New Windows/Linux Firmware Attack
Interesting attack based on malicious pre-OS logo images: LogoFAIL is a constellation of two dozen newly discovered vulnerabilities that have…
Security
Apple released iOS 17.2 to address a dozen of security flaws
Apple rolled out emergency security updates to backport patches for two actively exploited zero-day flaws to older devices. The company…
Toyota Financial Services discloses a data breach
Toyota Financial Services (TFS) disclosed a data breach, threat actors had access to sensitive personal and financial data. Toyota Financial…
Apache fixed Critical RCE flaw CVE-2023-50164 in Struts 2
The Apache Software Foundation addressed a critical remote code execution vulnerability in the Apache Struts 2 open-source framework. The Apache…
Facebook Enables Messenger End-to-End Encryption by Default
It’s happened. Details here, and tech details here (for messages in transit) and here (for messages in storage) Rollout to…
CISA adds Qlik Sense flaws to its Known Exploited Vulnerabilities catalog
U.S. Cybersecurity and Infrastructure Security Agency (CISA) adds two Qlik Sense vulnerabilities to its Known Exploited Vulnerabilities catalog. The U.S.…
CISA and ENISA signed a Working Arrangement to enhance cooperation
ENISA has signed a Working Arrangement with the US CISA to enhance capacity-building, best practices exchange and awareness. The European…
Researcher discovered a new lock screen bypass bug for Android 14 and 13
Researchers discovered a lock screen bypass bug in Android 14 and 13 that could expose sensitive data in users’ Google…
WordPress 6.4.2 fixed a Remote Code Execution (RCE) flaw
WordPress 6.4.2 addressed a security vulnerability that could be chained with another flaw to achieve remote code execution. WordPress released…
Security Affairs newsletter Round 449 by Pierluigi Paganini – INTERNATIONAL EDITION
A new round of the weekly SecurityAffairs newsletter arrived! Every week the best security articles from Security Affairs are free…