Hostrisk

The Google Project Zero researcher found a bug in XML parsing on the Zoom client and server.

https://threatpost.com/zoom-patches-zero-click-rce-bug/179727/

2022’s DBIR also highlighted the far-reaching impact of supply-chain breaches and how organizations and their employees are the reasons why incidents occur.

https://threatpost.com/verizon-dbir-report-2022/179725/

Privilege escalation flaw discovered in the Jupiter and JupiterX Core Plugin affects more than 90,000 sites.

https://threatpost.com/vulnerability-wordpress-themes-site-takeover/179672/

Researchers say a GitHub proof-of-concept exploitation of recently announced VMware bugs is being abused by hackers in the wild.

https://threatpost.com/vmware-bugs-abused-mirai-log4shell/179652/

Wireless features Bluetooth, NFC and UWB stay on even when the device is powered down, which could allow attackers to execute pre-loaded malware.

https://threatpost.com/iphones-attack-turned-off/179641/

Microsoft researchers say they are tracking a botnet that is leveraging bugs in the Spring Framework and WordPress plugins.

https://threatpost.com/sysrv-k-botnet-targets-windows-linux/179646/

Microsoft’s May Patch Tuesday update is triggering authentication errors.

https://threatpost.com/microsofts-may-patch-tuesday-updates-cause-windows-ad-authentication-errors/179631/

Tony Lauro, director of security technology and strategy at Akamai, discusses reducing your company’s attack surface and the “blast radius” of a potential attack.

https://threatpost.com/cyberattacks-blast-radius/179612/

Dell and HP were among the first to release patches and fixes for the bug.

https://threatpost.com/intel-memory-bug-poses-risk-for-hundreds-of-products/179595/

Why a private college that stayed in business for 157 years had to close after the combo of COVID-19 and ransomware proved too much.

https://threatpost.com/ransomware-deathblow-college/179574/

Microsoft’s May Patch Tuesday roundup also included critical fixes for a number of flaws found in infrastructure present in many enterprise and cloud environments.

https://threatpost.com/microsoft-zero-day-mays-patch-tuesday/179579/

The bug has a severe rating of 9.8, public exploits are released.

https://threatpost.com/exploit-f5-big-ip-bug/179563/

A huge spike in fraudulent activities related to attacks leveraging business email accounts is a billion-dollar-problem.

https://threatpost.com/fbi-bec-43b/179539/

The vulnerability is ‘critical’ with a CVSS severity rating of 9.8 out of 10.

https://threatpost.com/f5-critical-bugbig-ip-systems/179514/

A flaw in all versions of the popular C standard libraries uClibe and uClibe-ng can allow for DNS poisoning attacks against target devices.

https://threatpost.com/dns-bug-millions-routers-iot-risk/179478/

A deep dive into securing containerized environments and understanding how they present unique security challenges.

https://threatpost.com/container_threats_cloud_defend/179452/

Exclusive Threatpost research examines organizations’ top cloud security concerns, attitudes towards zero-trust and DevSecOps.

https://threatpost.com/security-turbulence-in-the-cloud-survey-says/179437/

GitHub shared the timeline of breaches in April 2022, this timeline encompasses the information related to when a threat actor gained access and stole private repositories belonging to dozens of organizations.

https://threatpost.com/github-repos-stolen-oauth-tokens/179427/

The Botnet appears to use a new delivery method for compromising Windows systems after Microsoft disables VBA macros by default.

https://threatpost.com/emotet-back-new-tricks/179410/

Four months after the critical flaw was discovered, attackers have a massive attack surface from which they can exploit the flaw and take over systems, researchers found.

https://threatpost.com/java-apps-vulnerable-log4shell/179397/