Critical VMware Bugs Open ESXi, Fusion & Workstation to Attackers
A group of five security vulnerabilities could lead to a range of bad outcomes for virtual-machine enthusiasts, including command execution and DoS. [...]
Showing only posts tagged vulnerabilities. Show all posts.
SquirrelWaffle Adds a Twist of Fraud to Exchange Server Malspamming
Researchers have never before seen SquirrelWaffle attackers use typosquatting to keep sending spam once a targeted Exchange server has been patched for ProxyLogon/ProxyShell. [...]
Chrome Zero-Day Under Active Attack: Patch ASAP
The year's 1st Chrome zero-day can lead to all sorts of misery, ranging from data corruption to the execution of arbitrary code on vulnerable systems. [...]
Adobe: Zero-Day Magento 2 RCE Bug Under Active Attack
The vendor issued an emergency fix on Sunday, and eCommerce websites should update ASAP to avoid Magecart card-skimming attacks and other problems. [...]
Critical MQTT-Related Bugs Open Industrial Networks to RCE Via Moxa
A collection of five security vulnerabilities with a collective CVSS score of 10 out of 10 threaten critical infrastructure environments that use Moxa MXview. [...]
Apple Patches Actively Exploited WebKit Zero Day
A memory issue affects myriad iPhone, iPad and MacOS devices and allows attackers to execute arbitrary code after processing malicious web content. [...]
SAP Patches Severe ‘ICMAD’ Bugs
SAP’s Patch Tuesday brought fixes for a trio of flaws in the ubiquitous ICM component in internet-exposed apps. One of them, with a risk score of 10, could allow attackers to hijack identities, steal data and more. [...]
PHP Everywhere Bugs Put 30K+ WordPress Sites at Risk of RCE
The plug-in’s default settings spawned flaws that could allow for full site takeover but have since been fixed in an update that users should immediately install, Wordfence researchers said. [...]
No Critical Bugs for Microsoft February 2022 Patch Tuesday, 1 Zero-Day
This batch had zero critical CVEs, which is unheard of. Most (50) of the patches are labeled Important, so don't delay to apply the patches, security experts said. [...]
CISA Orders Federal Agencies to Fix Actively Exploited Windows Bug
Feb. 18 is the deadline to patch a bug that affects all unpatched versions of Windows 10 and requires zero user interaction to exploit. [...]
LockBit, BlackCat, Swissport, Oh My! Ransomware Activity Stays Strong
However, groups are rebranding and recalibrating their profiles and tactics to respond to law enforcement and the security community's focus on stopping ransomware attacks. [...]
QuaDream, 2nd Israeli Spyware Firm, Weaponizes iPhone Bug
The now-patched flaw that led to the ForcedEntry exploit of iPhones was exploited by both NSO Group and a different, newly detailed surveillance vendor. [...]
‘Long Live Log4Shell’: CVE-2021-44228 Not Dead Yet
The ubiquitous Log4j bug will be with us for years. John Hammond, senior security researcher at Huntress, discusses what's next. [...]
Argo CD Security Bug Opens Kubernetes Cloud Apps to Attackers
The popular continuous-delivery platform has a path-traversal bug (CVE-2022-24348) that could allow cyberattackers to hop from one application ecosystem to another. [...]
Critical Cisco Bugs Open VPN Routers to Cyberattacks
The company's RV line of small-business routers contains 15 different security vulnerabilities that could enable everything from RCE to corporate network access and denial-of-service – and many have exploits circulating. [...]
Wormhole Crypto Platform: ‘Funds Are Safe’ After $314M Heist
The popular bridge, which connects Ethereum, Solana blockchain & more, was shelled out by it's-not-saying. Wormhole is trying to negotiate with the attacker. [...]
KP Snacks Left with Crumbs After Ransomware Attack
The Conti gang strikes again, disrupting the nom-merchant's supply chain and threatening empty supermarket shelves lasting for weeks. [...]
Supply-Chain Security Is Not a Problem…It’s a Predicament
Despite what security vendors might say, there is no way to comprehensively solve our supply-chain security challenges, posits JupiterOne CISO Sounil Yu. We can only manage them. [...]
Finding Vulnerabilities in Open Source Projects
The Open Source Security Foundation announced $10 million in funding from a pool of tech and financial companies, including $5 million from Microsoft and Google, to find vulnerabilities in open source projects: The “Alpha” side will emphasize vulnerability testing by hand in the most popular open-source projects, developing close …
Thousands of Malicious npm Packages Threaten Web Apps
Attackers increasingly are using malicious JavaScript packages to steal data, engage in cryptojacking and unleash botnets, offering a wide supply-chain attack surface for threat actors. [...]
Unpatched Security Bugs in Medical Wearables Allow Patient Tracking, Data Theft
Rising critical unpatched vulnerabilities and a lack of encryption leave medical device data defenseless, researcher warn. [...]
Samba ‘Fruit’ Bug Allows RCE, Full Root User Access
The issue in the file-sharing and interop platform also affects Red Hat, SUSE Linux and Ubuntu packages. [...]
Public Exploit Released for Windows 10 Bug
The vulnerability affects all unpatched Windows 10 versions following a messy Microsoft January update. [...]
Apple Pays $100.5K Bug Bounty for Mac Webcam Hack
The researcher found that he could gain unauthorized camera access via a shared iCloud document that could also "hack every website you've ever visited." [...]
Twelve-Year-Old Linux Vulnerability Discovered and Patched
It’s a privilege escalation vulnerability : Linux users on Tuesday got a major dose of bad news — a 12-year-old vulnerability in a system tool called Polkit gives attackers unfettered root privileges on machines running most major distributions of the open source operating system. Previously called PolicyKit, Polkit manages system-wide …
« newer articles | page 9 | older articles »