Disclosure of a bug in Adobe’s content-management solution - used by Mastercard, LinkedIn and PlayStation – were released.

https://threatpost.com/rce-bug-in-adobe-revealed/167382/

A vulnerability in NVIDIA’s GeForce Experience software opens the door to remote data access, manipulation and deletion.

https://threatpost.com/nvidia-high-severity-geforce-spoof-bug/167345/

“I am totally screwed,” one user wailed after finding years of data nuked. Western Digital advised yanking the NAS storage devices offline ASAP: There’s an exploit.

https://threatpost.com/my-book-live-wiped-rce-attacks/167270/

In-the-wild XSS attacks have commenced against the security appliance (CVE-2020-3580), as researchers publish exploit code on Twitter.

https://threatpost.com/cisco-asa-bug-exploited-poc/167274/

The 9.4-rated bug in AppC could give attackers admin rights, no authentication required, letting them attack anything from PoS to industrial control systems.

https://threatpost.com/vmware-carbon-black-authentication-bypass/167226/

Four separate security bugs would give attackers almost complete control and persistence over targeted devices, thanks to a faulty update mechanism.

https://threatpost.com/dell-bios-attacks-rce/167195/

A supply-chain attack could have siphoned sensitive information out of Jira, such as security issues on Atlassian cloud, Bitbucket and on-prem products.

https://threatpost.com/atlassian-bugs-could-have-led-to-1-click-takeover/167203/

Remote, unauthenticated cyberattackers can infiltrate and take over the Cortex XSOAR platform, which anchors unified threat intelligence and incident responses.

https://threatpost.com/critical-palo-alto-bug-remote-war-room/167169/

A year-old proof-of-concept attack that allows an attacker to bypass TLS email protections to snoop on messages has been patched.

https://threatpost.com/email-bug-message-snooping-credential-theft/167125/

These code bombs lurk in the PyPI package repository, waiting to be inadvertently baked into software developers’ applications.

https://threatpost.com/cryptominers-python-supply-chain/167135/

Company finally rolls out the complete fix this week for an RCE flaw affecting some 800,000 devices that could result in crashes or prevent users from connecting to corporate resources.

https://threatpost.com/sonicwall-botches-critical-vpn-bug/167152/

A pair of zero-days affecting Pling-based marketplaces could allow for some ugly attacks on unsuspecting Linux enthusiasts – with no patches in sight.

https://threatpost.com/unpatched-linux-marketplace-bugs-rce/167155/

An attacker with initial physical access (say, at a gym) could gain root entry to the interactive tablet, making for a bevy of remote attack scenarios.

https://threatpost.com/peloton-bike-bug-hackers-control/166960/

Hank Schless, senior manager of security solutions at Lookout, notes basic steps that organizations can take to protect themselves as ransomware gangs get smarter.

https://threatpost.com/takeaways-colonial-pipeline-ransomware/166980/

The intro-level networking gear for SMBs could allow remote attacks designed to steal information, drop malware and disrupt operations.

https://threatpost.com/cisco-smart-switches-security-holes/167031/

What’s the low-hanging fruit for ransomware attackers? What steps could help to fend them off, and what’s stopping organizations from implementing those steps?

https://threatpost.com/ransomware-sitting-duck/167040/