Axis Communications AB, a Swedish manufacturer of network cameras for physical security and video surveillance, has patched seven security flaws across nearly 400 security camera models.
What a horrible year in security for Intel. First we had the Meltdown and Spectre vulnerabilities that never seem to go away. Now Intel has announced a new speculative execution side channel vulnerability involving "Lazy FP state restore" that could allow a malicious program to read data being used by other processes.
Microsoft has released the criteria used to determine whether a reported and confirmed vulnerability is resolved through a security update or in the next version of Windows. These criteria were released in order to provide insight into the decision making progress and to receive feed back from security researchers.
Microsoft has patched a vulnerability in the Cortana smart assistant that could have allowed an attacker with access to a locked computer to use the smart assistant and access data on the device, execute malicious code, or even change the PC's password to access the device in its entirety.
A bug exists in third-party Mac security programs from Facebook, Google, VirusTotal, and more that allow malware to appear as legitimate programs code-signed by Apple.
F-Secure has fixed a severe vulnerability in its home and enterprise antivirus products that could have allowed an attacker to execute malicious code on the user's machine and take over affected PCs
Security researchers have uncovered vulnerabilities affecting the firmware of Supermicro server products. Discovered by the Eclypsium team, these vulnerabilities affect both older and newer models of Supermicro products, but the vendor is working on addressing the issues.
Chinese firm Foscam has published firmware updates to address three vulnerabilities in multiple models of IP-based cameras. The flaws, when exploited, allow an attacker to take control of vulnerable cameras, and especially those left connected online via a public IP address.
Security researchers have disclosed today details about a critical vulnerability impacting open source coding libraries that handle archived files.
Two months after the Drupal project released a patch for a highly critical security flaw, there are over 115,000 Drupal sites that have failed to install the fix and are now at the mercy of cyber-criminals.
Valve developers have recently patched a severe security flaw that affected all versions of the Steam gaming client released in the past ten years.The vulnerability would have allowed an attacker to execute malicious code on any of Steam's 15 million gaming clients.
A vulnerability exists in the Windows operating system's JScript component that can allow an attacker to execute malicious code on a user's computer.
The developers behind Git and various companies providing Git repository hosting services have pushed out a fix to patch a dangerous vulnerability in the Git source code versioning software.
Oracle plans to drop support for data serialization/deserialization from the main body of the Java language, according to Mark Reinhold, chief architect of the Java platform group at Oracle.
The Z-Wave wireless communications protocol used for some IoT/smart devices is vulnerable to a downgrade attack that can allow a malicious party to intercept and tamper with traffic between smart devices.
A hacker found a way around a previous patch in the Verge cryptocurrency source code and took advantage of the flaw to monopolize mining operations and create Verge coins (XVG) at a rapid pace.
BMW is working on firmware updates for some of its cars after researchers from the Tencent Keen Security Lab have discovered 14 flaws affecting high-profile car models such as BMW i Series, BMW X Series, BMW 3 Series, BMW 5 Series, and BMW 7 Series.
DrayTek, a Taiwan-based manufacturer of broadband CPE (Customer Premises Equipment) such as routers, switches, firewalls, and VPN devices, announced today that hackers are exploiting a zero-day vulnerability to change DNS settings on some of its routers.
A team of nine academics is warning the world about a critical vulnerability in the OpenPGP and S/MIME email encryption tools. The flaw, if exploited, allow an attacker to decrypt sent or received messages, according to the researcher team.