Chipmakers Intel and AMD this week released patches for multiple security vulnerabilities in a wide range of product lines, including fixes for a series of high-risk issues in software drivers. AMD published three bulletins this week documenting at least 27 security problems in the AMD Graphics Driver for Windows 10. Exploitation of these flaws could ..
The NSA and the DHS’s Cybersecurity and Infrastructure Security Agency (CISA) on Thursday released the first in a series of guidance documents for securing 5G cloud infrastructure. The guidance comes from the Enduring Security Framework (ESF), a public-private partnership between the NSA, CISA, the Defense Department, the intelligence community, as well as IT, communications, and ..
Technology giants Intel Corp. and VMWare joined the Patch Tuesday parade this week, rolling out fixes for security defects that expose users to malicious hacker attacks. Intel released two advisories to fix privilege escalation and information disclosure vulnerabilities in the SGX software development kit and Hardware Accelerated Execution Manager (HAXM) software products. The more serious ..
A threat group is distributing the little-known Sarwent Trojan via a fake website that impersonates Amnesty International and claims to deliver protection against the Pegasus mobile malware. According to security researchers at Cisco Talos, the attack targets individuals who believe they might have been targeted by the NSO Group’s Pegasus spyware and might be associated with ..
Endpoint security platform Kolide on Thursday announced that it has raised $17 million in Series B funding, for a total of $27 million raised to date. The funding round was led by Boston-based venture capital OpenView Partners. Matrix Partners, who led Kolide’s Series A, also invested in the new round. Kolide sells a Security-as-a-Service (SaaS) ..
A critical vulnerability in the official Facebook for WordPress plugin could be abused to upload arbitrary files, essentially leading to remote code execution, according to a warning from security researchers at Wordfence. Formerly known as Official Facebook Pixel, the Facebook for WordPress plugin is used on more than 500,000 sites, allowing administrators to capture actions ..
A design flaw discovered in the architecture of 5G network slicing can allow malicious actors to access potentially sensitive data and launch denial-of-service (DoS) attacks, mobile network security company AdaptiveMobile Security warned this week. 5G network slicing enables operators to provide different amounts of resources to different types of traffic — based on their needs ..
Facebook’s threat intelligence team says it has disrupted a sophisticated Chinese spying team that routinely use iPhone and Android malware to hit journalists, dissidents and activists around the world. The hacking group, known to malware hunters as Evil Eye, has used Facebook to plant links to watering hole websites rigged with exploits for the two ..
Social media and advertising giant Facebook today announced that it is now allowing mobile users to secure their accounts with the help of security keys. Available for Facebook’s desktop users since 2017, the authentication method requires that the user confirm authentication requests with the help of a physical security key. This additional authentication step is ..
Apple on Thursday published the latest edition of its Platform Security Guide, which provides detailed technical information on the security technologies and features implemented in its products. Apple started releasing security guides for its iOS operating system in 2015 and since 2019 has been publishing platform security guides that encompass information on iOS, macOS and ..