Threats & Malware, Vulnerabilities
November 11, 2022
Via: The Hacker NewsMultiple high-severity flaws have been uncovered in the open source OpenLiteSpeed Web Server as well as its enterprise variant that could be weaponized to achieve remote code execution. “By chaining and exploiting the vulnerabilities, adversaries could compromise the web server […]
Threats & Malware, Vulnerabilities
October 27, 2022
Via: The Hacker NewsA now-patched security flaw in Apple’s iOS and macOS operating systems could have potentially enabled apps with Bluetooth access to eavesdrop on conversations with Siri. Apple said “an app may be able to record audio using a pair of connected […]
Threats & Malware, Vulnerabilities
October 18, 2022
Via: Security WeekApache Commons Text is an open source Java library designed for working with strings. Alvaro Munoz, a researcher at GitHub’s Security Lab, discovered in March that the library is affected by an arbitrary code execution vulnerability related to untrusted data […]
Threats & Malware, Vulnerabilities
October 12, 2022
Via: TechRadarA high-severity vulnerability discovered almost a year ago in VMware vCenter Server 8.0 has not yet been patched(opens in new tab), the company has confirmed. The flaw, tracked as CVE-2021-22048, is described as a privilege escalation vulnerability, and allows non-admin […]
Threats & Malware, Vulnerabilities
October 11, 2022
Via: The RegisterSecurity appliance vendor Fortinet has become the subject of a bug report by its own FortiGuard Labs after the discovery of a critical-rated flaw in three of its products. CVE-2022-40684 is rated 9.6/10 on the Common Vulnerability Scoring System (CVSS), […]
Threats & Malware, Vulnerabilities
September 23, 2022
Via: Help Net SecurityThe US Cybersecurity and Infrastructure Security Agency (CISA) has added CVE-2022-35405, a critical remote code execution vulnerability in ManageEngine PAM360, Password Manager Pro, and Access Manager Plus, to its Known Exploited Vulnerabilities (KEV) Catalog. The details of in-the-wild exploitation of […]
Application security, Security
August 31, 2022
Via: Dark ReadingA high-severity flaw in the Android version of the TikTok app — which has been installed more than 1.5 billion times so far via the Google Play Store — could allow threat actors to hijack a user’s account with a […]
Threats & Malware, Vulnerabilities
August 25, 2022
Via: Security WeekMozilla this week patched several high-severity vulnerabilities in its Firefox and Thunderbird products. Firefox 104 — as well as Firefox ESR 91.13 and 102.2 — patches a high-severity address bar spoofing issue related to XSLT error handling. The flaw, tracked […]
Threats & Malware, Vulnerabilities
August 25, 2022
Via: Security WeekCisco this week announced patches for two vulnerabilities impacting the NX-OS software that powers its Nexus-series business switches. Impacting the OSPF version 3 (OSPFv3) feature of NX-OS, the first of these issues is tracked as CVE-2022-20823 and could be exploited […]
Application security, Security
August 6, 2020
Via: Help Net SecurityA high-risk vulnerability (CVE-2020-13699) in TeamViewer for Windows could be exploited by remote attackers to crack users’ password and, consequently, lead to further system exploitation. About TeamViewer TeamViewer is an application developed by German company TeamViewer GmbH and is available […]
January 8, 2020
Via: Threat PostGoogle kicked off its first Android Security Bulletin of 2020 patching a critical flaw in its Android operating system, which if exploited could allow a remote attacker to execute code. Compared to last year’s monthly tally, the number of CVEs […]
Threats & Malware, Vulnerabilities
January 3, 2020
Via: Security AffairsCisco has released software updates that address several critical and high-severity vulnerabilities in its Data Center Network Manager (DCNM) product. All the vulnerabilities were reported to Cisco through Trend Micro’s Zero Day Initiative (ZDI) and Accenture’s iDefense service by the […]
December 3, 2019
Via: Help Net SecurityHackers are actively exploiting StrandHogg, a newly revealed Android vulnerability, to steal users’ mobile banking credentials and empty their accounts, a Norwegian app security company has warned. “Promon identified the StrandHogg vulnerability after it was informed by an Eastern European […]
September 23, 2019
Via: Security AffairsAtlassian released security updates to address critical vulnerabilities in Jira Service Desk and Jira Service Desk Data Center. One of the flaw can lead to information disclosure, while another critical vulnerability addressed by Atlassian could allow server-side template injection leading […]
September 6, 2019
Via: William PalmerGoogle’s Project Zero security task force reported that it uncovered an “indiscriminate” hacking operation that targeted iPhones for at least two years to gain access to personal files, messages, and real-time location data. According to Motherboard, it could be one […]
Threats & Malware, Vulnerabilities
August 16, 2019
Via: Help Net SecurityA newly disclosed vulnerability (CVE-2019-9506) in the Bluetooth Core Specification can be exploited by attackers to intercept and manipulate Bluetooth communications/traffic between two vulnerable devices. Researchers Daniele Antonioli, Nils Ole Tippenhauer and Kasper Rasmussen discovered the flaw and demonstrated a […]
Threats & Malware, Vulnerabilities
August 8, 2019
Via: Hot for SecurityNetworking behemoth Cisco has rolled out an important firmware update for users of its 220 Series smart switches after a researcher discovered three security flaws in the systems, including two deemed critical. In typical bug-reporting fashion, Switchzilla has published separate […]
August 7, 2019
Via: Dark ReadingA six-week bug-hunting contest netted the US Air Force information on 54 security vulnerabilities in its Common Computing Environment (CCE), a branch-wide cloud platform that aims to serve up online applications, program management firm Bugcrowd said on August 6. The […]
July 31, 2019
Via: Dark ReadingGoogle Project Zero researchers found an iOS vulnerability that could let an attacker snoop on a victim’s phone remotely. Apple’s most recent update to iOS wasn’t simply to add features: It also patched a significant vulnerability discovered by Google Project […]
July 24, 2019
Via: Threat PostA widespread and ongoing malicious advertising campaign is exploiting several recently-disclosed WordPress plugin vulnerabilities to redirect website visitors to booby-trapped landing pages. Researchers at Wordfence said that they recently discovered bad actors injecting code into websites with the vulnerable plugins […]