Vulnerabilities

NSA Issues Guidance on Mitigating BlackLotus Bootkit Infections

bootkit, firmware, Malware & Threats, NSA, UEFI, Vulnerabilities /

NSA Issues Guidance on Mitigating BlackLotus Bootkit Infections 23/06/2023 at 20:58 By Ionut Arghire The National Security Agency (NSA) has released mitigation guidance to help organizations stave off BlackLotus UEFI bootkit infections. The post NSA Issues Guidance on Mitigating BlackLotus Bootkit Infections appeared first on SecurityWeek. This article is an excerpt from SecurityWeek RSS Feed […]

React to this headline:

Loading spinner

NSA Issues Guidance on Mitigating BlackLotus Bootkit Infections Read More »

CISA Tells US Agencies to Patch Exploited Roundcube, VMware Flaws

and CVE-2021-44026, CISA, CVE-2020-12641, CVE-2020-35730, Government, Incident Response, KEV catalog, Vulnerabilities /

CISA Tells US Agencies to Patch Exploited Roundcube, VMware Flaws 23/06/2023 at 18:43 By Ionut Arghire The US government’s cybersecurity agency adds VMware and Roundcube server flaws to its Known Exploited Vulnerabilities (KEV) catalog. The post CISA Tells US Agencies to Patch Exploited Roundcube, VMware Flaws appeared first on SecurityWeek. This article is an excerpt

React to this headline:

Loading spinner

CISA Tells US Agencies to Patch Exploited Roundcube, VMware Flaws Read More »

VMware Patches Code Execution Vulnerabilities in vCenter Server

VMWare, Vulnerabilities /

VMware Patches Code Execution Vulnerabilities in vCenter Server 23/06/2023 at 17:19 By Ionut Arghire VMware published software updates to address multiple memory corruption vulnerabilities in vCenter Server that could lead to remote code execution. The post VMware Patches Code Execution Vulnerabilities in vCenter Server appeared first on SecurityWeek. This article is an excerpt from SecurityWeek

React to this headline:

Loading spinner

VMware Patches Code Execution Vulnerabilities in vCenter Server Read More »

The Benefits of Red Zone Threat Intelligence

Threat Intelligence, Vulnerabilities /

The Benefits of Red Zone Threat Intelligence 22/06/2023 at 16:31 By Derek Manky Incorporating Red Zone threat intelligence into your security strategy will help you stay on top of the latest threats and better protect your organization. The post The Benefits of Red Zone Threat Intelligence appeared first on SecurityWeek. This article is an excerpt

React to this headline:

Loading spinner

The Benefits of Red Zone Threat Intelligence Read More »

PoC Exploit Published for Cisco AnyConnect Secure Vulnerability

Cisco, exploit, Vulnerabilities /

PoC Exploit Published for Cisco AnyConnect Secure Vulnerability 22/06/2023 at 16:31 By Ionut Arghire A security researcher has published proof-of-concept (PoC) exploit code targeting a recent high-severity vulnerability (CVE-2023-20178) in Cisco AnyConnect Secure. The post PoC Exploit Published for Cisco AnyConnect Secure Vulnerability appeared first on SecurityWeek. This article is an excerpt from SecurityWeek RSS

React to this headline:

Loading spinner

PoC Exploit Published for Cisco AnyConnect Secure Vulnerability Read More »

Apple Patches iOS Flaws Used in Kaspersky ‘Operation Triangulation’ 

CVE-2023-32434, CVE-2023-32435, Nation-State, Vulnerabilities, Zero-Day /

Apple Patches iOS Flaws Used in Kaspersky ‘Operation Triangulation’  21/06/2023 at 22:52 By Ionut Arghire Apple ships major iOS security updates to cover code execution vulnerabilities already exploited in the wild. The post Apple Patches iOS Flaws Used in Kaspersky ‘Operation Triangulation’  appeared first on SecurityWeek. This article is an excerpt from SecurityWeek RSS Feed

React to this headline:

Loading spinner

Apple Patches iOS Flaws Used in Kaspersky ‘Operation Triangulation’  Read More »

Critical WordPress Plugin Vulnerabilities Impact Thousands of Sites

Application Security, CVE-2023-2834, CVE-2023-2986, CVSS 9.8, Vulnerabilities, WooCommerce, WordPress /

Critical WordPress Plugin Vulnerabilities Impact Thousands of Sites 21/06/2023 at 19:14 By Ionut Arghire Two critical-severity authentication bypass vulnerabilities in WordPress plugins with tens of thousands of installations. The post Critical WordPress Plugin Vulnerabilities Impact Thousands of Sites appeared first on SecurityWeek. This article is an excerpt from SecurityWeek RSS Feed View Original Source React

React to this headline:

Loading spinner

Critical WordPress Plugin Vulnerabilities Impact Thousands of Sites Read More »

Enphase Ignores CISA Request to Fix Remotely Exploitable Flaws

CISA, Enphase, ICS/OT, IoT Security, Vulnerabilities /

Enphase Ignores CISA Request to Fix Remotely Exploitable Flaws 21/06/2023 at 19:14 By Ionut Arghire Enphase Energy has ignored CISA requests to fix remotely exploitable vulnerabilities in Enphase products. The post Enphase Ignores CISA Request to Fix Remotely Exploitable Flaws appeared first on SecurityWeek. This article is an excerpt from SecurityWeek RSS Feed View Original

React to this headline:

Loading spinner

Enphase Ignores CISA Request to Fix Remotely Exploitable Flaws Read More »

Chrome and Its Vulnerabilities – Is the Web Browser Safe to Use?

Chrome, Featured, Google Chrome, Vulnerabilities /

Chrome and Its Vulnerabilities – Is the Web Browser Safe to Use? 21/06/2023 at 15:33 By Kevin Townsend Why are there so many vulnerabilities in Chrome? Is it realistically safe to use? Can Google do anything to make the web browser safer? The post Chrome and Its Vulnerabilities – Is the Web Browser Safe to

React to this headline:

Loading spinner

Chrome and Its Vulnerabilities – Is the Web Browser Safe to Use? Read More »

VMware Confirms Live Exploits Hitting Just-Patched Security Flaw

Aria Operations for Networks, Malware & Threats, Network Security, virtualization, VMWare, Vulnerabilities /

VMware Confirms Live Exploits Hitting Just-Patched Security Flaw 21/06/2023 at 03:16 By Ryan Naraine VMware updates a critical-level bulletin: “VMware has confirmed that exploitation of CVE-2023-20887 has occurred in the wild.” The post VMware Confirms Live Exploits Hitting Just-Patched Security Flaw appeared first on SecurityWeek. This article is an excerpt from SecurityWeek RSS Feed View

React to this headline:

Loading spinner

VMware Confirms Live Exploits Hitting Just-Patched Security Flaw Read More »

Researchers Flag Account Takeover Flaw in Microsoft Azure AD OAuth Apps

Azure, cloud security, Microsoft, noAuth, OAuth, Vulnerabilities /

Researchers Flag Account Takeover Flaw in Microsoft Azure AD OAuth Apps 20/06/2023 at 23:24 By Ryan Naraine Businesses using ‘Log in with Microsoft’ could be exposed to privilege escalation and full account takeover exploits. The post Researchers Flag Account Takeover Flaw in Microsoft Azure AD OAuth Apps appeared first on SecurityWeek. This article is an

React to this headline:

Loading spinner

Researchers Flag Account Takeover Flaw in Microsoft Azure AD OAuth Apps Read More »

Asus Patches Highly Critical WiFi Router Flaws

Asus, CVE-2018-1160, CVE-2022-26376, firmware, Mobile & Wireless, router, Vulnerabilities /

Asus Patches Highly Critical WiFi Router Flaws 20/06/2023 at 00:17 By Ryan Naraine Asus patches nine WiFi router security defects, including a highly critical 2018 vulnerability that exposes users to code execution attacks. The post Asus Patches Highly Critical WiFi Router Flaws appeared first on SecurityWeek. This article is an excerpt from SecurityWeek RSS Feed

React to this headline:

Loading spinner

Asus Patches Highly Critical WiFi Router Flaws Read More »

Western Digital Blocks Unpatched Devices From Cloud Services

CVE-2022-36327, Endpoint Security, firmware, Vulnerabilities, Western Digital /

Western Digital Blocks Unpatched Devices From Cloud Services 19/06/2023 at 18:08 By Ionut Arghire Western Digital is blocking access to its cloud services for devices running firmware versions impacted by a critical security vulnerability. The post Western Digital Blocks Unpatched Devices From Cloud Services appeared first on SecurityWeek. This article is an excerpt from SecurityWeek

React to this headline:

Loading spinner

Western Digital Blocks Unpatched Devices From Cloud Services Read More »

MOVEit Customers Urged to Patch Third Critical Vulnerability

Featured, MOVEit, Vulnerabilities /

MOVEit Customers Urged to Patch Third Critical Vulnerability 19/06/2023 at 14:17 By Ionut Arghire A critical vulnerability (CVE-2023-35708) in MOVEit software could allow unauthenticated attackers to access database content. The post MOVEit Customers Urged to Patch Third Critical Vulnerability appeared first on SecurityWeek. This article is an excerpt from SecurityWeek RSS Feed View Original Source

React to this headline:

Loading spinner

MOVEit Customers Urged to Patch Third Critical Vulnerability Read More »

SquareX Launches Bug Bounty Program for Browser Security Product

bug bounty program, SquareX, Vulnerabilities /

SquareX Launches Bug Bounty Program for Browser Security Product 15/06/2023 at 18:28 By Ionut Arghire Cybersecurity startup SquareX launches a temporary bug bounty program for its cloud-based browser security solution. The post SquareX Launches Bug Bounty Program for Browser Security Product appeared first on SecurityWeek. This article is an excerpt from SecurityWeek RSS Feed View

React to this headline:

Loading spinner

SquareX Launches Bug Bounty Program for Browser Security Product Read More »

Hundreds of Thousands of eCommerce Sites Impacted by Critical Plugin Vulnerability

Vulnerabilities /

Hundreds of Thousands of eCommerce Sites Impacted by Critical Plugin Vulnerability 14/06/2023 at 16:35 By Ionut Arghire Hundreds of thousands of ecommerce sites are impacted by a critical vulnerability in the WooCommerce Stripe Payment Gateway plugin. The post Hundreds of Thousands of eCommerce Sites Impacted by Critical Plugin Vulnerability appeared first on SecurityWeek. This article

React to this headline:

Loading spinner

Hundreds of Thousands of eCommerce Sites Impacted by Critical Plugin Vulnerability Read More »

Chrome 114 Update Patches Critical Vulnerability

Chrome, Vulnerabilities /

Chrome 114 Update Patches Critical Vulnerability 14/06/2023 at 15:31 By Ionut Arghire Google has released a Chrome 114 security update to address five vulnerabilities, including a critical-severity bug in Autofill payments. The post Chrome 114 Update Patches Critical Vulnerability appeared first on SecurityWeek. This article is an excerpt from SecurityWeek RSS Feed View Original Source

React to this headline:

Loading spinner

Chrome 114 Update Patches Critical Vulnerability Read More »

SAP Patches High-Severity Vulnerabilities With June 2023 Security Updates

Vulnerabilities /

SAP Patches High-Severity Vulnerabilities With June 2023 Security Updates 14/06/2023 at 14:34 By Ionut Arghire SAP has released eight new security notes on June 2023 Security Patch Day, including two that address high-severity vulnerabilities. The post SAP Patches High-Severity Vulnerabilities With June 2023 Security Updates appeared first on SecurityWeek. This article is an excerpt from

React to this headline:

Loading spinner

SAP Patches High-Severity Vulnerabilities With June 2023 Security Updates Read More »

Chinese Cyberspies Caught Exploiting VMware ESXi Zero-Day

Cyberwarfare, Featured, VMWare, Vulnerabilities, Zero-Day /

Chinese Cyberspies Caught Exploiting VMware ESXi Zero-Day 13/06/2023 at 21:19 By Ionut Arghire Mandiant has observed a Chinese cyberespionage group exploiting a VMware ESXi zero-day vulnerability for privilege escalation. The post Chinese Cyberspies Caught Exploiting VMware ESXi Zero-Day appeared first on SecurityWeek. This article is an excerpt from SecurityWeek RSS Feed View Original Source React

React to this headline:

Loading spinner

Chinese Cyberspies Caught Exploiting VMware ESXi Zero-Day Read More »

Microsoft Patches Critical Windows Vulns, Warn of Code Execution Risks

CVE-2023-29363, CVE-2023-32014, CVE-2023-32015, Microsoft, Network Security, Patch Tuesday, Vulnerabilities /

Microsoft Patches Critical Windows Vulns, Warn of Code Execution Risks 13/06/2023 at 21:19 By Ryan Naraine Patch Tuesday: Microsoft ships updates to over at least 70 documented vulnerabilities affecting the Windows ecosystem. The post Microsoft Patches Critical Windows Vulns, Warn of Code Execution Risks appeared first on SecurityWeek. This article is an excerpt from SecurityWeek

React to this headline:

Loading spinner

Microsoft Patches Critical Windows Vulns, Warn of Code Execution Risks Read More »

Scroll to Top