In a recent security assessment conducted by Kaspersky experts, significant vulnerabilities were identified in the biometric readers produced by ZKTeco. These devices, widely used in high-security sectors such as nuclear plants, hospitals, and offices, support advanced authentication methods including facial recognition and QR-code scanning. According to Kaspersky, these vulnerabilities pose a serious risk, potentially allowing…
Category: Vulnerabilities
Essential Tips for Writing Secure Code
This article aims to provide tips for writing secure code in Golang. However, these tips are applicable to other programming languages as well. I Don’t Care if My Code is Secure or Not, It Works! Don’t think like this. It’s important to protect your code from attackers. Sometimes writing secure code can be overwhelming but…
Netflix Bug Bounty Program Surpasses $1 Million in Payouts
Since the launch of its bug bounty program in 2016, Netflix has paid out more than $1 million for vulnerabilities discovered in its systems and products. The streaming giant announced on Tuesday that over 5,600 researchers have contributed to the program, submitting nearly 8,000 unique vulnerability reports. Rewards have been distributed for 845 vulnerabilities, with…
CISA Launches Vulnrichment Project to Enhance CVE Records
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has unveiled the “Vulnrichment” initiative, designed to enhance Common Vulnerabilities and Exposures (CVE) records with additional metadata, aiding organizations in prioritizing vulnerability remediation. Hosted on a public GitHub repository, the Vulnrichment project aims to augment CVE records with vital data points, including: CISA utilizes its Stakeholder-Specific Vulnerability…
Litespeed Cache Vulnerability Grants Unauthorized WordPress Admin Access
Hackers are exploiting an outdated version of the LiteSpeed Cache plugin to target WordPress websites, establishing administrator accounts and seizing control of the sites. LiteSpeed Cache (LS Cache) is a caching plugin used in over five million WordPress sites, promising faster page loads, enhanced visitor experiences, and improved Google Search rankings. In April, Automattic’s security…
Hosts Vulnerable to Remote Code Execution Due to Critical Tinyproxy Flaw
More than half of the 90,310 hosts with exposed Tinyproxy services are susceptible to CVE-2023-49606, a critical security flaw that threatens remote code execution. This vulnerability, highlighted by Cisco Talos, underscores the urgency for prompt action to safeguard internet infrastructure. Extent of Vulnerability The vulnerability, rated 9.8 out of 10 on the CVSS scale, affects…
CISA Warns of Ongoing Exploitation of Serious GitLab Password Reset Vulnerability
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has elevated a critical flaw affecting GitLab to its Known Exploited Vulnerabilities (KEV) catalog due to its ongoing exploitation in live environments. Identified as CVE-2023-7028 (CVSS score: 10.0), this high-severity vulnerability could facilitate unauthorized account access through the manipulation of password reset emails, targeting unverified email addresses….
Critical R Programming Vulnerability Enables Supply Chain Attacks
Exploitable R Programming Language Vulnerability (CVE-2024-27322) Enables Arbitrary Code Execution and Supply Chain Attacks. Vulnerability in R Programming Language A Critical R Programming Language Vulnerability (CVE-2024-27322) Allows Arbitrary Code Execution via Malicious RDS Files, Posing Supply Chain Threats, reported by AI Security Firm HiddenLayer. Discovered within R’s serialization and deserialization process for RDS (R Data…