Critical Vulnerability in UNISOC Devices Patched

UNISOC-chip Android Phones are Vulnerable to Remote Modem-Targeting Attacks In May 2022, the UNISOC company was informed by Check Point Research specialists about a critical vulnerability present in UNISOC chipset devices. The flaw was confirmed by the manufacturer and patched. The vulnerability revelation happened after reverse-engineering of UNISOC LTE protocols (long-term evolution, wireless connection standard… Continue reading Critical Vulnerability in UNISOC Devices Patched

Vulnerability in HP BIOS causes system takeover

UEFI, BIOS, Vulnerabilities, vulnerability, CVE-2021-3808, CVE-2021-3809

Following recent fixes for a large number of UEFI vulnerabilities, worldwide-known PC and laptop vendor HP is releasing a new BIOS update. This time around, two serious vulnerabilities affecting a wide range of over 200 PC and laptop models that allow code to run with kernel privileges, including driver management and BIOS access, were the… Continue reading Vulnerability in HP BIOS causes system takeover

Dark Souls 3 found an RCE vulnerability that allows taking control of someone else’s PC

Over the weekend, the developers of the Dark Souls series of games reported that the PC servers of Dark Souls: Remastered, Dark Souls 2, Dark Souls 3 and Dark Souls: PtDE are temporarily disabled due to a dangerous RCE vulnerability that allows remotely taking control of someone else’s machine. One of the first to report… Continue reading Dark Souls 3 found an RCE vulnerability that allows taking control of someone else’s PC

Critical vulnerability in Office fixed, but macOS update is delayed

As part of the January Patch Tuesday, Microsoft engineers fixed a critical vulnerability in Office that could allow attackers to remotely run malicious code on vulnerable systems. The RCE vulnerability identified as CVE-2022-21840 can be exploited on target devices with even the lowest privileges and in simple attacks that require user interaction. Basically, the user… Continue reading Critical vulnerability in Office fixed, but macOS update is delayed

Another vulnerability found in Log4j, this time it is a denial of service

Log4Shell, recently discovered in the popular logging library Log4j, which is part of the Apache Logging Project, continues to get worse, as another vulnerability has been found. This time it is time a “denial of service” vulnerability. The problem was originally discovered while catching bugs on Minecraft servers, but the Log4j library is present in… Continue reading Another vulnerability found in Log4j, this time it is a denial of service

Log4j vulnerability threatens 35,000 Java packages

Google scanned Maven Central, the largest Java repository to date, and found that the Log4j vulnerability threatened 35,863 Java packages. The packages are vulnerable to either the original Log4Shell exploit (CVE-2021-44228) or the second RCE problem discovered after the patch was released (CVE-2021-45046). This vulnerability has gripped the information security ecosystem since its disclosure on… Continue reading Log4j vulnerability threatens 35,000 Java packages

Microsoft patches Windows AppX Installer vulnerability that spreads Emotet malware

The latest of this year, December’s patch Tuesday brought fixes for six 0-day vulnerabilities in Microsoft products, including a bug in the Windows AppX Installer that uses Emotet malware to spread. Microsoft patched 67 vulnerabilities in its products this month, seven of which are classified as critical and 60 are classified as important. Separately, Microsoft… Continue reading Microsoft patches Windows AppX Installer vulnerability that spreads Emotet malware

Vulnerability in Apple iCloud puts billion users at risk

Security of over a billion iPhone owners and users of popular instant messengers is at risk due to a vulnerability in Apple iCloud. As the Forbes reports, private messages sent via iMessage and WhatsApp on iPhone are not secure when using factory settings. While encrypted apps like iMessage and WhatsApp keep messages on the device… Continue reading Vulnerability in Apple iCloud puts billion users at risk

Clop ransomware exploits vulnerability in SolarWinds Serv-U

The NCC Group warns of a spike of Clop ransomware attacks (hack group also known as TA505 and FIN11), which exploits a vulnerability in SolarWinds Serv-U. Most of them start off by exploiting the CVE-2021-35211 bug in Serv-U Managed File Transfer and Serv-U Secure FTP. This issue allows a remote attacker to execute commands with… Continue reading Clop ransomware exploits vulnerability in SolarWinds Serv-U

NUCLEUS: 13 Problems Threat to Medical Devices, Automobiles and Industrial Systems

Forescout and Medigate Labs issued a report on NUCLEUS:13 problems – A Set of 13 vulnerabilities which affect Siemens Software Library that is widely used in medical devices, automotive and industrial systems. NUCLEAUS:13 affects Nucleus NET, the TCP/IP stack that is part of Siemens’ RTOS Nucleus. Typically, Nucleus runs on SoCs in medical devices, cars,… Continue reading NUCLEUS: 13 Problems Threat to Medical Devices, Automobiles and Industrial Systems