Several manufacturers of network-attached storage (NAS) solutions have alerted their customers to the detection of critical vulnerabilities in Netatalk. The exploitation of these flaws was demonstrated in one of the most recent versions of the Pwn2Own ethical hacking event, and they affect the devices of manufacturers such as Synology, QNAP and Western Digital. The security […]

Technology firm QNAP has asked its users to disable the AFP file service protocol in its network-attached storage (NAS) deployments on a temporary basis while fixing some critical vulnerabilities in Netatalk, which allows *NIX/*BSD systems to act as an AppleShare file server for macOS system users. Researchers from NCC Group managed to exploit one of […]

A recent cybersecurity report revealed the patching of at least four vulnerabilities in SonicOS, the operating system with which multiple solutions developed by the technology firm SonicWall work. According to this report, the successful exploitation of these flaws would have allowed threat actors to deploy multiple cyberattacks. Below are brief descriptions of the reported flaws, […]

A Microsoft security report details the finding of a set of vulnerabilities that would allow threat actors to escalate privileges on Linux systems in order to inject ransomware, backdoors, and other severe threats. The flaws were identified as Nimbuspwn and their exploitation would trigger access to root privileges on compromised systems. Nimbuspwn refers to the […]

Cybersecurity specialists report the detection of two critical vulnerabilities in Power Line Communications (PLC) J2497, a two-way serial communications link used in trailers and other transport vehicles. According to the report, successful exploitation of the reported flaws would allow threat actors to deploy multiple hacking tasks. Below are brief descriptions of the reported flaws, as […]

Cybersecurity specialists from Palo Alto Networks mention that patches released by Amazon Web Services (AWS) to address vulnerabilities in Log4j could be evaded to escalate privileges on the system or evade containers. Identified by the end of 2021, Log4Shell flaws would allow threat actors to execute remote code and take control of affected deployments. To […]

In its quarterly Critical Patch Update (CPU), Oracle has included a total of 520 patches to address all sorts of vulnerabilities. This update fixes security flaws in dozens of products, with special focus on three bugs that received critical scores according to the Common Vulnerability Scoring System (CVSS). Oracle recommends its users update their products […]

Cybersecurity specialists from Juniper Networks announced the release of multiple security patches to address more than 30 flaws in their products, including critical bugs in Contrail Networking and Junos OS. According to the report, at least seven of these flaws received scores above 9/10 according to the Common Vulnerability Scoring System (CVSS). First, the alert […]

GitHub has announced the release of updated versions of its local client in order to fix two code execution vulnerabilities. The Microsoft-owned firm hopes to mitigate the risk of exploitation for affected users. Tracked as CVE-2022-24765, the first flaw affects users working on multi-user machines where unverified users can create a C:.gitconfig directory on the […]

Engineering firm Aethon announced the correction of various vulnerabilities in its Tug hospital robots whose exploitation would allow threat actors to take remote control of compromised devices. These flaws, identified as JekyllBot:5, can be exploited without administrator interaction and the successful attack could even disrupt the proper functioning of critical medical devices. Aethon has been […]

A few days ago, Apple announced the fix of two actively exploited vulnerabilities in macOS Monterey, although users of older versions of the operating system will not receive updates. The flaws were tracked as CVE-2022-22675 and CVE-2022-22674, and reside in macOS Big Sur and macOS Catalina implementations, respectively. MacOS Monterey was released in October 2021 […]

Information security specialists reported the detection of two security flaws affecting several firewall models developed by technology firm F5 Networks. According to the report, successful exploitation would allow malicious hackers to deploy severe attack scenarios. Below are brief descriptions of the reported flaws, in addition to their assigned tracking keys and scores according to the […]

SonarSource cybersecurity specialists report the detection of various vulnerabilities in PEAR, a development environment and distribution system for PHP code components. According to the report, these vulnerabilities could have been easily exploited for the deployment of supply chain attacks, which could lead to severe disruptions in systems around the world. Since the SolarWinds supply chain […]

Claroty cybersecurity specialists report the identification of two serious vulnerabilities whose exploitation would allow threat actors to deploy severe attacks targeting programmable logic controllers (PLC) developed by Rockwell Automation. The company’s findings were disclosed through the Cybersecurity and Infrastructure Security Agency (CISA). The first of the flaws, tracked as CVE-2022-1161, is considered a critical security […]

Cybersecurity specialists report the detection of at least 4 vulnerabilities in CX-Position, a position control software developed by the technology firm Omron. According to the report, successful exploitation of these flaws would allow threat actors to deploy multiple hacking scenarios. Below are brief descriptions of the reported flaws, as well as their respective tracking keys […]

Sophos security teams announced the fixing of a critical remote code execution (RCE) vulnerability in the Sophos Firewall family of products for home and enterprise environments. Sophos Firewall includes TLS and encrypted network traffic inspection, sandboxing, packet scanning, and intrusion prevention systems. Tracked as CVE-2022-1040, the vulnerability received a score of 9.8/10 under the Common […]

Two vulnerabilities have been confirmed to be detected in Epic Games Launcher, the online library and account management tool for PC gaming. According to the report, the successful exploitation of these flaws would allow the deployment of multiple hacking tactics. Below are brief descriptions of the reported flaws, in addition to their scores assigned under […]

Cybersecurity specialists reported the detection of multiple vulnerabilities affecting Lenovo Networking Switches. According to the report, successful exploitation of these flaws would allow malicious actors to deploy dangerous hacking activities. Below are brief descriptions of the reported flaws, in addition to their tracking keys and scores according to the Common Vulnerability Scoring System (CVSS). CVE-2021-27796: […]

Cybersecurity specialists report the detection of some security flaws in Argo CD, a declarative continuous delivery tool for Kubernetes following the GitOps pattern of using Git repositories as a source source to define the desired state of the application. According to the report, successful exploitation of these flaws would allow threat actors to deploy multiple […]

Researchers from firmware security firm Binarly confirmed the detection of some critical flaws in the Unified Extensible Firmware Interface (UEFI) of multiple business laptops produced by Dell. A couple of weeks ago, the technology company announced the release of patches for five vulnerabilities in System Management Mode (SMM) present in a total of 45 devices, […]