vulnerabilities

Hello, I have been using occasionally software from NirSoft website. What concerns me is this article: https://borncity.com/win/2020/04/16/dll-hijacking-vulnerabilities-in-nirsoft-tools/ From one side developer is concerned about his tools as seen here...

In the news today, researchers found 33 security vulnerabilities in many different IoT devices, including the beloved Raspberry Pi. Does anyone have details on what exactly are the affected devices/risks...

A report from Independent Security Evaluators (ISE) showed that password manager security is acceptable in non-running states, but are vulnerable to memory attacks when in running states. Products from 1Password4, 1Password7, Dashlane, KeePass, and LastPass were tested in the report. For...

A study by the U.S. Government Accountability Office (GAO) has shown how vulnerable U.S. weapon systems under the control of the Department of Defense (DOD) have become. This is due to the weapon systems becoming more networked and software dependent and the DoD is still in the early stages of...

Critical flaws are built into phones sold by the four major U.S. cellphone carriers according to research funded by the Department of Homeland Security (DHS). The flaws allow a hacker to gain access to data, emails, text messages, and "escalate privileges and take over the device" according to...

Two questions: How do you test or check for Spectre / Meltdown vulnerability? Do we know, yet, in what CPU these will be fixed at hardware level? So will 9th generation Intel CPU's be "immune" for example? I ask the second question because it seems like new "variants" of the above...

If you own or support Supermicro products you should be aware there are some vulnerabilities in the configuration of some motherboards. This vulnerability is only able to be exploited if the malicious software is already running on the system, but it does have the nasty ability to hide in the...

The DHS and other government agencies are investigating the cybersecurity strength of the airline industry and commercial aircraft. As a matter of fact a DHS team was able to successfully remotely hack a Boeing 737. Further, the government has determined that aircraft have little to no...

Microsoft and Google Project Zero researchers announced today a new category of processor vulnerability known as a speculative execution side channel vulnerability, or Speculative Store Bypass, that is closely related to the Spectre Variant 1 vulnerability. Microsoft has also released a security...

Last week we wrote about possible AMD security flaws that were announced by CTS Labs. Today, AMD has released their assessment of CTS Labs' claims in a community post. AMD makes it clear that the issues identified by CTS Labs have nothing to do with Meltdown and Spectre, but are associated with...

Google's Project Zero has exposed a security flaw in Microsoft Edge according to a report from Neowin. Microsoft began using Arbitrary Code Guard in Edge with the creators update which forced the use of Just-in-Time (JIT) compilers to an isolated sandbox. The problem with this is the address for...

Dell is going to offer 3 high-end laptops with the Intel Management Engine disabled. This is in response to the recent revelations that the IME has vulnerabilities and cpu's from the 6th gen to the 8th gen all have this cooked in. If successful, I expect other major vendors to jump on-board...

Billions of voice-activated Internet of Things devices may be subject to external attack due to BlueBorne vulnerabilities, Armis revealed last Wednesday. Hackers could exploit BlueBorne to mount an airborne attack, using Bluetooth to spread malware and access critical data, including sensitive...

As chaos gripped the hallowed halls of various Security Operations Centers around the world, Microsoft stood like a defiant digital Gandalf. "You shall not pass!" they declared as they smashed the ground with the Staff of Patching, releasing a golden ring of light and sending their adversaries...