flaws

  • Blog
    digitpatrox2 weeks ago
    83

    HPE warns of critical RCE flaws in Aruba Networking access points

    Hewlett Packard Enterprise (HPE) released updates for Instant AOS-8 and AOS-10 software to address two critical vulnerabilities in Aruba Networking Access Points. The two security issues could allow a remote attacker to perform unauthenticated command injection by sending specially crafted packets to Aruba’s Access Point management protocol (PAPI) over UDP port 8211. The critical flaws are tracked as CVE-2024-42509 and CVE-2024-47460, and have…

    Read More »
  • Blog
    digitpatrox2 weeks ago
    28

    Germany drafts law to protect researchers who find security flaws

    The Federal Ministry of Justice in Germany has drafted a law to provide legal protection to security researchers who discover and responsibly report security vulnerabilities to vendors. When security research is conducted within the specified boundaries, those responsible will be excluded from criminal liability and the risk of prosecution. “Those who want to close IT security gaps deserve recognition—not a…

    Read More »
  • Blog
    digitpatrox3 weeks ago
    29

    Apple Found One of Chrome’s ‘Critical’ Security Flaws

    On Tuesday, Google released a new update for Chrome, upgrading it to version 130.0.6723.91/.92 for Windows and Mac, and 130.0.6723.91 for Linux. When you install the update and refresh your browser, you won’t be greeted with a new UI or a handful of new features or changes. Instead, you’ll be running a browser that patches two security vulnerabilities found in older…

    Read More »
  • Blog
    digitpatrox3 weeks ago
    26

    Apple is offering rewards of up to $1 million to find critical flaws in its private AI cloud systems

    Apple is offering a $1 million (£770,000) bounty for flaws that could be used by hackers to run code in Private Cloud Compute (PCC), the cloud system used to power advanced AI features that can’t run on device. Bug bounty programs are a popular way for technology companies to incentivise security researchers to seek out vulnerabilities in their code, offering…

    Read More »
  • Blog
    digitpatrox4 weeks ago
    32

    Over 70 zero-day flaws get hackers $1 million at Pwn2Own Ireland

    The fourth day of Pwn2Own Ireland 2024 marked the end of the hacking competition with more than $1 million in prizes for over 70 unique zero-day vulnerabilities in fully patched devices. The hacking contest pits security researchers against various software and hardware products, in an attempt earn the “Master of Pwn” title by compromising targets in eight categories ranging from mobile phones, messaging…

    Read More »
  • Blog
    digitpatrox4 weeks ago
    30

    Jensen Huang just issued a big update on Nvidia’s Blackwell chip flaws

    Nvidia CEO Jensen Huang has confirmed that a design flaw that was impacting the expected yields from its Blackwell AI GPUs has been addressed. Huang clarified that the issue was the result of Nvidia’s design, and not its fabricating partner TSMC, with mass production of the Blackwell B100 and B200 GPUs expected to resume later this month, according to Reuters.…

    Read More »
  • Blog
    digitpatroxOctober 20, 2024
    33

    Severe flaws in E2EE cloud storage platforms used by millions

    Several end-to-end encrypted (E2EE) cloud storage platforms are vulnerable to a set of security issues that could expose user data to malicious actors. Cryptographic analysis from ETH Zurich researchers Jonas Hofmann and Kien Tuong Turong revealed issue with Sync, pCloud, Icedrive, Seafile, and Tresorit services, collectively used by more than 22 million people. The analysis was based on the threat…

    Read More »
  • Blog
    digitpatroxOctober 17, 2024
    64

    70% of exploited flaws disclosed in 2023 were zero-days

    Google Mandiant security analysts warn of a worrying new trend of threat actors demonstrating a better capability to discover and exploit zero-day vulnerabilities in software. Specifically, of the 138 vulnerabilities disclosed as actively exploited in 2023, Mandiant says 97 (70.3%) were leveraged as zero-days. This means that threat actors exploited the flaws in attacks before the impacted vendors knew of…

    Read More »
  • Blog
    digitpatroxOctober 12, 2024
    128

    117 updates (and 5 zero-day flaws) – Computerworld

    Microsoft SQL Server With two updates this month, desktop (or client) testing will be required for data-driven applications. We recommend that the following SQL-related tests be included for October: Validate SQL Commands and stored procedures. Ensure data “Refresh” operations perform correctly with Microsoft Active Data (ADOX) objects. These are difficult operations to debug due to the generally large number of…

    Read More »
  • Blog
    digitpatroxOctober 3, 2024
    143

    Critical flaws left 700,000 DrayTek routers exposed – but don’t worry, there’s a fix

    Security researchers have uncovered 14 vulnerabilities in DrayTek routers that left hundreds of thousands of devices exposed. The flaws affect 24 DrayTek router models, with more than two-thirds either end-of-sale (EoS) or end-of-life (EoL) products, making them more difficult to patch and protect. More than 425,000 are in the UK and EU, with over 190,000 in Asia. Crucially, researchers warned…

    Read More »
Load More
Back to top button
close