Argo CD is a Kubernetes-based declarative GitOps continuous delivery platform. It is built as a Kubernetes controller that constantly monitors running apps and compares their current, live state to the intended goal state (as specified in the Git repo). 257 enterprises, including Alibaba Group, BMW Group, Deloitte, Gojek, IBM, Intuit, LexisNexis, Red Hat, Skyscanner, Swisscom, […]
VMware on Tuesday released software to remediate four security vulnerabilities affecting vRealize Log Insight (aka Aria Operations for Logs) that could expose users to remote code execution attacks. Two of the flaws are critical, carrying a severity rating of 9.8 out of a maximum of 10, the virtualization services provider noted in its first security […]
VRealize Log Insight is a log collecting and analytics virtual appliance that gives administrators the ability to collect, display, manage, and analyze syslog data. Log Insight was developed by Logrotate. Application logs, network traces, configuration files, messages, and performance statistics can all be monitored in real time using Log Insight. It has been purpose-built for use […]
Vulnerability analysis results in Orange Cyberdefenses’ Security Navigator show that some vulnerabilities first discovered in 1999 are still found in networks today. This is concerning. Age of VOC findings Our Vulnerability Scans are performed on a recurring basis, which provides us the opportunity to examine the difference between when a scan was performed on an […]
Technology business Dell has its headquarters in the United States. It is in the business of creating and selling computers as well as repairing and supporting related goods and services. Dell is a subsidiary of Dell Technologies, which also owns the corporation. It has come to light that the Dell BIOS has four newly discovered […]
Orca, a business that specializes in cloud security, has disclosed information on four server-side request forgery (SSRF) vulnerabilities that affect several Azure services. Two of these vulnerabilities might have been exploited without the need for authentication. They were able to attack two vulnerabilities without needing any authentication on the service (Azure Functions and Azure Digital […]
Cisco has warned of two security vulnerabilities affecting end-of-life (EoL) Small Business RV016, RV042, RV042G, and RV082 routers that it said will not be fixed, even as it acknowledged the public availability of proof-of-concept (PoC) exploit. The issues are rooted in the router’s web-based management interface, enabling a remote adversary to sidestep authentication or execute […]
The American corporation Lexmark International, Inc. is a privately owned business that specializes in the production of laser printers and other image goods. The researcher found that the product is susceptible to two vulnerabilities, either of which can be exploited by an adversary to copy file data from a source path to a destination path […]
Fortinet, a company that develops next-generation firewalls, VPNs, antivirus, and endpoint solutions, among other products, issued a public security advisory on October 10, 2022, disclosing that there was a critical vulnerability (CVE-2022-40684) impacting several of their products. The advisory also disclosed that the vulnerability could have been exploited by malicious actors. The security flaw, which […]
Fortinet has warned of a high-severity flaw affecting multiple versions of FortiADC application delivery controller that could lead to the execution of arbitrary code. “An improper neutralization of special elements used in an OS command vulnerability in FortiADC may allow an authenticated attacker with access to the web GUI to execute unauthorized code or commands […]
Hackers may have been able to perform malicious activity, such as unlocking, starting, and tracking cars, as well as exposing customers’ personal information, because nearly twenty car manufacturers and services contained API security vulnerabilities. These vulnerabilities could have been exploited by hackers. Well-known manufacturers such as BMW, Roll Royce, Mercedes-Benz, Ferrari, Porsche, Jaguar, Land Rover, […]
In an attempt to inject malicious JavaScript into WordPress plugins and themes that are outdated, a previously detected Linux malware that is unknown has been found exploiting 30 vulnerabilities. The targeted website is injected with malicious JavaScript code if any outdated versions of the vulnerable add-ons are used on the site, as they lack crucial […]
Samba is a free software re-implementation of the SMB networking protocol that offers file and print services for a variety of Microsoft Windows clients. It is also capable of integrating with a Microsoft Windows Server domain, either as a Domain Controller (DC) or as a domain member. Samba was developed by the Samba Development Team […]
Samba has released software updates to remediate multiple vulnerabilities that, if successfully exploited, could allow an attacker to take control of affected systems. The high-severity flaws, tracked as CVE-2022-38023, CVE-2022-37966, CVE-2022-37967, and CVE-2022-45141, have been patched in versions 4.17.4, 4.16.8 and 4.15.13 released on December 15, 2022. Samba is an open source Windows interoperability suite […]
Web applications, often in the form of Software as a Service (SaaS), are now the cornerstone for businesses all over the world. SaaS solutions have revolutionized the way they operate and deliver services, and are essential tools in nearly every industry, from finance and banking to healthcare and education. Most startup CTOs have an excellent […]
VMware has patched two security flaws in VMware Workspace ONE Access and Identity Manager as of today: Authenticated Remote Code Execution Vulnerability in VMware Workspace ONE Access and Identity Manager, tracked under the CVE identifier 2022-31700 and assigned a CVSS score of 7.2Broken Authentication Vulnerability in VMware Workspace ONE Access and Identity Manager, tracked by […]
A novel Go-based botnet called Zerobot has been observed in the wild proliferating by taking advantage of nearly two dozen security vulnerabilities in the internet of things (IoT) devices and other software. The botnet “contains several modules, including self-replication, attacks for different protocols, and self-propagation,” Fortinet FortiGuard Labs researcher Cara Lin said. “It also communicates […]
Customers have been alerted by Sophos that many vulnerabilities, including ones that may lead to arbitrary code execution, have been patched in Sophos Firewall version 19.5. Some of these security flaws were uncovered in-house by Sophos, while others were brought to the attention of the business by third-party researchers who participated in the bug bounty […]
It is common knowledge that maintaining a high level of cyber security has rapidly become one of the top priorities for businesses of all sizes, and this is particularly true for companies operating in sectors that deal with sensitive consumer information. It is essential for these companies, as they work toward the goal of developing […]
Mastodon has been under the limelight as a result of the exodus of former Twitter users who left the platform in response to the turbulence brought on by Elon Musk’s purchase of Twitter. For many members of the infosec community who have switched from tweeting to “tooting” on the site, it has become their go-to […]
According to the most recent research, three recently found security flaws in Zoom can grant an attacker access to root or SYSTEM users and the ability to execute malicious program. Local privilege escalation concerns have been identified as the two high severity vulnerabilities, CVE-2022-28768 and CVE-2022-36924, which might eventually result in seizing control of the […]