Zero-day vulnerabilities in Netatalk affect NAS products from Synology, QNAP and Western Digital. Protect your storage solutions before they’re encrypted with ransomware

Several manufacturers of network-attached storage (NAS) solutions have alerted their customers to the detection of critical vulnerabilities in Netatalk. The exploitation of these flaws was demonstrated in one of the most recent versions of the Pwn2Own ethical hacking event, and they affect the devices of manufacturers such as Synology, QNAP and Western Digital. The security […]

4 new vulnerabilities in SonicWall SonicOS affect firewalls and other security products: Patch immediately

A recent cybersecurity report revealed the patching of at least four vulnerabilities in SonicOS, the operating system with which multiple solutions developed by the technology firm SonicWall work. According to this report, the successful exploitation of these flaws would have allowed threat actors to deploy multiple cyberattacks. Below are brief descriptions of the reported flaws, […]

2 critical vulnerabilities in the Linux operating system allow backdoors to be installed with root privileges

A Microsoft security report details the finding of a set of vulnerabilities that would allow threat actors to escalate privileges on Linux systems in order to inject ransomware, backdoors, and other severe threats. The flaws were identified as Nimbuspwn and their exploitation would trigger access to root privileges on compromised systems. Nimbuspwn refers to the […]

2 critical vulnerabilities exploitable remotely in trailer brake controllers can cause accidents on highways

Cybersecurity specialists report the detection of two critical vulnerabilities in Power Line Communications (PLC) J2497, a two-way serial communications link used in trailers and other transport vehicles. According to the report, successful exploitation of the reported flaws would allow threat actors to deploy multiple hacking tasks. Below are brief descriptions of the reported flaws, as […]

AWS patches to fix Log4j vulnerabilities could be exploited for privilege escalation or container escape attacks

Cybersecurity specialists from Palo Alto Networks mention that patches released by Amazon Web Services (AWS) to address vulnerabilities in Log4j could be evaded to escalate privileges on the system or evade containers. Identified by the end of 2021, Log4Shell flaws would allow threat actors to execute remote code and take control of affected deployments. To […]

New Oracle update fixes 520 vulnerabilities in 12 products: Three critical flaws with CVSS scores of 10 and 70 flaws with 9.8/10 score

In its quarterly Critical Patch Update (CPU), Oracle has included a total of 520 patches to address all sorts of vulnerabilities. This update fixes security flaws in dozens of products, with special focus on three bugs that received critical scores according to the Common Vulnerability Scoring System (CVSS). Oracle recommends its users update their products […]

New Lenovo UEFI Firmware Vulnerabilities Affect Millions of Laptops

Three high-impact Unified Extensible Firmware Interface (UEFI) security vulnerabilities have been discovered impacting various Lenovo consumer laptop models, enabling malicious actors to deploy and execute firmware implants on the affected devices. Tracked as CVE-2021-3970, CVE-2021-3971, and CVE-2021-3972, the latter two “affect firmware drivers originally meant to be used only during the manufacturing process of Lenovo […]

30 vulnerabilities in different Juniper products could allow the total takeover of the affected network. Update immediately

Cybersecurity specialists from Juniper Networks announced the release of multiple security patches to address more than 30 flaws in their products, including critical bugs in Contrail Networking and Junos OS. According to the report, at least seven of these flaws received scores above 9/10 according to the Common Vulnerability Scoring System (CVSS). First, the alert […]

Github releases updated versions of its local client after fixing 2 critical code execution vulnerabilities

GitHub has announced the release of updated versions of its local client in order to fix two code execution vulnerabilities. The Microsoft-owned firm hopes to mitigate the risk of exploitation for affected users. Tracked as CVE-2022-24765, the first flaw affects users working on multi-user machines where unverified users can create a C:.gitconfig directory on the […]

Critical vulnerabilities allow hacking medical surgical robots and putting lives at risk

Engineering firm Aethon announced the correction of various vulnerabilities in its Tug hospital robots whose exploitation would allow threat actors to take remote control of compromised devices. These flaws, identified as JekyllBot:5, can be exploited without administrator interaction and the successful attack could even disrupt the proper functioning of critical medical devices. Aethon has been […]

Important memory leak vulnerabilities in F5 firewalls: Patch immediately

Information security specialists reported the detection of two security flaws affecting several firewall models developed by technology firm F5 Networks. According to the report, successful exploitation would allow malicious hackers to deploy severe attack scenarios. Below are brief descriptions of the reported flaws, in addition to their assigned tracking keys and scores according to the […]

Two critical code vulnerabilities in a core component of the PHP supply chain repository

SonarSource cybersecurity specialists report the detection of various vulnerabilities in PEAR, a development environment and distribution system for PHP code components. According to the report, these vulnerabilities could have been easily exploited for the deployment of supply chain attacks, which could lead to severe disruptions in systems around the world. Since the SolarWinds supply chain […]

2 critical vulnerabilities in Rockwell PLC used worldwide could shutdown industries for days if exploited

Claroty cybersecurity specialists report the identification of two serious vulnerabilities whose exploitation would allow threat actors to deploy severe attacks targeting programmable logic controllers (PLC) developed by Rockwell Automation. The company’s findings were disclosed through the Cybersecurity and Infrastructure Security Agency (CISA). The first of the flaws, tracked as CVE-2022-1161, is considered a critical security […]

4 critical vulnerabilities in Omron CX-Position enable malicious code execution

Cybersecurity specialists report the detection of at least 4 vulnerabilities in CX-Position, a position control software developed by the technology firm Omron. According to the report, successful exploitation of these flaws would allow threat actors to deploy multiple hacking scenarios. Below are brief descriptions of the reported flaws, as well as their respective tracking keys […]

3 critical vulnerabilities in Sophos Firewall and other company products

Sophos security teams announced the fixing of a critical remote code execution (RCE) vulnerability in the Sophos Firewall family of products for home and enterprise environments. Sophos Firewall includes TLS and encrypted network traffic inspection, sandboxing, packet scanning, and intrusion prevention systems. Tracked as CVE-2022-1040, the vulnerability received a score of 9.8/10 under the Common […]

Two vulnerabilities in Epic Games Launcher allow DoS attacks

Two vulnerabilities have been confirmed to be detected in Epic Games Launcher, the online library and account management tool for PC gaming. According to the report, the successful exploitation of these flaws would allow the deployment of multiple hacking tactics. Below are brief descriptions of the reported flaws, in addition to their scores assigned under […]

Hard-coded credentials vulnerabilities in 10 models of Lenovo Networking Switches

Cybersecurity specialists reported the detection of multiple vulnerabilities affecting Lenovo Networking Switches. According to the report, successful exploitation of these flaws would allow malicious actors to deploy dangerous hacking activities. Below are brief descriptions of the reported flaws, in addition to their tracking keys and scores according to the Common Vulnerability Scoring System (CVSS). CVE-2021-27796: […]

Privilege escalation and path traversal vulnerabilities affect Argo CD, the GitOps continuous delivery tool for Kubernetes

Cybersecurity specialists report the detection of some security flaws in Argo CD, a declarative continuous delivery tool for Kubernetes following the GitOps pattern of using Git repositories as a source source to define the desired state of the application. According to the report, successful exploitation of these flaws would allow threat actors to deploy multiple […]

Critical vulnerabilities in Dell laptops’ UEFI allow them to be hacked forever, even when removing the hard drive

Researchers from firmware security firm Binarly confirmed the detection of some critical flaws in the Unified Extensible Firmware Interface (UEFI) of multiple business laptops produced by Dell. A couple of weeks ago, the technology company announced the release of patches for five vulnerabilities in System Management Mode (SMM) present in a total of 45 devices, […]