‘root
-
WARNING: Expiring Root Certificate May Disable Firefox Add-Ons, Security Features, and DRM Playback
·
Browser maker Mozilla is urging users to update their Firefox instances to the latest version to avoid facing issues with using add-ons due to the impending expiration of a root certificate. “On March 14, 2025, a root certificate used to verify signed content and add-ons for various Mozilla projects, including Firefox, will expire,” Mozilla said.…
-
Stretched Agency Must Balance HIPAA Enforcement With Policing DEI in HealthcareHHS investigators charged with protecting the civil rights and privacy of patients are now assigned to finding and stamping out diversity, equity and inclusion programs at universities and hospitals, with DEI now deemed discriminatory under the Trump administration.
-
Stretched Agency Must Balance HIPAA Enforcement With Policing DEI in HealthcareHHS investigators charged with protecting the civil rights and privacy of patients are now assigned to finding and stamping out diversity, equity and inclusion programs at universities and hospitals, with DEI now deemed discriminatory under the Trump administration.
-
The CVE Program is pleased to announce that the Red Hat Root has now established a “CVE Numbering Authority of Last Resort (CNA-LR)” to assign CVE Identifiers (CVE IDs) and to publish corresponding CVE Records for vulnerabilities in software developed by a CNA within the Red Hat Root hierarchy. As a Root, “Red Hat’s scope…
-
A critical zero-day vulnerability in Parallels Desktop virtualization software has been publicly disclosed after seven months of unresolved reporting, enabling attackers to escalate privileges to the root level on macOS systems. The proof-of-concept (PoC) exploit code demonstrates two distinct bypass methods that circumvent existing patches for CVE-2024-34331, a previously addressed privilege escalation flaw. Technical Overview…
-
2024 will be remembered as the year cybersecurity became everyone’s business. From hospital patient records to critical infrastructure, breaches exposed a harsh truth: modern cyber defenses can crumble with a single misconfigured setting, unpatched vulnerability, or third-party oversight. This was the year that proved cybersecurity isn’t just an IT checklist, it’s an organizational survival skill.
-
Legit Security announced new root cause remediation capabilities, allowing teams to address multiple software vulnerabilities with one practical step. By pinpointing the choke points where remediation actions can address multiple issues at once, security teams accelerate risk reduction and reduce the burden on developers. “Our newest capabilities expand our customers’ ability to execute the most…
-
Get details on Legit’s new capabilities that allow teams to quickly fix what matters most. Finding issues isn’t the problem. Enterprise security teams face a daily flood of application security findings. Often, many of these vulnerabilities stem from a singular weakness or misconfiguration point, yet they’re still typically triaged and remediated individually. This makes remediating vulnerabilities at scale hard, even with all…
-
Threat actors are always on the hunt for root shells, their golden ticket to anonymous malware deployment and other shady activities. In this blog, we dive into a security nightmare: the staggering number of pre-hacked devices with open root shells readily available on Censys. Think of it as a buffet for hackers — no exploitation needed, just…
-
Have you ever encountered an app that blocks screenshots due to security policies? While these restrictions are meant to protect sensitive information, they can be inconvenient when you need to save a screen for reference. The good news is that you can bypass screenshot restrictions in apps without rooting your device. In this guide, we…
-
SHARP has issued an urgent security advisory regarding multiple vulnerabilities discovered in several of its router products. Customers using the affected devices are strongly urged to update their firmware immediately to secure their networks against potential attacks. Below is a detailed overview of the vulnerabilities, the affected products, and the recommended actions. SHARP has outlined…
-
The Data Retention Challenge One of the most significant challenges under NIS2 is the responsibility to retain log and telemetry data for extended periods, ensuring root cause investigations can be performed following cybersecurity incidents.
-
A newly discovered vulnerability in the TP-Link Archer AXE75 router, tracked as CVE-2024-53375, could allow remote attackers to execute arbitrary commands on vulnerable devices. This critical flaw, identified by security researcher Thanatos, affects the HomeShield functionality of the router and has been confirmed to be exploitable on firmware version 1.2.2 Build 20240827.
-
Popular FTP server ProFTPD has been found to contain a critical security flaw that could allow attackers to gain root access to vulnerable systems. The vulnerability, tracked as CVE-2024-48651 (CVSS 7.5), exists in the mod_sql component of ProFTPD versions 1.3.8b and earlier.
-
A security researcher uncovered a critical macOS vulnerability involving privilege escalation in Apple’s MallocStackLogging framework, which had gone undetected for nearly 20 years. The bug, tracked as CVE-2023-32428, was discovered in March 2023 and subsequently patched by Apple in October.
-
A security researcher uncovered a critical macOS vulnerability involving privilege escalation in Apple’s MallocStackLogging framework, which had gone undetected for nearly 20 years. The bug, tracked as CVE-2023-32428, was discovered in March 2023 and subsequently patched by Apple in October.
-
Security researcher Gergely Kalman has detailed a high-severity vulnerability in Apple’s MallocStackLogging framework that could allow attackers to gain local privilege escalation (LPE) on macOS systems. The flaw, designated CVE-2023-32428 with a CVSS score of 7.8, demonstrates how seemingly helpful developer tools can be manipulated to bypass security measures and compromise high-privilege operations.
-
Researchers from Qualys recently revealed critical vulnerabilities in the Linux utility needrestart. This tool is an indispensable resource for administrators as it monitors whether systems or services need restarting after package updates.
-
Multiple decade-old Local Privilege Escalation (LPE) vulnerabilities discovered within the needrestart component installed by default in Ubuntu Server might allow a local attacker to achieve root access.