[ad_1]
VMware has patched a whole host of security vulnerabilities affecting a number of its key business products - and given that some of the flaws are high in severity, and would allow malicious actors to execute code remotely, the company advises users to apply the patches immediately. According to VMware’s security advisory, the…
[ad_1]
Two zero-day flaws in popular Microsoft products including Edge, Teams, and Skype have been discovered and patched, the company has confirmed. Microsoft addressed CVE-2023-4863, and CVE-2023-5217, which affect the programs’ code libraries used to encode and decode images in the WebP format, and videos with VP8 encoding. The two libraries in question are…
[ad_1]
Cybersecurity researchers discovered three major vulnerabilities in some high-end ASUS routers, which could be used to hijack endpoints, disrupt connectivity, and deploy malware and ransomware. The routers in question are ASUS RT-AX55, RT-AX56U_V2, and RT-AC86U - all high-end devices used by gamers and other individuals with high-performance demands. The vulnerabilities plaguing these devices…
[ad_1]
The US Cybersecurity and Infrastructure Security Agency (CISA) has warned that flaws in several Samsung mobile devices have likely already been exploited to by a spyware vendor. The agency recently added eight new vulnerabilities to its Known Exploited Vulnerabilities Catalog, six of which pertain to Samsung Mobile devices, with evidence that they already…
[ad_1]
The Mitre Corporation released its annual list of the most dangerous software flaws for 2023, and there’s been no change at the top spot. The American not-for-profit organization has been analyzing public vulnerability data found in the National Vulnerability Database (NVD) for root cause mappings to CVE weaknesses for the past two years.…
[ad_1]
Progress Software, the company behind the MOVEit secure managed file transfer (MFT) tool, has warned users it has found a separate vulnerability that can also be used to steal their sensitive data with malware, and urged them to apply the newly released patch - immediately. Earlier this month, it was revealed that MOVEit…
[ad_1]
D-Link has released patches for two critical vulnerabilities found in its network management suite which could allow threat actors to bypass authentication and execute arbitrary code, remotely. The company fixed two flaws found in D-View, its network management suite that various businesses use for general network management and administration. The flaws were discovered…
[ad_1]
Cybersecurity researchers from Imperva have uncovered a flaw in the popular social media app TikTok which could have allowed threat actors to exfiltrate sensitive data from victim devices to be used in identity theft attacks, phishing, or for blackmail. The vulnerability, which has since been fixed, was found in the way the app…
[ad_1]
Universal Copy Service, a software suite used by medical laboratories across the world for DNA sequencing, carries two high-severity vulnerabilities that could allow threat actors to fully take over the targeted endpoints and exfiltrate sensitive data. A joint security advisory from the US Cybersecurity Infrastructure Security Agency (CISA) and the FDA has urged…
[ad_1]
Apple has released iOS 16.4 and is urging iPhone users, particularly those with older devices, to update immediately to benefit from some important security fixes Despite the seemingly unassuming update number (16.x, rather than 16.x.x), this update has patched 32 known security flaws (opens in new tab) that have been plaguing iOS…