All posts tagged: Vulnerabilities

CBSE assures security measures after vulnerabilities detected in OnMark evaluation portal

CBSE assures security measures after vulnerabilities detected in OnMark evaluation portal

Published by Webster

The Central Board of Secondary Education has said that vulnerabilities identified in the OnMark portal used for on-screen evaluation have been contained. The board stated that it is closely monitoring the system and taking steps to identify and eliminate any remaining security weaknesses Disclaimer: We do not own any of the content, ideas, images, or text presented here. All rights belong to their respective owners. For more information and to view the original source, please visit the following link: Source link

CBSE acknowledges OnMark portal vulnerabilities, deploys IIT, govt cybersecurity teams amid OSM row

CBSE acknowledges OnMark portal vulnerabilities, deploys IIT, govt cybersecurity teams amid OSM row

Published by Parlour News

The Central Board of Secondary Education (CBSE) on Sunday said it has intensified efforts to secure its On-Screen Marking (OSM) evaluation system amid the ongoing controversy over the process. The board, in a post on X, said a team of cybersecurity experts from various government agencies and the Indian Institutes of Technology (IIT) has been working over the past few days to strengthen the security of the OnMark portal, which is operated by its service provider. CBSE stated that vulnerabilities flagged in the portal have been successfully contained and that the system is being continuously monitored. The board added that further steps are being taken to identify and eliminate any remaining exploitable weaknesses, ensuring the platform’s overall security and integrity. “We have been closely monitoring the vulnerabilities in the OnMark portal of our service provider that are being flagged in the public domain. An expert team of cybersecurity professionals has been deployed over the last few days from across various arms of the government as well as the IITs to fortify these systems, including taking …

Under Gautam Gambhir’s prowling eyes, Sai Sudharsan battles vulnerabilities ahead of possible Test recall | Cricket News

Under Gautam Gambhir’s prowling eyes, Sai Sudharsan battles vulnerabilities ahead of possible Test recall | Cricket News

Published by Webster

Much after the groundsmen had unfastened the nets, rolled and tied them up with big white ribbons, and ferried on their shoulders to their dungeon, the sweepers had scrubbed the surface off the powdery debris, Sai Sudharsan and Washington Sundar lingered for a session of close-in catch in a distant corner of the ground. Washington crouched low, from first slip, to swoop grass-trimmers with his giant palms; Sai hunkered down, at silly point and then short-leg, to pouch edges ricocheting from an inclined object that resembled wheel chokes. Their teammates — Dhruv Jurel, Akash Deep, Ravindra Jadeja, and Devdutt Padikkal had also turned up for the optional practice session on the scheduled fifth day of the Test — had long retreated to the dressing room after nearly three hours of assorted drills. But Washington and Sai, Tamil Nadu pals, wanted to train their reflexes to close-in rigours before travelling to Guwahati on Wednesday. Eventually, the support staff had to coax them out of their reverie. A bevy of medics swarmed Washington for selfies, Sai walked …

‘Bangladesh has two Chicken Necks’: Assam CM Himanta warns Dhaka, exposes its geographical vulnerabilities

‘Bangladesh has two Chicken Necks’: Assam CM Himanta warns Dhaka, exposes its geographical vulnerabilities

Published by Webster

In March this year, Chief Adviser Yunus, during his visit to China, had remarked that India’s seven northeastern states, which share a nearly 1,600-km border with Bangladesh, are landlocked and have no way to reach the ocean except through his country. Guwahati: In what came as a chilling warning to Bangladesh, Assam CM Himanta Biswa Sarma reminded Dhaka of its geopolitical vulnerabilities following Muhammad Yunus’ comment on India’s chicken neck. In response to Bangladesh’s recent remark on India’s Siliguri Corridor, also referred to as the Chicken’s Neck, the Assam CM suggested that if Dhaka targets India’s corridor, New Delhi will respond by attacking both the Chicken Necks of Bangladesh. Speaking to reporters, Sarma said, “We have one Chicken’s Neck. But Bangladesh has two chicken necks. If Bangladesh attacks our Chicken’s Neck, we will attack both the Chicken Necks of Bangladesh… the one in Meghalaya connecting Chittagong port in Bangladesh is even thinner than India’s Chicken’s Neck and is located just a stone’s throw away.”  The Assam CM also reminded Bangladesh of India’s military might after …

Google Chrome Security Flaws Could Grant Hackers Unauthorised System Access: CERT-In

Google Chrome Security Flaws Could Grant Hackers Unauthorised System Access: CERT-In

Published by Webster

Multiple security vulnerabilities detected in Google Chrome for Desktop could put several users at risk, according to an advisory issued by the Indian Computer Emergency Response Team (CERT-In). Google has already patched the security flaws affecting its browser application. The nodal authority for cybersecurity in the country has advised all users and organisations using Google Chrome for Desktop across three platforms to update to the latest version of the browser in order to remain protected from these security flaws. Hackers Could Persuade Victims to Visit Malicious Websites to Gain System Access CERT-In provides details of the security flaws affecting Google Chrome in its vulnerability note CIVN-2025-0099 that was published on May 16. It has been assigned a “high” severity rating, by the government agency. The flaws affect Google Chrome for Windows, Mac, and Linux computers older than version prior to 136.0.7103.113 (and older than 136.0.7103.114 for Windows computers). The description for the first security flaw (CVE-2025-4664) reveals that an “insufficient policy enforcement in Loader in Google Chrome prior to 136.0.7103.113 allowed a remote attacker to leak cross-origin data via …

Microsoft Fixes 134 Vulnerabilities, Including 1 Zero-Day

Microsoft Fixes 134 Vulnerabilities, Including 1 Zero-Day

Published by Webster

Microsoft CEO Satya Nadella. Image: Microsoft News Microsoft’s Patch Tuesday security update for April included 134 flaws, one of which is an actively exploited zero-day flaw. The security patches for Windows 10 were unavailable when the Windows 11 patches were released. The Windows 10 patches have since arrived, but the delay was unusual. Tyler Reguly, associate director of security R&D at global cybersecurity software and services provider Fortra, suggested in an email to TechRepublic that the two separate releases and a 40-minute delay in the Windows 11 update might point to something unusual behind the scenes. SEE: What is Patch Tuesday? Microsoft’s Monthly Update Explained CVE-2025-29824 has been detected in the wild The zero-day vulnerability was CVE-2025-29824, an elevation of privilege bug in the Windows Common Log File System (CLFS) Driver. “This vulnerability is significant because it affects a core component of Windows, impacting a wide range of environments, including enterprise systems and critical infrastructure,” Mike Walters, president and co-founder of patch automation company Action, wrote in an email. “If exploited, it allows privilege escalation …

Windows CLFS Vulnerability Could Lead to ‘Widespread Deployment and Detonation of Ransomware’

Windows CLFS Vulnerability Could Lead to ‘Widespread Deployment and Detonation of Ransomware’

Published by Webster

Image: nicescene/Adobe Stock Microsoft has detected a zero-day vulnerability in the Windows Common Log File System (CLFS) being exploited in the wild to deploy ransomware. Target industries include IT, real estate, finance, software, and retail, with companies based in the US, Spain, Venezuela, and Saudi Arabia. The vulnerability, tracked as CVE-2025-29824 and rated “important,” is present in the CLFS kernel driver. It allows an attacker who already has standard user access to a system to escalate their local privileges. The individual can then use their privileged access for “widespread deployment and detonation of ransomware within an environment,” according to a blog post by the Microsoft Threat Intelligence Center. The CFLS driver is a key element of Windows used to write transaction logs, and its misuse could let an attacker gain SYSTEM privileges. From there, they could steal data or install backdoors. Microsoft often uncovers privilege escalation flaws in CFLS, the last one being patched in December. In instances of CVE-2025-29824 exploitation observed by Microsoft, the so-called “PipeMagic” malware was deployed before the attackers could exploit …

Apple Patches Critical Vulnerabilities in iOS 15 and 16

Apple Patches Critical Vulnerabilities in iOS 15 and 16

Published by Webster

Image: ink drop/Adobe Stock On Monday, Apple issued critical security updates that retroactively address three actively exploited zero-day vulnerabilities affecting legacy versions of its operating systems. CVE-2025-24200 The first vulnerability, designated CVE-2025-24200, was patched in iOS 16.7.11, iPadOS 16.7.11, iOS 15.8.4, and iPadOS 15.8.4. CVE-2025-24200 allows a physical attacker to disable USB Restricted Mode on an Apple device. This is a security feature designed to block unauthorised data access through the USB port when the iPhone or iPad is locked for over an hour. Apple said CVE-2025-24200 “may have been exploited in an extremely sophisticated attack against specific targeted individuals,” hinting at potential involvement from state-sponsored actors aiming to surveil high-value targets such as government officials, journalists, or senior business executives. Although initially patched on February 10 in iOS 18.3.1, iPadOS 18.3.1, and iPad 17.7.5, the vulnerability remained unresolved in older operating systems until now. SEE: Critical Zero-Day Vulnerabilities Found in These VMware Products CVE-2025-24201 The second flaw, CVE-2025-24201, was also patched in iOS 16.7.11, iPadOS 16.7.11, iOS 15.8.4, and iPadOS 15.8.4. This flaw is …

Google Chrome Security Flaws Could Grant Hackers Unauthorised System Access: CERT-In

Google Chrome Update Fixes Zero-Day Security Flaw That Targeted Media, Government and Educational Institutions

Published by Webster

Google has fixed a serious security vulnerability affecting its Google Chrome browser, that allowed attackers to bypass its security features. The flaw was discovered by Kaspersky’s Global Research and Analysis Team (GReAT), and was reportedly used to target media outlets, educational institutions, and government organisations. Google Chrome users should update their browser in order to remain protected against the vulnerability, and other Chromium-based browsers are also expected to receive an update that resolves the issue in the coming days. Attackers Sent Personalised Phishing Emails as Part of ‘Operation ForumTroll’ According to details shared by the security firm, an advanced persistent threat (APT) group is suspected to have run a campaign dubbed Operation ForumTroll to take advantage of a zero-day (previously unknown, undetected) vulnerability in Google Chrome for Windows, identifed as CVE-2025-2783. The attackers would send personalised phishing emails to persons from media outlets, educational institutions, and government organisations located in Russia. These emails would invite them to join the “Primakov Readings” forum. Kaspersky claims that the links would expire quickly, and would eventually send users to the real forum. …

High-Severity Flaw Lets Hackers Bypass Authentication

High-Severity Flaw Lets Hackers Bypass Authentication

Published by Webster

Image: Ferran Rodenas/Flickr/Creative Commons If you use VMware Tools for Windows, it is critical to update to the latest version. Broadcom, which acquired VMware for $69 billion in 2023, has issued a patch for a high-severity vulnerability that is actively being exploited by cybercriminals. The vulnerability affects VMware Tools for Windows versions 11.x.x and 12.x.x, but has been patched in version 12.5.1. Broadcom confirmed that no workarounds are available, so affected users should update immediately. What are the details about this authentication bypass vulnerability? VMware Tools for Windows is a suite of utilities that enhances the performance and functionality of Windows-based virtual machines running on VMware platforms. It supports functions like display resolution, seamless mouse and keyboard integration, and better time synchronization between host and guest systems. CVE-2025-22230 is classified as an “authentication bypass vulnerability,” according to Broadcom’s security advisory. While technical details remain limited, Broadcom suggests that the flaw results from improper access control mechanisms in some versions of VMware Tools for Windows. “A malicious actor with non-administrative privileges on a Windows guest (virtual …