Vulnerabilities

A malicious actor can weaponize the bug to acquire the Azure Data Factory service certificate and access another tenant’s Integration Runtimes Microsoft is reporting that a vulnerability in its Azure Automation service was mitigated in December, following its discovery by a researcher at Orca Security, and that there’s no evidence the vulnerability was exploited by hackers. Had it not been caught and fixed, the critical vulnerability could have allowed someone to cross from one tenant within Azure to another…

Electronic voting machines from a leading vendor used in at least 16 states have software vulnerabilities that leave them susceptible to hacking if unaddressed, the nation's leading cybersecurity agency says in an advisory sent to state election officials.The US Cybersecurity and Infrastructure Agency, or CISA, said there is no evidence the flaws in the Dominion Voting Systems' equipment have been exploited to alter election results. The advisory is based on testing by a prominent computer scientist and expert witness in…

Kate Brumback / Associated Press: CISA says Dominion's voting machines used in at least 16 states have nine vulnerabilities that have not been exploited, and suggests mitigation measures — ATLANTA (AP) — Electronic voting machines from a leading vendor used in at least 16 states have software vulnerabilities that leave … Kate Brumback / Associated Press: CISA says Dominion's voting machines used in at least 16 states have nine vulnerabilities that have not been exploited, and…

Sergiu Gatlan / BleepingComputer: Microsoft researchers find high severity vulnerabilities in mce Systems' framework used by Android apps from carriers including AT&T, Telus, Rogers, and Bell — Microsoft security researchers have found high severity vulnerabilities in a framework used by Android apps from multiple large international mobile service providers. Sergiu Gatlan / BleepingComputer: Microsoft researchers find high severity vulnerabilities in mce Systems' framework used by Android…

Zoom is rolling out a major security update to its videoconferencing platform. The update patches several vulnerabilities including a couple of high-severity issues discovered by security researchers at Google Project Zero.One of the vulnerabilities patched with this update allowed remote code execution. Sending a specially crafted message enabled a malicious actor to trick Zoom users to connect to a middle server without them noticing any anomaly. The attacker could then launch a more sophisticated attack. They could…

If you are using Samsung Galaxy A53 or Galaxy S20 FE, then know your device just got a major security update to fix several vulnerabilities. Here’s how to download it. Samsung Galaxy S20 FE 5G LTE has started getting the May 2022 Android security patch just a week ago. And now, its LTE variant will start getting the latest security update. The May update for the Galaxy S20 FE LTE is already available in several countries across the world for users to download…

Google Chrome on desktop is affected by multiple vulnerabilities that could allow hackers to gain access to sensitive information and bypass security restrictions, the government has warned users through a note released by the Indian Computer Emergency Response Team (CERT-In). The nodal agency for cybersecurity threats has advised Chrome users in the country to update the browser on their systems to avoid security issues. Google had acknowledged the loopholes existed within the Chrome browser and released its…

Microsoft has revealed that it discovered a list of vulnerabilities that could allow bad actors to gain root system rights on Linux systems. Collectively called Nimbuspwn, the vulnerabilities could potentially be leveraged by attackers as a vector for root access by more sophisticated threats including malware and ransomware, the software giant said. The security flaws exist in a system component that is widely available on Linux distributions. Fixes for the reported vulnerabilities have been deployed by the maintainer of…

Apple appears to have ignored macOS Big Sur and macOS Catalina while fixing two zero-day vulnerabilities that it patched in macOS Monterey 12.3.1 last week. The issues were found in Apple's audio and video decoding framework AppleAVD and the Intel graphics driver. Separately, Apple has released the first public beta of macOS Monterey 12.4 just a day after providing the update to developers. Exact details on when the new macOS release will be available to users publicly are yet to be revealed, though.Security software…