vulnerabilities

Malware & Threats

Issued by: Security Week

Tracked as CVE-2021-36260 and affecting over 70 cameras and NVRs from Hikvision, the critical-severity bug can be exploited to gain root access and completely take over vulnerable devices, without any form of user interaction. Hikvision released patches for the vulnerability on September 18 and, shortly after, the U.S. Cybersecurity and Infrastructure Security Agency (CISA) alerted…

Vulnerabilities

Issued by: Security Week

Cross-site leaks, also known as XS-Leaks, are a type of browser side-channel attack that can allow a malicious website to infer and collect potentially sensitive user information from other sites by bypassing security mechanisms such as same-origin policy. Same-origin policy is designed to restrict how a document, script or media file loaded by one origin…

Software Security

Issued by: Security Week

The company is building a Trusted Control/Compute Unit (TCU) product that is being positioned as a new class of security processors that provide platform root-of-trust for large enterprise customers. Axiado, which employs approximately 40 in Silicon Valley, said the $25 million Series B investment brings the total raised to $40 million. The round was led…

Vulnerabilities

Issued by: Security Week

The flaw also allowed the researchers to identify the real IP addresses of the hidden service hosting the recovery website, including 20 IPs communicating with the Conti servers, and two Tor entry nodes used for the recovery service, all of which were reported to the authorities. Furthermore, Prodaft discovered victim chat sessions that allowed them…

Vulnerabilities

Issued by: Security Week

The executive order on improving the nation’s cybersecurity tasked CISA with developing playbooks for federal civilian agencies to help them plan and conduct vulnerability and incident response. While the playbooks have been created for federal civilian agencies and their contractors, CISA says the information could also be useful to critical infrastructure organizations and private sector…

Vulnerabilities

Issued by: Security Week

The security hole, tracked as CVE-2021-0146 and rated high severity, impacts Pentium, Celeron and Atom CPUs on mobile, desktop and embedded devices. Affected Atom IoT processors are present in many cars, apparently including ones made by Tesla. Intel announced the availability of fixes when it released its November 2021 Patch Tuesday updates. “Hardware allows activation…

Software Security

Issued by: Security Week

The company offers a platform that helps developers create more secure applications by discovering vulnerabilities in code, detecting what libraries are being used, and goes as far as providing embedded runtime exploit prevention that analyzes application runtime to prevents and confirm exploitability of bugs. Contrast says the investment will help it meet demand for its…

Vulnerabilities

Issued by: Security Week

The research, named Project Memoria, was conducted by enterprise device security firm Forescout in collaboration with others. It resulted in the discovery of the vulnerabilities tracked as Ripple20, AMNESIA:33, NUMBER:JACK, NAME:WRECK, INFRA:HALT, and NUCLEUS:13. TCP/IP stacks are leveraged by a wide range of devices for communication, including medical products, industrial control systems (ICS), printers, and…