SafeBreach security researcher Alon Leviev discovered a Windows Update downgrade attack that can “unpatch” fully-updated Windows 10, Windows 11, and Windows Server systems to reintroduce old vulnerabilities […]
McLaren hospitals disruption linked to INC ransomware attack
On Tuesday, IT and phone systems at McLaren Health Care hospitals were disrupted following an attack linked to the INC Ransom ransomware operation. […]
Over 40,000 Internet-Exposed ICS Devices Found in US: Censys
Censys has found more than 40,000 internet-exposed ICS devices in the US, and notifying owners is in many cases impossible.
The post Over 40,000 Internet-Exposed ICS Devices Found in US: Censys appeared first on SecurityWeek.
UK IT provider faces $7.7 million fine for 2022 ransomware breach
The UK’s Information Commissioner’s Office (ICO) has announced a provisional decision to impose a fine of £6.09M ($7.74 million) on Advanced Computer Software Group Ltd (Advanced) for its failure to protect the personal information of tens of thousands when it was hit by ransomware in 2022. […]
GhostWrite Vulnerability Facilitates Attacks on Devices With RISC-V CPU
Researchers disclose the details of GhostWrite, a RISC-V CPU vulnerability that can be exploited to gain full access to targeted devices.
The post GhostWrite Vulnerability Facilitates Attacks on Devices With RISC-V CPU appeared first on SecurityWeek.
macOS Sequoia brings better Gatekeeper, stalkerware protections
Apple’s macOS Sequoia, now in beta testing, will make it harder to bypass Gatekeeper warnings and add system alerts for potential stalkerware threats. […]
Critical Progress WhatsUp RCE flaw now under active exploitation
Threat actors are actively attempting to exploit a recently fixed Progress WhatsUp Gold remote code execution vulnerability on exposed servers for initial access to corporate networks. […]
Researcher Sounds Alarm on Windows Update Flaws Allowing Undetectable Downgrade Attacks
Researcher showcases hack against Microsoft Windows Update architecture, turning fixed vulnerabilities into zero-days.
The post Researcher Sounds Alarm on Windows Update Flaws Allowing Undetectable Downgrade Attacks appeared first on SecurityWeek.
Implement MFA or Risk Non-Compliance With GDPR
The UK Information Commissioner’s Office announced its intention to fine Advanced Computer Software Group £6.09 million.
The post Implement MFA or Risk Non-Compliance With GDPR appeared first on SecurityWeek.
New Linux Kernel Exploit Technique ‘SLUBStick’ Discovered by Researchers
Cybersecurity researchers have shed light on a novel Linux kernel exploitation technique dubbed SLUBStick that could be exploited to elevate a limited heap vulnerability to an arbitrary memory read-and-write primitive.
“Initially, it exploits a timing side-channel of the allocator to perform a cross-cache attack reliably,” a group of academics from the Graz University of Technology said [PDF]. “
“Initially, it exploits a timing side-channel of the allocator to perform a cross-cache attack reliably,” a group of academics from the Graz University of Technology said [PDF]. “