Skip to content

Vulnerabilities

Discussion related to Vulnerabilities

362 Topics 362 Posts
  • 0 Votes
    1 Posts
    42 Views
    CerberusC

    Microsoft researchers discovered the firmware flaws in the DGN-2200v1 series router that can enable authentication bypass to take over devices and access stored credentials.

    https://threatpost.com/netgear-authentication-bypass-router-takeover/167469/

  • 0 Votes
    1 Posts
    42 Views
    CerberusC

    The self-propagating malware’s attack chain is complex, using former NSA cyberweapons, and ultimately drops cryptominers on targeted machines.

    https://threatpost.com/indexsinas-smb-worm-enterprises/167455/

  • 0 Votes
    1 Posts
    51 Views
    CerberusC

    The “PrintNightmare” bug may not be fully patched, some experts are warning, leaving the door open for widespread remote code-execution attacks.

    https://threatpost.com/poc-exploit-windows-print-spooler-bug/167430/

  • Zero-Day Used to Wipe My Book Live Devices

    1
    0 Votes
    1 Posts
    48 Views
    CerberusC

    Threat actors may have been duking it out for control of the compromised devices, first using a 2018 RCE, then password-protecting a new vulnerability.

    https://threatpost.com/zero-day-wipe-my-book-live/167422/

  • Why MTTR is Bad for SecOps

    1
    0 Votes
    1 Posts
    34 Views
    CerberusC

    Kerry Matre, senior director at Mandiant, discusses the appropriate metrics to use to measure SOC and analyst performance, and how MTTR leads to bad behavior.

    https://threatpost.com/mttr-bad-secops/167440/

  • 0 Votes
    1 Posts
    61 Views
    CerberusC

    The bug in Edge’s auto-translate could have let remote attackers pull off RCE on any foreign-language website just by sending a message with an XSS payload.

    https://threatpost.com/microsoft-edge-browser-uxss-attacks/167389/

  • 0 Votes
    1 Posts
    71 Views
    CerberusC

    Disclosure of a bug in Adobe’s content-management solution - used by Mastercard, LinkedIn and PlayStation – were released.

    https://threatpost.com/rce-bug-in-adobe-revealed/167382/

  • 0 Votes
    1 Posts
    73 Views
    CerberusC

    A vulnerability in NVIDIA’s GeForce Experience software opens the door to remote data access, manipulation and deletion.

    https://threatpost.com/nvidia-high-severity-geforce-spoof-bug/167345/

  • 0 Votes
    1 Posts
    121 Views
    CerberusC

    “I am totally screwed,” one user wailed after finding years of data nuked. Western Digital advised yanking the NAS storage devices offline ASAP: There’s an exploit.

    https://threatpost.com/my-book-live-wiped-rce-attacks/167270/

  • 0 Votes
    1 Posts
    86 Views
    CerberusC

    In-the-wild XSS attacks have commenced against the security appliance (CVE-2020-3580), as researchers publish exploit code on Twitter.

    https://threatpost.com/cisco-asa-bug-exploited-poc/167274/

  • 0 Votes
    1 Posts
    82 Views
    CerberusC

    The 9.4-rated bug in AppC could give attackers admin rights, no authentication required, letting them attack anything from PoS to industrial control systems.

    https://threatpost.com/vmware-carbon-black-authentication-bypass/167226/

  • 0 Votes
    1 Posts
    77 Views
    CerberusC

    Four separate security bugs would give attackers almost complete control and persistence over targeted devices, thanks to a faulty update mechanism.

    https://threatpost.com/dell-bios-attacks-rce/167195/

  • 0 Votes
    1 Posts
    85 Views
    CerberusC

    A supply-chain attack could have siphoned sensitive information out of Jira, such as security issues on Atlassian cloud, Bitbucket and on-prem products.

    https://threatpost.com/atlassian-bugs-could-have-led-to-1-click-takeover/167203/

  • 0 Votes
    1 Posts
    135 Views
    CerberusC

    Remote, unauthenticated cyberattackers can infiltrate and take over the Cortex XSOAR platform, which anchors unified threat intelligence and incident responses.

    https://threatpost.com/critical-palo-alto-bug-remote-war-room/167169/

  • 0 Votes
    1 Posts
    95 Views
    CerberusC

    A year-old proof-of-concept attack that allows an attacker to bypass TLS email protections to snoop on messages has been patched.

    https://threatpost.com/email-bug-message-snooping-credential-theft/167125/

  • 0 Votes
    1 Posts
    95 Views
    CerberusC

    These code bombs lurk in the PyPI package repository, waiting to be inadvertently baked into software developers’ applications.

    https://threatpost.com/cryptominers-python-supply-chain/167135/

  • 0 Votes
    1 Posts
    91 Views
    CerberusC

    Company finally rolls out the complete fix this week for an RCE flaw affecting some 800,000 devices that could result in crashes or prevent users from connecting to corporate resources.

    https://threatpost.com/sonicwall-botches-critical-vpn-bug/167152/

  • 0 Votes
    1 Posts
    111 Views
    CerberusC

    A pair of zero-days affecting Pling-based marketplaces could allow for some ugly attacks on unsuspecting Linux enthusiasts – with no patches in sight.

    https://threatpost.com/unpatched-linux-marketplace-bugs-rce/167155/

  • 0 Votes
    1 Posts
    153 Views
    CerberusC

    An attacker with initial physical access (say, at a gym) could gain root entry to the interactive tablet, making for a bevy of remote attack scenarios.

    https://threatpost.com/peloton-bike-bug-hackers-control/166960/

  • 0 Votes
    1 Posts
    122 Views
    CerberusC

    Hank Schless, senior manager of security solutions at Lookout, notes basic steps that organizations can take to protect themselves as ransomware gangs get smarter.

    https://threatpost.com/takeaways-colonial-pipeline-ransomware/166980/