Vulnerabilities

CERT-In has highlighted several critical vulnerabilities predominantly affect Android devices operating on older versions like 11, 12, 12L, and 13, and said that the devices are highly critical and susceptible to DoS attacks and getting hacked…

CERT-In — or Indian Computer Emergency Response Team — has warned of several security vulnerabilities affecting multiple versions of Android. These security flaws, if exploited by a malicious user, could be used to execute dangerous code, collect sensitive data, and launch a denial-of-service (DoS) attack on a victim. The security vulnerabilities affect three major versions of Android, across various parts of Google's operating system (OS) — from the framework to components from Arm, MediaTek, Qualcomm, Unisoc, and…

iPhone and iPad owners should update their devices to the latest available versions of iOS and iPadOS, especially older models that were not eligible to receive the latest version of iOS, according to CERT-In — or Indian Computer Emergency Response Team. The nodal security agency tasked with handling cybersecurity threats in the country recently issued a vulnerability note that warns of security flaws affecting some models running on iOS 16.7 or iPadOS 16.7 and older versions and asks users to update their devices.In its…

On March 20th, 2023, OpenAI took down the popular generative AI tool ChatGPT for a few hours. It later admitted that the reason for the outage was a software supply chain vulnerability that originated in the open-source in-memory data store library 'Redis.'   As a result of this vulnerability, there was a time window (between 1-10 am PST on March 20) where users could accidentally access other users' chat history titles and possibly expose payment-related information such as names, email addresses, payment addresses,…

INL intern, Jake Guidry, is using the AcCCS system to interface with an electric vehicle through the CCS charge port to evaluate the cybersecurity posture of the charging communication protocols. Credit: Idaho National Laboratory Idaho National Laboratory intern Jake Guidry has developed a cybersecurity research tool that could improve the security of electric vehicle charging.…

Explore blockchain’s capabilities and weaknesses in safeguarding your assets. Blockchain technology has emerged as a revolutionary concept in recent years, promising enhanced security and transparency in various industries. It has gained significant attention for its potential to transform traditional systems and processes. However, while blockchain offers numerous advantages, it is essential to recognize that it is not a remedy for all cyber-attacks. In this article, we will explore the concept of blockchain technology,…

Microsoft has patched as many as four vulnerabilities in its Office suite that includes Word, Excel, PowerPoint, Outlook as well as Office Web, Check Point Research said on Tuesday. These vulnerabilities could allow an attacker to impact users through malicious Office documents. The cybersecurity firm identified the security loopholes using an automated software technique called “fuzzing” and reported them to Microsoft in February. While three of the vulnerabilities were fixed last month, the company was able to patch the…

Israeli digital surveillance for hire giant NSO Group reportedly deployed at least three newattacks last year targeting human rights workers and other members of civil society spread out around the world using Apple devices. All of those “zero-click” exploits, according to new research from The Citizen Lab, could tap NSO into a victim’s device without them ever having to click a dirty link or any interaction by the target. Though the new attacks highlight NSO’s continued effort to crack Apple products, there is a silver…

OpenAI will start paying people as much as $20,000 to help the company find bugs in its artificial intelligence systems, such as the massively popular ChatGPT chatbot.The AI company wrote in a blog post on Tuesday that it has rolled out a bug bounty program through which people can report weaknesses, bugs or security problems they find while using its AI products. Such programs, which are common in the tech industry, entail companies paying users for reporting bugs or other security flaws. OpenAI said it's rolling it out…

Today Apple has released iOS 16.4.1 and iPadOS 16.4.1 to the public, and your iPhone or iPad may have already notified you about the availability, as Apple pushes such updates to everyone at the same time. You should probably install the update as soon as possible, as it comes with fixes for a couple of actively exploited vulnerabilities. The IOSurfaceAccelerator vulnerability allowed an app to execute arbitrary code with kernel privileges, while the WebKit vulnerability could let maliciously crafted web content to…