Skip to content

Vulnerabilities

Discussion related to Vulnerabilities

362 Topics 362 Posts
  • 0 Votes
    1 Posts
    45 Views
    CerberusC

    Microsoft and RiskIQ researchers have identified several campaigns using the recently patched zero-day, reiterating a call for organizations to update affected systems.

    https://threatpost.com/microsoft-mshtml-ryuk-ransomware/174780/

  • 0 Votes
    1 Posts
    59 Views
    CerberusC

    The newly identified bug in a Zoho single sign-on and password management tool has been under active attack since early August.

    https://threatpost.com/cisa-fbi-state-backed-apts-exploit-critical-zoho-bug/174768/

  • 0 Votes
    1 Posts
    58 Views
    CerberusC

    Adobe releases security updates for 59 bugs affecting its core products, including Adobe Acrobat Reader, XMP Toolkit SDK and Photoshop.

    https://threatpost.com/adobe-bugs-acrobat-experience-manager/169467/

  • 0 Votes
    1 Posts
    57 Views
    CerberusC

    Two of IBM’s aging flagship server models, retired in 2020, won’t be patched for a command-injection flaw.

    https://threatpost.com/no-patch-for-ibm-system-x-servers/169491/

  • 0 Votes
    1 Posts
    45 Views
    CerberusC

    Dubbed OMIGOD, a series of vulnerabilities in the Open Management Infrastructure used in Azure on Linux demonstrate hidden security threats, researchers said.

    https://threatpost.com/azure-zero-day-supply-chain/169508/

  • 0 Votes
    1 Posts
    55 Views
    CerberusC

    A driver privilege-escalation bug gives attackers kernel-mode access to millions of PCs used for gaming.

    https://threatpost.com/hp-omen-hub-gamers-cyberattack/169739/

  • 0 Votes
    1 Posts
    55 Views
    CerberusC

    A remote attacker could exploit a critical vulnerability to eavesdrop on live audio & video or take control. The bug is in ThroughTek’s Kalay network, used in 83m devices.

    https://threatpost.com/bug-iot-millions-devices-attackers-eavesdrop/168729/

  • 0 Votes
    1 Posts
    43 Views
    CerberusC

    The OS command-injection bug, in the web application firewall (WAF) platform known as FortiWeb, will get a patch this week.

    https://threatpost.com/unpatched-fortinet-bug-firewall-takeovers/168764/

  • 0 Votes
    1 Posts
    48 Views
    CerberusC

    Yaron Kassner, CTO at Silverfort, discusses authentication-bypass bugs in Cisco ASA, F5 Big-IP, IBM QRadar and Palo Alto Networks PAN-OS.

    https://threatpost.com/kerberos-authentication-spoofing/168767/

  • 0 Votes
    1 Posts
    56 Views
    CerberusC

    The once-dominant handset maker BlackBerry is busy squashing BadAlloc bugs in its QNX real-time operating system used in cars in medical devices.

    https://threatpost.com/blackberrys-qnx-devices-attacks/168772/

  • 0 Votes
    1 Posts
    49 Views
    CerberusC

    Security vulnerabilities in the ERP platform could allow attackers to tamper with or sabotage victims’ business-critical processes and to intercept data.

    https://threatpost.com/critical-sage-x3-rce-bug-allows-full-system-takeovers/167612/

  • 0 Votes
    1 Posts
    50 Views
    CerberusC

    Threat actors enlist compromised WordPress websites in campaign targeting macOS users.

    https://threatpost.com/macos-wildpressure-apt/167606/

  • 0 Votes
    1 Posts
    52 Views
    CerberusC

    David “moose” Wolpoff, CTO at Randori, discusses security appliances and VPNs and how attackers only have to “pick one lock” to invade an enterprise through them.

    https://threatpost.com/breaking-into-security-appliances/167584/

  • 0 Votes
    1 Posts
    54 Views
    CerberusC

    The fix doesn’t cover the entire problem nor all affected systems however, so the company also is offering workarounds and plans to release further remedies at a later date.

    https://threatpost.com/microsoft-emergency-patch-printnightmare/167578/

  • Western Digital Users Face Another RCE

    1
    0 Votes
    1 Posts
    45 Views
    CerberusC

    Say hello to one more zero-day and yet more potential remote data death for those who can’t/won’t upgrade their My Cloud storage devices.

    https://threatpost.com/rce-0-day-western-digital-users/167547/

  • 0 Votes
    1 Posts
    53 Views
    CerberusC

    REvil ransomware gang lowers price for universal decryptor after massive worldwide ransomware push against Kaseya security vulnerability CVE-2021-30116.

    https://threatpost.com/kaseya-patches-zero-day-exploits/167548/

  • 0 Votes
    1 Posts
    53 Views
    CerberusC

    Following a brazen ransomware attack by the REvil cybergang, CISA and FBI offer guidance to victims.

    https://threatpost.com/kaseya-attack-fallout/167541/

  • 0 Votes
    1 Posts
    49 Views
    CerberusC

    Nate Warfield, CTO of Prevailion and former Microsoft security researcher, discusses the many security challenges and failings plaguing this industry.

    https://threatpost.com/healthcare-prey-ransomware-cyberattacks/167525/

  • 0 Votes
    1 Posts
    44 Views
    CerberusC

    The ongoing attacks are targeting cloud services such as Office 365 to steal passwords and password-spray a vast range of targets, including in U.S. and European governments and military.

    https://threatpost.com/kubernetes-brute-force-attacks-russia-apt28/167518/

  • 0 Votes
    1 Posts
    51 Views
    CerberusC

    CERT urges administrators to disable the Windows Print spooler service in Domain Controllers and systems that don’t print, while Microsoft attempts to clarify RCE flaw with a new CVE assignment.

    https://threatpost.com/cisa-mitigation-printnightmare-bug/167515/