Two critical security vulnerabilities were found in pgAdmin, the open-source administration tool for PostgreSQL. The vulnerabilities assigned CVE-2024-4216 and CVE-2024-4215 affect the tool's cross-site scripting and multi-factor authentication featu...
Are you a Docker customer? If so, you should upgrade to the latest version of Docker immediately. Security researchers have detailed a proof-of-concept (PoC) attack exploiting a critical vulnerability, which could lead to full container escape. Learn more:
A serious Wi-Fi vulnerability has shown how Linux handles security in plain sight. Learn more about this security bug, as well as how the Linux kernel balances the risks of public bug disclosure:
Are you an Ubuntu user? Canonical has released a new batch of Linux kernel security updates for all of its supported Ubuntu Linux releases to address the latest Intel CPU vulnerabilities, as well as other important flaws. Learn more:
Have you heard about the latest Intel CPU bug, Zombieland v2? Learn more about this security vulnerability and what Red Hat and other Linux vendors are doing about it in an informative ZDNet article:
Are you a Ring doorbell owner? Have you heard about the security bug that researchers discovered in Ring doorbells that sent Wi-Fi passwords over the network in plain HTTP rather than being encrypted? Learn more:
Siri, Alexa, and Google Assistant are vulnerable to attacks that use lasers to inject inaudible -- and sometimes invisible -- commands into the devices and surreptitiously cause them to unlock doors, visit websites, and locate, unlock, and start vehicles, researchers report in a research paper published on Monday. Dubbed Light Commands, the attack works against Facebook Portal and a variety of phones. Learn more in an interesting Schneier on Security blog post:
Google has discovered a Libarchive vulnerability which can lead to code execution on Linux, FreeBSD and NetBSD. Learn more about the security bug and its implications for Linux users in an informative ZDNet article:
IBM developers and others continue exploring the potential for address space isolation in the Linux kernel to reduce the risk of leaking sensitive data in attacks like L1 Terminal Fault (L1TF), MDS, and other vulnerabilities. Though this does increase the complexity of the kernel code and the performance hit is still to be evaluated. Learn more in an interesting Phoronix article:
Are you a Google Chrome user? If so, you should update your browser now, as two new high severity Chrome zero-day bugs are being actively exploited by attackers. Learn more about the vulnerabilities and how to protect your system:
The same Intel CPU speculative execution problems which led toMeltdown and Spectresecurity issues are still alive and well and Greg Kroah-Hartman, the stable Linux kernel maintainer, says we're going to see Intel chip security problems for years to come. Learn more about this issue:
A recently patched vulnerability (CVE-2019-11043) in PHP is being actively exploited by attackers to compromise NGINX web servers, threat intelligence firm Bad Packets hasconfirmed. Learn more:
A Linux Sudo bug which allows users to run some restricted commands as root without permission has been discovered. Learn more about this security vulnerability in an informative Techworm article:
Are you a Joomla user? Details have been published online last week about a vulnerability in older versions of the Joomla content management system (CMS), a popular web-based application for building and managing websites. Learn more in a great ZDNet article:
Remember the critical remote code execution (RCE) vulnerability in the Exim email server,CVE-2019-15846,from mid-September?Barely two weeks later, and the software’s maintainers have issued an advisory for another potentially troublesome bug,identified as CVE-2019-16928, which has been given the same critical rating. Learn more in a great NakedSecurity article:
Are you an Exim user? A critical security vulnerability has been discovered and fixed in the popular open-source Exim email server software, which could allow a remote attacker to simply crash or potentially execute malicious code on targeted servers. Learn more about the vulnerability in a great The Hacker News article:
The results of the 2019 Defcon Voting Village are in—and they paint an ugly picture for voting machine security. Learn more in an interesting Wired article:
Are you a phpMyAdmin user? A researcher has just published a zero-day security bug in one of the web’s most popular database administration software packages. Learn more: