Enlarge (credit: Getty Images) Hackers are mass scanning the Internet in search of VMware servers with a newly disclosed code-execution vulnerability that has a severity rating of 9.8 out of a possible 10. CVE-2021-21974, as the security flaw is tracked, is a remote code-execution vulnerability in VMware vCenter server, an application for Windows or Linux […]
Enlarge (credit: Getty Images) It’s the second Tuesday of February, and that means Microsoft and other software makers are releasing dozens of updates to fix security vulnerabilities. Topping of this month’s list are two zerodays under active exploit and critical networking flaws that allow attackers to remotely execute malicious code or shut down computers. The […]
(credit: Chrome) Users of Google’s Chrome browser have faced three security concerns over the past 24 hours in the form of a malicious extension with more than 2 million users, a just-fixed zero-day, and new information about how malware can abuse Chrome’s sync feature to bypass firewalls. Let’s discuss them one by one. First up, […]
Enlarge (credit: Getty Images) SolarWinds, the previously little-known company whose network-monitoring tool Orion was a primary vector for one of the most serious breaches in US history, has pushed out fixes for three severe vulnerabilities. Martin Rakhmanov, a researcher with Trustwave SpiderLabs, said in a blog post on Wednesday that he began analyzing SolarWinds products […]
Enlarge (credit: Getty Images) Network security provider SonicWall said on Monday that hackers are exploiting a critical zeroday vulnerability in one of the firewalls it sells. The security flaw resides in the Secure Mobile Access 100 series, SonicWall said in an advisory updated on Monday. The vulnerability, which affects SMA 100 firmware versions 10.x, isn’t […]
Enlarge (credit: Getty Images) Google researchers have detailed a sophisticated hacking operation that exploited vulnerabilities in Chrome and Windows to install malware on Android and Windows devices. Some of the exploits were zero-days, meaning they targeted vulnerabilities that at the time were unknown to Google, Microsoft, and most outside researchers (both companies have since patched […]
Enlarge (credit: Zyxel) Hackers are attempting to exploit a recently discovered backdoor built into multiple Zyxel device models that hundreds of thousands of individuals and businesses use as VPNs, firewalls, and wireless access points. The backdoor comes in the form of an undocumented user account with full administrative rights that’s hardcoded into the device firmware, […]
Enlarge (credit: Traitov | Getty Images) 2020 was a tough year for a lot of reasons, not least of which were breaches and hacks that visited pain on end users, customers, and the organizations that were targeted. The ransomware menace dominated headlines, with an endless stream of compromises hitting schools, governments, and private companies as […]
Expand (charge: Apple) Three dozen journalists needed their iPhones murdered in July and August with what at the time was an iMessage zeroday harness which did not need the sufferers to take some actions to become infected, researchers stated. The exploit along with the payload it set up were created and marketed by NSO Group,” […]
Expand (credit: Getty Images) Cisco has patched its Jabber conferencing and messaging program against a crucial vulnerability which makes it easy for attackers to run malicious code which could spread from computer to computer with no user interaction needed. Again. The vulnerability, which has been revealed in September, ” was the consequence of many flaws […]