vulnerability

Attackers can bypass authentication on VMware ESXi due to vulnerability

by
Attackers can bypass authentication on VMware ESXi due to vulnerability

VMware has disclosed three critical vulnerabilities in its ESXi hypervisor that could allow attackers to bypass authentication mechanisms. These vulnerabilities, identified as CVE-2024-37085, CVE-2024-37086, and CVE-2024-37087, pose significant risks to organizations utilizing VMware ESXi in their virtualized environments. The vulnerabilities impact the authentication processes within VMware ESXi, potentially enabling unauthorized access to the system. CVE-2024-37085 … Read more

Google’s Project Naptime Targets AI-Powered Vulnerability Research

by
Google’s Project Naptime Targets AI-Powered Vulnerability Research

Google security analysts are working on Project Naptime, a framework that aims to allow large language models (LLMs) to conduct automated vulnerability investigations and malware variant scans. This project, developed by Google’s Project Zero team, seeks to enable LLMs to follow a systematic, hypothesis-driven approach similar to that of human security professionals. Named “Naptime” as … Read more

Attention Google Pixel Users: Immediate Action Required to Secure Device Against Security Vulnerability

by

The Cybersecurity and Infrastructure Security Agency (CISA) is warning Google Pixel phone users to update their devices due to a serious security issue identified as CVE-2024-32896. This vulnerability could potentially allow attackers to access personal information stored on the device. The US government has instructed its employees with Google Pixel phones to update their devices … Read more

Cyble’s Weekly Vulnerability Report: Critical Security Flaws Found in Microsoft, VMware, Veeam, and ASUS Products

by
Cyble’s Weekly Vulnerability Report: Critical Security Flaws Found in Microsoft, VMware, Veeam, and ASUS Products

Last week, Cyble Research & Intelligence Labs (CRIL) analyzed 154 vulnerabilities in their weekly report, which included critical flaws in products from Microsoft, VMware, Veeam, and ASUS. The report highlighted that 126 of these vulnerabilities affected Siemens industrial control systems (ICS) products, posing a risk to critical manufacturing infrastructure. Despite the discovery of approximately 25,000 … Read more

Google Announces Project Naptime for AI-Powered Vulnerability Research

by
Google Announces Project Naptime for AI-Powered Vulnerability Research

Google’s Naptime project aims to improve automated discovery of vulnerabilities using a large language model (LLM). The project focuses on the interaction between an AI agent and a target code base, equipping the agent with specialized tools to mimic the workflow of a vulnerability investigator. Named for allowing humans to “take regular naps” while aiding … Read more

UEFIcanhazbufferoverflow: The Far-reaching Impact of a Vulnerability in Common PC and Server Firmware – Eclypsium | Enhancing Supply Chain Security in Today’s Enterprises

by
UEFIcanhazbufferoverflow: The Far-reaching Impact of a Vulnerability in Common PC and Server Firmware – Eclypsium | Enhancing Supply Chain Security in Today’s Enterprises

Eclypsium’s automated binary analysis system, Automata, has uncovered a significant vulnerability in the Phoenix SecureCore UEFI firmware used on various Intel Core processor families, including AlderLake, CoffeeLake, CometLake, IceLake, JasperLake, KabyLake, MeteorLake, RaptorLake, RocketLake, and TigerLake. This vulnerability, identified as CVE-2024-0762 with a CVSS score of 7.5, involves an unsafe variable in the Trusted Platform … Read more

New vulnerability in Phoenix UEFI firmware puts many Intel chips at risk, echoing worries raised by BlackLotus

by
New vulnerability in Phoenix UEFI firmware puts many Intel chips at risk, echoing worries raised by BlackLotus

A new vulnerability has been discovered in Intel-based devices, including those using the latest Raptor Lake platform, that could allow attackers to gain unauthorized access to PCs through UEFI firmware. The flaw, known as CVE-2024-0762, was identified by cybersecurity firm Eclypsium in the Phoenix SecureCore UEFI firmware on Lenovo ThinkPad X1 Carbon 7th Generation and … Read more

Firmware Vulnerability Impacts Multiple Intel CPU Generations – Critical UEFI Code Execution Flaw Discovered in CPUs from 14th Gen Raptor Lake to 6th Gen Skylake, No Protection from TPM

by
Firmware Vulnerability Impacts Multiple Intel CPU Generations – Critical UEFI Code Execution Flaw Discovered in CPUs from 14th Gen Raptor Lake to 6th Gen Skylake, No Protection from TPM

Cybersecurity firm Eclypsium has uncovered significant security vulnerabilities in the Phoenix SecureCore UEFI firmware used by various Intel CPU and motherboard vendors across different generations. These vulnerabilities, dubbed “UEFIcanhazbufferoverflow,” are due to an insecure call to the UEFI service “GetVariable,” which could lead to a stack buffer overflow and allow malicious code execution. This kind … Read more

High-Risk Overflow Vulnerability Found in Intel Chips Affecting Hundreds of PC Models

by
High-Risk Overflow Vulnerability Found in Intel Chips Affecting Hundreds of PC Models

A recently discovered vulnerability in Intel processors could impact a large number of computers. The vulnerability, known as CVE-2024-0762 or “UEFIcanhazbufferoverflow,” is a buffer overflow issue in Phoenix Technologies’ SecureCore Unified Extensible Firmware Interface (UEFI) firmware. Initially disclosed by the supplier in May, it has now been detailed by Eclypsium researchers after being identified in … Read more

Intel Processor Vulnerability Causes Buffer Overflow Flaw in UEFI, Affecting Hundreds of PCs and Servers

by
Intel Processor Vulnerability Causes Buffer Overflow Flaw in UEFI, Affecting Hundreds of PCs and Servers

A new vulnerability has been discovered in the Phoenix SecureCore UEFI firmware that affects multiple desktop and mobile Intel Core processors. The vulnerability, identified as CVE-2024-0762 with a severity level of 7.5, was first detected on the Lenovo ThinkPad X1 Carbon 7th Gen and SecureCore versions firmware. Known as UEFIcanhazbufferoverflow, this vulnerability has been found … Read more