Category: Vulnerabilities

July 22, 2021

Oracle on Tuesday released its quarterly Critical Patch Update for July 2021 with 342 fixes spanning across multiple products, some of which could be exploited by a remote attacker to take control of an affected system. Chief among them is […]

July 16, 2021

As it put out the latest stable build of the cross-platform Chrome web browser, Google noted that the build bundles eight security fixes, including one that it was aware was being exploited in the wild. Six of the patched Chrome […]

July 14, 2021

Starting September 1, 2021, the Chinese government will require that any Chinese citizen who finds a zero-day vulnerability must pass the details to the Chinese government and must not sell or give the knowledge to any third-party outside of China […]

July 13, 2021

Attackers have been exploiting a newly discovered zero-day flaw in SolarWinds software, the security vendor has warned. The vulnerability exists in Serv-U Managed File Transfer Server and Serv-U Secured FTP. SolarWinds has urged all users to immediately install an emergency […]

July 12, 2021

Advisories describing the vulnerabilities were published this month by the U.S. Cybersecurity and Infrastructure Security Agency (CISA) and Mitsubishi Electric. SecurityWeek has also obtained additional information from people involved in the discovery and disclosure of these flaws. One advisory describes […]

July 12, 2021

Former Kaseya staff have alleged that the company failed to address critical security flaws in its software several times between 2017 and 2020. Earlier this month, threat actors exploited a zero-day vulnerability in Kaseya’s VSA software to breach several managed […]

July 9, 2021

As part of the company’s 17 bug bounty and grant programs, participating security researchers can earn awards as high as $250,000 — the highest rewards are for critical vulnerabilities in Hyper-V. More than 340 security researchers across 58 countries received […]

July 7, 2021

Developed by Russian security firm Kaspersky, the Kaspersky Password Manager (KPM) allows users not only to securely store passwords and documents, but also to generate passwords when needed. All of the sensitive data stored in KPM’s vault is protected by […]

July 7, 2021

Last week we wrote about PrintNightmare, a vulnerability that was supposed to be patched but wasn’t. After June’s Patch Tuesday, researchers found that the patch did not work in every case, most notably on modern domain controllers. Yesterday, Microsoft issued […]

June 29, 2021

Code repository hosting service GitHub announced that it has paid $524,250 through its bug bounty program for 203 vulnerabilities affecting its products and services in 2020. The company revealed that it paid more than $1.5 million since 2016. “2020 was […]