabilities Apple Patches Code Execution Vulnerability in iOS, macOS Apple has released iOS 17.4.1 and macOS Sonoma 14.4.1 with patches for an arbitrary code execution vulnerability. Ionut ArghireMarch 26, 2024
Vulnerabilities US Government Urges Software Makers to Eliminate SQL Injection Vulnerabilities CISA and the FBI issue a secure-by-design alert on eliminating SQL injection vulnerabilities from software. Ionut ArghireMarch 26, 2024
Vulnerabilities Recent Fortinet FortiClient EMS Vulnerability Exploited in Attacks CVE-2023-48788, a critical SQL injection vulnerability in Fortinet’s FortiClient EMS product, is being exploited in the wild. Eduard KovacsMarch 26, 2024
Vulnerabilities Mozilla Patches Firefox Zero-Days Exploited at Pwn2Own Firefox browser updates address two zero-day vulnerabilities exploited at the Pwn2Own hacking contest. Ionut ArghireMarch 25, 2024
Vulnerabilities Saflok Lock Vulnerability Can Be Exploited to Open Millions of Doors Vulnerability in Dormakaba’s Saflok electronic locks allow hackers to forge keycards and open millions of doors. Ionut ArghireMarch 22, 2024
Vulnerabilities Tesla, OS, Software Exploits Earn Hackers $1.1 Million at Pwn2Own 2024 Exploits targeting Tesla cars, operating systems, and popular software earned participants over $1.1 million at Pwn2Own Vancouver 2024. Eduard KovacsMarch 22, 2024
Vulnerabilities Microsoft Patches Xbox Vulnerability Following Public Disclosure Microsoft patches Xbox Gaming Services vulnerability CVE-2024-28916 after initially saying it was not a security issue. Eduard KovacsMarch 21, 2024
Vulnerabilities Ivanti Patches Critical Vulnerabilities in Standalone Sentry, Neurons for ITSM Ivanti has released patches for two critical-severity vulnerabilities leading to arbitrary command execution. Ionut ArghireMarch 21, 2024
Application Security GitHub Rolls Out ‘Code Scanning Autofix’ in Public Beta GitHub’s code scanning autofix delivers remediation suggestions for two-thirds of the identified vulnerabilities. Ionut ArghireMarch 21, 2024