Vulnerabilities Archives - Page 23 of 85

Vulnerabilities Found by Google Researchers in 2021 Got Patched on Average in 52 Days

Issued by: Security Week

Between 2019 and 2021, the team reported a total of 376 vulnerabilities and saw most of them (351) get patched. Of the remaining flaws, 14 are marked “WontFix” by the vendor and 11 remain unfixed. Per Google Project Zero’s policy, vendors have 90 days to address the security errors, but they can also request a…

Vulnerabilities

Log4j and the Role of SBOMs in Reducing Software Security Risk

Issued by: Dark Reading

Recent high-profile cybersecurity incidents such as the SolarWinds attack and the Apache Log4j vulnerability have exposed the threats associated with the software supply chain. These can range from fairly simple exploits of known vulnerabilities to very sophisticated attacks, sponsored by nation-state actors. The annual spending on enterprise software — also known as commercial off-the-shelf or…

Vulnerabilities

Log4j: Getting From Stopgap Remedies to Long-Term Solutions

Issued by: Dark Reading

While the worst of Log4Shell may be behind us and much work remains, let’s say “Well done” to the security engineers and managers who labored in the trenches in recent weeks. But if you thought the Log4j vulnerability was last year’s problem, think again. In 2022, this vulnerability will require care and attention to fully…

Vulnerabilities

Mac Malware-Dropping Adware Gets More Dangerous

Issued by: Dark Reading

The latest version of a Mac Trojan called UpdateAgent, aka WizardUpdate, provides fresh evidence of the growing effort that some threat actors are putting into targeting Apple technologies. The malware, which impersonates legitimate software, such as support agents and video software, first surfaced in September 2020. It is commonly distributed via drive-by downloads or pop-ups…

Malware & Threats, Vulnerabilities

This Week in Security News – February 4, 2022

Issued by: Trend Micro Blog

Welcome to our weekly roundup, where we share what you need to know about cybersecurity news and events that happened over the past few days. This week, learn about the Samba vulnerability discovered by Trend Micro. Also, read about the White House’s warning of Russian hacks as tensions with Ukraine grow. The Samba Vulnerability: What is…

Vulnerabilities

Digital Shadows Launches New Vulnerability Intelligence Module

Issued by: Dark Reading

Digital Shadows announces the launch of a new Vulnerability Intelligence module within SearchLight. The new capability enables security teams to rapidly identify which of the many thousands of Common Vulnerabilities and Exposures (CVEs) they should focus their limited resources on and how they can prevent criminals from exploiting them. The new module, within Digital Shadows…

Vulnerabilities

Google Patches 27 Vulnerabilities With Release of Chrome 98

Issued by: Security Week

The most severe of these security defects could be exploited to execute arbitrary code with the same privileges as the Chrome browser has on the target system. Of the 19 flaws, eight carry a severity rating of high, 10 are considered medium severity, and one low risk. More than half of the externally reported vulnerabilities…

Vulnerabilities

4 years since Sperctre vulnerability discovery | Kaspersky official blog

Issued by: Kaspersky Blog

Four years have passed since the first publication of the research on Spectre and Meltdown, hardware vulnerabilities in modern processors. Since then, researchers discovered several similar flaws, that are potentially capable of leaking confidential data. The researchers also showed examples of attacks using these vulnerabilities, although most of them are unlikely to be used in…

Vulnerabilities

North Korean Hackers Abuse Windows Update Client in Attacks on Defense Industry

Issued by: Security Week

Active since at least 2009, Lazarus is the most active North Korean state-sponsored hacking group, with numerous factions operating under its umbrella. Believed to have orchestrated various high-profile cyberattacks, the group stole $400 million worth of crypto-assets last year. Two different macro-enabled decoy documents masquerading as job opportunities at American global security and aerospace giant…

Vulnerabilities

Google Pays Out Over $100,000 for Vulnerabilities Patched With Chrome 97 Update

Issued by: Security Week

A total of 22 vulnerabilities addressed with the latest Chrome refresh were reported by external researchers, including one critical-severity, 16 high-severity, and five medium-severity issues. There were 12 use-after-free bugs reported externally, impacting Safe Browsing, Site isolation, Web packaging, Omnibox, Printing, Vulkan, Scheduling, Text Input Method Editor, Bookmarks, Optimization Guide, and Data Transfer. The most…