A Flaw in Windows Update Opens the Door to Zombie Exploits

A researcher found a vulnerability that would let hackers strategically downgrade a target’s Windows version to reexpose patched vulnerabilities. Microsoft is working on fixes for the issue.

Security Latest – ​Read More

Over 40,000 Internet-Exposed ICS Devices Found in US: Censys

Censys has found more than 40,000 internet-exposed ICS devices in the US, and notifying owners is in many cases impossible.

The post Over 40,000 Internet-Exposed ICS Devices Found in US: Censys appeared first on SecurityWeek.

SecurityWeek – ​Read More

GhostWrite Vulnerability Facilitates Attacks on Devices With RISC-V CPU

Researchers disclose the details of GhostWrite, a RISC-V CPU vulnerability that can be exploited to gain full access to targeted devices.

The post GhostWrite Vulnerability Facilitates Attacks on Devices With RISC-V CPU appeared first on SecurityWeek.

SecurityWeek – ​Read More

Critical Solar Power Grid Vulnerabilities Risk Global Blackouts

Cybersecurity firm Bitdefender reveals critical vulnerabilities in solar power management platforms, putting 20% of global solar production at…

Hackread – Latest Cybersecurity, Tech, Crypto & Hacking News – ​Read More

Report: Email Attacks Skyrocket 293%

According to Acronis, ransomware remains a top threat for SMBs, especially in critical sectors like government and healthcare, where 10 new ransomware groups conducted 84 cyberattacks globally in Q1 2024.

Cyware News – Latest Cyber News – ​Read More

Roundcube Webmail Flaws Allow Hackers to Steal Emails and Passwords

Cybersecurity researchers have disclosed details of security flaws in the Roundcube webmail software that could be exploited to execute malicious JavaScript in a victim’s web browser and steal sensitive information from their account under specific circumstances.
“When a victim views a malicious email in Roundcube sent by an attacker, the attacker can execute arbitrary JavaScript in the victim’s

The Hacker News – ​Read More

Researcher Sounds Alarm on Windows Update Flaws Allowing Undetectable Downgrade Attacks

Researcher showcases hack against Microsoft Windows Update architecture, turning fixed vulnerabilities into zero-days.

The post Researcher Sounds Alarm on Windows Update Flaws Allowing Undetectable Downgrade Attacks appeared first on SecurityWeek.

SecurityWeek – ​Read More

Implement MFA or Risk Non-Compliance With GDPR

The UK Information Commissioner’s Office announced its intention to fine Advanced Computer Software Group £6.09 million.

The post Implement MFA or Risk Non-Compliance With GDPR appeared first on SecurityWeek.

SecurityWeek – ​Read More

Federal Watchdog Urges EPA to Develop Comprehensive Cyber Strategy to Protect Water Systems

The U.S. Government Accountability Office is urging the Environmental Protection Agency (EPA) to develop a comprehensive strategy to protect the nation’s drinking and wastewater systems from cyber threats.

Cyware News – Latest Cyber News – ​Read More

New Linux Kernel Exploit Technique ‘SLUBStick’ Discovered by Researchers

Cybersecurity researchers have shed light on a novel Linux kernel exploitation technique dubbed SLUBStick that could be exploited to elevate a limited heap vulnerability to an arbitrary memory read-and-write primitive.
“Initially, it exploits a timing side-channel of the allocator to perform a cross-cache attack reliably,” a group of academics from the Graz University of Technology said [PDF]. ”

The Hacker News – ​Read More