CISA is known for publishing various reports and remediations for cyberattacks. They release a list of many known exploited vulnerabilities which are exploited by hackers frequently. They have added a list of 15 new exploited vulnerabilities to their list. The recent list contains almost all of the recent Windows Privilege Escalation vulnerabilities. CVE ID Vulnerability […]
Cybersecurity specialists report the detection of multiple vulnerabilities in pfSense, an open source and custom distribution of FreeBSD optimized for use in devices such as firewalls or routers. According to the report, successful exploitation of these flaws would allow threat actors to deploy some dangerous hacking variants. Below are brief descriptions of the reported flaws, […]
A report by cybersecurity firm Binarly points to the detection of 16 critical vulnerabilities in various implementations of Unified Extensible Firmware Interface (UEFI), present in multiple HP enterprise devices. According to the researchers, threat actors can exploit these flaws to implant firmware capable of evading UEFI Secure Boot, Intel Boot Guard, and virtualization-based security measures. […]
Cybersecurity specialists report the detection of three zero-day vulnerabilities in uninterruptible power supply (UPS) devices developed by APC, a subsidiary of the well known tech company Schneider Electric. The set of vulnerabilities, dubbed as TLStorm, resides in APC Smart-UPS devices, very popular in sectors such as industry, commerce and computer security. The security firm Armis, […]
Cybersecurity specialists reported the detection of multiple vulnerabilities in IBM Security QRadar SOAR. According to the report, successful exploitation of these flaws would allow the deployment of severe attack scenarios. Below are brief descriptions of the reported flaws, in addition to their tracking keys and scorings assigned according to the Common Vulnerability Scoring System (CVSS). […]
Unpatched software is a computer code containing known security weaknesses. Unpatched vulnerabilities refer to weaknesses that allow attackers to leverage a known security bug that has not been patched by running malicious code. Software vendors write additions to the codes, known as “patches,” when they come to know about these application vulnerabilities to secure these […]
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) this week added 95 more security flaws to its Known Exploited Vulnerabilities Catalog, taking the total number of actively exploited vulnerabilities to 478. “These types of vulnerabilities are a frequent attack vector for malicious cyber actors and pose significant risk to the federal enterprise,” the agency said […]
Cybersecurity specialists report the detection of two vulnerabilities in VMware Spring Cloud Gateway, a library for creating API gateways over Spring and Java for a flexible way to route requests based on a number of criteria. According to the report, the exploitation of these flaws could lead to dangerous hacking scenarios. Below are brief descriptions […]
JFrog security teams report finding 5 vulnerabilities in PJSIP, a multimedia communication library developed by Teluu. According to the report, successful exploitation of these flaws would allow threat actors to lead to an arbitrary code execution scenario in applications using this library. This library provides an API that can be used by IP telephony applications, […]
Cybersecurity specialists report the detection of some severe vulnerabilities in Zyxel Armor routers, mainly used in home environments. According to the report, successful exploitation of these flaws would allow threat actors to fully compromise the affected system. Below are brief descriptions of the reported flaws, in addition to their respective identification keys and scores assigned […]
This week, CISA updated Known Exploited Vulnerabilities Catalog by adding two flaws emanating from Zabbix monitoring solution. The two vulnerabilities, CVE-2022-23134 and CVE-2022-23131 could allow attackers to bypass security authentication and attack Zabbix. The open-source enterprise solution tool, Zabbix, which collects and centralizes network data, and traffic, is susceptible to two vulnerabilities that attackers can […]
Cybersecurity specialists report the detection of multiple vulnerabilities in the popular Vim text editor. According to the report, successful exploitation of these flaws would allow threat actors to deploy multiple hacking tasks. Below are brief descriptions of some of the reported vulnerabilities, in addition to their respective identification keys and scores assigned under the Common […]
Two vulnerabilities have been reported to be detected in Samsung Galaxy S21 devices whose malicious exploitation would allow threat actors to deploy various hacking tasks on the compromised devices. Below are brief descriptions of the reported flaws, in addition to their respective scores assigned under the Common Vulnerability Scoring System (CVSS). It is worth mentioning […]
Multiple vulnerabilities have been detected in My Cloud OS 5, the operating system of network-attached storage (NAS) solutions developed by Western Digital. According to the report, the successful exploitation of these flaws would lead to the compromise of the affected systems. Below are brief descriptions of the reported flaws, in addition to their identification keys […]
Google has issued an update for Chrome users on Windows, Linux and macOS operating systems in order to address a zero-day vulnerability that could have been actively exploited by malicious hackers, in addition to addressing other severe vulnerabilities affecting all versions of the popular browser. While the company reserved technical details about the vulnerabilities due […]
Earlier this week, VMware announced the correction of multiple critical vulnerabilities in products such as VMware ESXi, Workstation and Fusion, most of them reported during last year’s Tianfu Cup ethical hacking summit in China. During the event he highlighted the work of the Kunlun Lab hacking team, which won rewards of more than $650,000 USD […]
Cybersecurity specialists report the detection of multiple vulnerabilities in VMware Cloud Foundation (ESXi), a popular hybrid cloud platform. According to the report, successful exploitation of the flaws would allow threat actors to deploy multiple hacking tasks on the affected systems. Below are brief descriptions of the reported flaws, in addition to their respective tracking keys […]
In its most recent statement, the Cybersecurity and Infrastructure Security Agency (CISA) added 15 new vulnerabilities to its Catalog of Known Exploited Vulnerabilities, a list of known security flaws that threat actors have exploited in recent attacks and that must be addressed by federal agencies in the U.S. In Binding Operational Directive 22-01: “Significant Risk […]
Moxa users will need to upgrade MXview to versions greater than 3.2.4 in order to address five vulnerabilities in the web-based network management system. These failures received critical scores of 10/10 according to the Common Vulnerability Scoring System (CVSS). According to Claroty researchers, unauthenticated threat actors could chain two or more of these vulnerabilities to […]
In its latest security alert, Siemens announced the release of patches to address multiple critical vulnerabilities whose exploitation would allow some models of programmable logic controllers (PLC) to be remotely blocked. The company fixed a total of 27 vulnerabilities, three of which could be exploited by unauthenticated remote threat actors for the deployment of denial […]
SAP security teams confirmed the patching of 19 vulnerabilities affecting various products, among which three critical flaws according to the Common Vulnerability Scoring System (CVSS) stand out. The flaws were reported by researchers at security firm Onapsis. This set of flaws, dubbed as ICMAD, resides in SAP Internet Communication Manager (ICM), a core component of […]