8 matches found
768 CVEs Exploited in 2024, Reflecting a 20% Increase from 639 in 2023
As many as 768 vulnerabilities with designated CVE identifiers were reported as exploited in the wild in 2024, up from 639 CVEs in 2023, registering a 20% increase year-over-year. Describing 2024 as "another banner year for threat actors targeting the exploitation of vulnerabilities," VulnCheck...
Researchers Uncover Vulnerabilities in Solarman and Deye Solar Systems
Cybersecurity researchers have identified a number of security shortcomings in photovoltaic system management platforms operated by Chinese companies Solarman and Deye that could enable malicious actors to cause disruption and power blackouts. "If exploited, these vulnerabilities could allow an...
Researchers Uncover Wiretapping of XMPP-Based Instant Messaging Service
New findings have shed light on what's said to be a lawful attempt to covertly intercept traffic originating from jabber.ru aka xmpp.ru, an XMPP-based instant messaging service, via servers hosted on Hetzner and Linode a subsidiary of Akamai in Germany. "The attacker has issued several new TLS...
Unpatched ShareIT Android App Flaw Could Let Hackers Inject Malware
Multiple unpatched vulnerabilities have been discovered in SHAREit, a popular app with over one billion downloads, that could be abused to leak a user's sensitive data, execute arbitrary code, and possibly lead to remote code execution. The findings come from cybersecurity firm Trend Micro's...
This Retail Website Considers Password Security Optional
Most gaping security holes are terrible mistakes. But for one major Hong Kong-based online retailer called Strawberrynet, its security shortcomings are a feature. Like many ecommerce sites, registered users have an option for express checkout. What makes beauty-products website Strawberrynet uniq...
Black Hat 2014: Multipath TCP Introduces Security Blind Spot
If multipath TCP is the next big thing to bring resilience and efficiency to networking, then there are some serious security issues to address before it goes mainstream. MPTCP is an extension to the Internet’s primary communication protocol. It allows a TCP session to move over multiple...
Study: Three Of Four Energy Firms Had Data Breach In Last Year
Three quarters of global energy corporations have suffered one or more data breaches in the last 12 months, according to a new survey by The Ponemon Institute, which finds evidence of widespread shortcomings in the energy and utilities vertical. The report, “The State of IT Security: Study of...
'SMS of Death' Attacks Can Crash the Simplest of Phones
Malicious text messages can crash many types of mobile phones, including devices by Samsung, Sony Ericsson, Motorola and LG, according to a presentation given at the Chaos Communication Congress hacking conference this week in Berlin. Nicknamed ‘SMS of Death,’ the attacks were outlined by Collin...