Latest News

2021/06/10

Intel Plugs 29 Holes in CPUs, Bluetooth, Security

Intel has unleashed 29 security advisories to plug up some serious bugs in the BIOS firmware for Intel processors, as well as in its Bluetooth products, Active Management Technology tools, the NUC Mini PC line, and, ironically, in its own security library.

Details about the advisories can be found at Intel’s Product Security Center.

Intel’s senior director of communications, Jerry Bryant, said in a blog post on Wednesday that Intel’s mostly digging these security issues up internally – as in, 95 percent – through its own diligence, with big chunks of them coming through its bugs bounty program and the company’s own research.
2021/05/26

Critical RCE Vulnerability Found in VMware vCenter Server — Patch Now!

VMware has rolled out patches to address a critical security vulnerability in vCenter Server that could be leveraged by an adversary to execute arbitrary code on the server.

Tracked as CVE-2021-21985 (CVSS score 9.8), the issue stems from a lack of input validation in the Virtual SAN (vSAN) Health Check plug-in, which is enabled by default in the vCenter Server. "A malicious actor with network access to port 443 may exploit this issue to execute commands with unrestricted privileges on the underlying operating system that hosts vCenter Server," VMware said in its advisory.
2021/05/26

Apple Patches Zero-Day Flaw in MacOS that Allows for Sneaky Screenshots

Apple has patched a critical bug in macOS that could be exploited to take screenshots of someone’s computer and capture images of their activity within applications or on video conferences without that person knowing.

Apple addressed the vulnerability—discovered by researchers at enterprise cybersecurity firm Jamf— in the latest version of macOS, Big Sur 11.4, released on Monday, the company told Forbes, according to a published report.
2021/05/13

Wormable Windows Bug Opens Door to DoS, RCE

Microsoft’s May Patch Tuesday release addressed a modest 55 cybersecurity vulnerabilities, including just four critical bugs. It’s the smallest monthly update from the computing giant since 2020, but it does contain a patch for a concerning wormable vulnerability found in the Windows OS.

The good news is that none of the vulnerabilities are being actively exploited in the wild, according to Microsoft, though three are listed as publicly known.
2021/05/10

Major U.S. Pipeline Crippled in Ransomware Attack

Colonial Pipeline Company says it is the victim of a cyberattack that forced the major provider of liquid fuels to the East Coast to temporarily halted all pipeline operations.

A ransomware attack is being blamed for halting pipeline activities for the Colonial Pipeline Company, which supplies the East Coast with roughly 45 percent of it liquid fuels.

In a statement released Saturday, the Colonial Pipeline Company said it temporarily halted pipeline operations in response to a cyberattack impacting the company on Friday.