Explore

Published at LXer: PuTTY's security flaw (CVE2024-31497) in ECDSA P521 keys risks private data exposure. Urgent update is needed. Read More......

Published at LXer: Recent sshd/xz backdoor (CVE-2024-3094 ) reveals risks in systemd's libsystemd, sparking debate on dependency reduction. Here's more on that! Read More......

Russia hacked video surveillance cameras as part of a massive air attack on Kyiv, according to Ukrainian security services. Several countries have banned camera manufacturers in recent years over national security concerns, including that adversaries might exploit software vulnerabilities in a conflict. But this is ...

The ransomware actor 'ShadowSyndicate' was observed scanning for servers vulnerable to CVE-2024-23334, a directory traversal vulnerability in the aiohttp Python library. Aiohttp is an open-source library built on top of Python's asynchronous I/O framework, Asyncio, to handle large amounts of concurrent HTTP requests...

Google awarded $10 million to 632 researchers from 68 countries in 2023 for finding and responsibly reporting security flaws in the company's products and services. Though this is lower than the $12 million Google's Vulnerability Reward Program paid to researchers in 2022, the amount is still significant, showcasing...

QNAP warns of vulnerabilities in its NAS software products, including QTS, QuTS hero, QuTScloud, and myQNAPcloud, that could allow attackers to access devices. The Taiwanese Network Attached Storage (NAS) device maker disclosed three vulnerabilities that can lead to an authentication bypass, command injection, and S...

The White House Office of the National Cyber Director (ONCD) urged tech companies today to switch to memory-safe programming languages, such as Rust, to improve software security by reducing the number of memory safety vulnerabilities. Such vulnerabilities are coding errors or weaknesses within software that can lea...

Published at LXer: This low-level software is the glue that enables Linux to run on Secure Boot PCs, and it has a nasty problem. Read More......

Four vulnerabilities collectively called "Leaky Vessels" allow hackers to escape containers and access data on the underlying host operating system. The flaws were discovered by Snyk security researcher Rory McNamara in November 2023, who reported them to impacted parties for fixing. Snyk has found no signs of activ...

The Operation Triangulation spyware attacks targeting iPhone devices since 2019 leveraged undocumented features in Apple chips to bypass hardware-based security protections. This finding comes from Kaspersky analysts who have been reverse-engineering the complex attack chain over the past year, trying to unearth all...