Ubuntu and some other Linux distributions suffer from a severe privilege escalation vulnerability that could allow a local attacker or a malicious program to obtain root privileges and total control over the targeted system.

It's not just your processor and operating system that are affected by the Meltdown and Spectre memory vulnerabilities -- your graphics card is, too. To that end, NVIDIA has detailed how its GPUs are affected by the speculative execution attacks and has started releasing updated drivers that tackle the issue. All its GeForce, Quadro, NVS, Tesla and GRID chips appear to be safe from Meltdown (aka variant 3 of the attacks), but are definitely susceptible to at least one version of Spectre (variant 1) and "potentially affected" by the other (variant 2). The new software mitigates the first Spectre flaw, but NVIDIA is promising future mitigations as well as eventual updates to address the second.

Researchers from security firm Duo Labs analysed over 73,000 Macs systems and discovered that a surprising number of Apple Mac computers either fails to install patches for EFI firmware vulnerabilities or doesn't receive any update at all.

Symantec on Wednesday revealed a new campaign of attacks by a group it is calling Dragonfly 2.0, which it says targeted dozens of energy companies in the spring and summer of this year. In more than 20 cases, Symantec says the hackers successfully gained access to the target companies’ networks

A team of security researchers from China's Zhejiang University have discovered a clever way of activating your voice recognition systems without speaking a word by exploiting a security vulnerability that is apparently common across all major voice assistants.

Dubbed **DolphinAttack**, the attack technique works by feeding the AI assistants commands in ultrasonic frequencies, which are too high for humans to hear but are perfectly audible to the microphones on your smart devices.

If your PC has been infected by WannaCry – the ransomware that wreaked havoc across the world last Friday – you might be lucky to get your locked files back without paying the ransom of $300 to the cyber criminals.

This command injection flaw exposes the Ubiquiti admin interface to a number of risky attacks, SEC Consult said. For example, an attacker could connect to a vulnerable device by opening a port binding or reverse shell, and also change the password because the service runs as root. “The vulnerability can be exploited by luring an attacked user to click on a crafted link or just surf on a malicious website,” SEC Consult said in its advisory. “The whole attack can be performed via a single GET-request and is very simple since there is no CSRF protection.”

A team of security researchers from Cybellum, an Israeli zero-day prevention firm, has discovered a new Windows vulnerability that could allow hackers to take full control of your computer. Dubbed DoubleAgent, the new injecting code technique works on all versions of Microsoft Windows operating systems, starting from Windows XP to the latest release of Windows 10. What's worse? DoubleAgent exploits a 15-years-old undocumented legitimate feature of Windows called "Application Verifier," which cannot be patched.

Are you running a MongoDB or know someone that is?  It may be time to make sure it's patched and configured correctly. Last Monday a security researcher identified nearly 200 instances of MongoDB installations that have been erased and held for ransom, asking victims to pay hefty ransoms for the data to be restored. By Tuesday, this number reached approximately 2,000 databases and by Friday this count reached 10,500.

A must read if you own a D-Link router or webcam as they are under fire from the Federal Trade Commission for not doing enough to secure its products, including connected home devices —a threat Apple has countered via secure authentication chips in HomeKit-certified hardware

There are claims by two anonymous researchers in which they found a way to bypass the activation lock feature in iOS. I have not personally tried this yet, but plan to and will report back at that time. However, it's important to know in the meantime. 

Their attack focuses on buffer overload. One of the few things allowed from the activation lock screen is connecting to a Wi-Fi network. It's said that by crashing the service that enforces the lock screen by entering very long strings of characters in the WPA2-Enterprise username and password fields and in time freezing. He then proceeded to use an Apple smart cover to put the device to sleep and reopen after a few seconds later the Wifi screen crashes to the home screen bypassing the activation lock.