The unredacted RCE exploit allows unauthenticated, remote attackers to upload files to the vCenter Server analytics service.

https://threatpost.com/working-exploit-vmware-vcenter-cve-2021-22005/175059/

Ekaterina Kilyusheva, head of the Information Security Analytics Research Group at Positive Technologies, offers a blueprint for locking up the fortress.

https://threatpost.com/securing-network-perimeter/175043/

Hundreds of thousands of email credentials, many of which double as Active Directory domain credentials, came through to credential-trapping domains in clear text.

https://threatpost.com/exchange-outlook-autodiscover-bug-spills-100k-email-passwords/175004/

Unauthenticated cyberattackers can also wreak havoc on networking device configurations.

https://threatpost.com/critical-cisco-bugs-wireless-sd-wan/174991/

One of the bugs, which affects macOS as well as older versions of iPhones, could allow an attacker to execute arbitrary code with kernel privileges.

https://threatpost.com/apple-patches-zero-days-attack/174988/

Casey Ellis, founder, CTO and chairman of Bugcrowd, discusses a roadmap for lowering risk from cyberattacks most effectively.

https://threatpost.com/tips-cybersecurity-risk-management/174968/

A high-severity vulnerability could cause system crashes, knocking out sensors, medical equipment and more.

https://threatpost.com/100m-iot-devices-zero-day-bug/174963/

A custom “SparrowDoor” backdoor has allowed the attackers to collect data from targets around the globe.

https://threatpost.com/famoussparrow-spy-hotels-governments/174948/

The issue lies in a parental-control function that’s always enabled by default, even if users don’t configure for child security.

https://threatpost.com/netgear-soho-security-bug-rce/174921/

All a user needs to do is click on an email attachment, and boom – the code is silently executed without the victim knowing. It affects Big Sur and prior versions of macOS.

https://threatpost.com/unpatched-apple-zero-day-code-execution/174915/

VMware urged immediate patching of the max-severity, arbitrary file upload flaw in Analytics service, which affects all appliances running default 6.5, 6.7 and 7.0 installs.

https://threatpost.com/vmware-ransomware-bug-vcenter-server/174901/

The initiative, run by HackerOne, aims to uncover dangerous code repository bugs that end up going viral across the application supply-chain.

https://threatpost.com/tiktok-github-facebook-open-source-bug-bounty/174898/

Misconfigured APIs make any app risky, but when you’re talking about financial apps, you’re talking about handing ne’er-do-wells the power to turn your pockets inside-out.

https://threatpost.com/payment-api-exposes-payment-data/174825/

Cities, states, federal and military agencies should patch the Laserfiche CMS post-haste, said the security researcher whose jaw dropped at 50 sites hosting porn and Viagra spam.

https://threatpost.com/porn-viagra-spams-govt-military-sites/174794/

Microsoft and RiskIQ researchers have identified several campaigns using the recently patched zero-day, reiterating a call for organizations to update affected systems.

https://threatpost.com/microsoft-mshtml-ryuk-ransomware/174780/

The newly identified bug in a Zoho single sign-on and password management tool has been under active attack since early August.

https://threatpost.com/cisa-fbi-state-backed-apts-exploit-critical-zoho-bug/174768/

Adobe releases security updates for 59 bugs affecting its core products, including Adobe Acrobat Reader, XMP Toolkit SDK and Photoshop.

https://threatpost.com/adobe-bugs-acrobat-experience-manager/169467/

Two of IBM’s aging flagship server models, retired in 2020, won’t be patched for a command-injection flaw.

https://threatpost.com/no-patch-for-ibm-system-x-servers/169491/

Dubbed OMIGOD, a series of vulnerabilities in the Open Management Infrastructure used in Azure on Linux demonstrate hidden security threats, researchers said.

https://threatpost.com/azure-zero-day-supply-chain/169508/

A driver privilege-escalation bug gives attackers kernel-mode access to millions of PCs used for gaming.

https://threatpost.com/hp-omen-hub-gamers-cyberattack/169739/