OpenSSH contains several new security vulnerabilities, one of which is the critical CVE-2023-25136. The flaw is a pre-authentication double free issue which was introduced in OpenSSH version 9.1. The vulnerability has been addressed in OpenSSH 9.2. The other good news…
CVE-2021-35394 is a critical, remote code execution security vulnerability that affects Realtek Jungle SDK. Rated 9.8 on the CVSS 3.x Severity and Metrics scale, the vulnerability has been weaponized by attackers in ongoing malicious campaigns which were initiated in August…
VMware vRealize Log is vulnerable to several critical security vulnerabilities (CVE-2022-31706, CVE-2022-31704, CVE-2022-31710, CVE-2022-31711). The vulnerabilities were privately reported to the company. Both updates and workarounds are already available to fix the issues. CVE-2022-31706 CVE-2022-31706 is a directory traversal vulnerability.…
The first Patch Tuesday fixes shipped by Microsoft for 2023 have addressed a total of 98 security flaws, many of which are rated as critical, and one is actively exploited in the wild. More specifically, 11 of the vulnerabilities have…
CVE-2022-23529 is a new security vulnerability in the JSONWebToken open source project. The issue was discovered by Unit 42 researchers, and has been rated 7.6 on the CVSS scale (high severity). What Is the JSONWebToken Open Source Project? JSONWebToken is…
CVE-2022-39947 is a new, high severity security vulnerability in FortiADC product – an advanced application and database delivery controller from Fortinet. The vulnerability is a command injection issue in the product’s web interface, and has been rated 8.6 out of…
Cisco Talos researchers recently discovered a critical vulnerability in Ghost CMS, a popular open source content management and newsletter subscription system, designated as CVE-2022-41654. The vulnerability has the potential to allow external users (newsletter subscribers) to create newsletters and add…
The Zerobot botnet is making the headlines once again in a new campaign exploiting a range of security vulnerabilities. The malware spreads primarily through Internet of Things (IoT) and web application vulnerabilities, presenting a serious risk to organizations. Zerobot: What…
A new dangerous vulnerability has been discovered in macOS. The vulnerability, tracked as CVE-2022-42821, could allow a malicious actor to gain full control of a macOS system. CVE-2022-42821: What Is Known So Far? Microsoft recently discovered a major security vulnerability…
Security researchers have identified four critical vulnerabilities in Samba, a popular open-source file sharing program. New Severe Vulnerabilities in Samba Allow RCE, Most Severe of Which Is CVE-2022-38023 The vulnerabilities, identified as CVE-2022-38023, CVE-2022-37966, CVE-2022-37967, and CVE-2022-45141, could allow an…
According to cybersecurity reports, a new variant of the recently emerged Agenda ransomware has surfaced, written in the Rust programming language and specifically designed to target critical infrastructure. This new Agenda variant is concerning to security experts because of its…
Another Microsoft Patch Tuesday has rolled out, fixing a total of 49 vulnerabilities. In terms of severity and impact, six of these vulnerabilities are critical, 40 important, and the rest – moderate. Microsoft December 2022 Patch Tuesday: Affected Products So,…
CVE-2022-27518 is a newly detected Citrix vulnerability, currently exploited in attacks. The zero-day is located in Citrix ADC and Gateway, and could allow an unauthenticated remote threat actor to take over an exposed device. What Is Known about CVE-2022-27518? According…
CVE-2022-42475 is a newly reported zero-day and a highly severe vulnerability in FortiOS that could trigger remote code execution. The vulnerability has been exploited in the wild, and affected organizations should apply the patch immediately. CVE-2022-42475: What Is Known So…
The U.S. Department of Health and Human Services (HHS) has released a warning about ongoing Royal ransomware attacks that target healthcare organizations in the country. What Is Known about the Royal Ransomware Attacks? Royal ransomware is a lesser known ransomware…
CVE-2022-20968 is a new high-severity security vulnerability in Cisco IP Phone 7800 and 8800 Series firmware. CVE-2022-20968 In Detail The CVE-2022-20968 vulnerability could be exploited by unauthenticated threat actors in remote code execution and denial-of-service attacks. The flaw is triggered…
Zombinder is a new obfuscation service and criminal platform that allows threat actors to bind malware to legitimate Android applications. The service is cross-platform and targets both Windows and Android users. The platform was discovered by ThreatFabric researchers while analyzing…
Three new security vulnerabilities that create significant supply chain risk have been discovered. The vulnerabilities, which were discovered and reported by Eclypsium researchers, affect American Megatrends – MegaRAC Baseboard Management Controller (BMC) software: CVE-2022-40259 – Arbitrary Code Execution via Redfish…
Google has effectively updated its browser to a newer version, fixing a critical vulnerability, called CVE-2022-4135. According to recent information, this vulnerability concerns your hardware and more specifically your GPU. CVE-2022-4135 Vulnerability Fixed In Google Chrome Version 107.0.5304.121 The most…
A malicious campaign focused on stealing cryptocurrencies has been analyzed by security researchers in several consequent reports since 2020. ViperSoftX Cryptocurrency Infostealer: Technical Overview The malware, known as ViperSoftX, has been described initially by Fortinet, Colin Cowie, and now more…
