Cybersecurity researchers on Wednesday disclosed three severe security vulnerabilities impacting SolarWinds products, the most severe of which could have been exploited to achieve remote code execution with elevated privileges. Two of the flaws (CVE-2021-25274 and CVE-2021-25275) were identified in the SolarWinds Orion Platform, while a third separate weakness (CVE-2021-25276) … [Read more...] about 3 New Severe Security Vulnerabilities Found In SolarWinds Software
Vulnerabilities
Researchers Find Vulnerabilities in Microsoft Azure Cloud Service
As businesses are increasingly migrating to the cloud, securing the infrastructure has never been more important. Now according to the latest research, two security flaws in Microsoft's Azure App Services could have enabled a bad actor to carry out server-side request forgery (SSRF) attacks or execute arbitrary code and take over the administration server. "This enables an … [Read more...] about Researchers Find Vulnerabilities in Microsoft Azure Cloud Service
Identify CVE-2020-1472 Vulnerabilities with Zerologon Dashboard
A serious and potentially dire patch warning has been issued by the Department of Homeland Security (DHS) advisory team, the Cybersecurity and Infrastructure Security Agency (CISA). The alert, labeled “Emergency Directive 20-04,” is based on vulnerability CVE-2020-1472 and requires U.S. federal agencies to immediately patch Microsoft Windows servers. Because of the severe … [Read more...] about Identify CVE-2020-1472 Vulnerabilities with Zerologon Dashboard
Researcher Demonstrates Several Zoom Vulnerabilities at DEF CON 28
Popular video conferencing app Zoom has addressed several security vulnerabilities, two of which affect its Linux client that could have allowed an attacker with access to a compromised system to read and exfiltrate Zoom user data—and even run stealthy malware as a sub-process of a trusted application.According to cybersecurity researcher Mazin Ahmed, who presented his findings … [Read more...] about Researcher Demonstrates Several Zoom Vulnerabilities at DEF CON 28
Ripple20: Critical Vulnerabilities Might be Putting Your IoT/OT Devices at Risk
Cybersecurity researchers from JSOF have just published a set of 19 vulnerabilities, dubbed Ripple20 that are impacting the TCP/IP stack developed by Treck. This software stack is integrated into millions of systems used in the healthcare, transportation, manufacturing, telecoms and energy markets, potentially affecting a very large number of organizations and critical … [Read more...] about Ripple20: Critical Vulnerabilities Might be Putting Your IoT/OT Devices at Risk
Ripple20: 19 vulnerabilities in the TCP/IP library
Experts at Israeli company JSOF have discovered 19 zero-day vulnerabilities, some critical, affecting hundreds of millions of Internet of Things (IoT) devices. The worst part is that some devices will never receive updates. All of the vulnerabilities were found in the TCP/IP library of Treck Inc., which the company has been developing for more than two decades. The set of … [Read more...] about Ripple20: 19 vulnerabilities in the TCP/IP library
Zero-day RCE vulnerabilities in Windows Adobe Type Manager Library actively exploited
Updated on April 14. Microsoft has issued a warning about two new vulnerabilities in the Adobe Type Manager Library. Moreover, according to their information, some attackers are already exploiting them in targeted attacks. On April 14, Microsoft released security updates that address these vulnerabilities. What is Adobe Type Manager Library and how is it vulnerable There were … [Read more...] about Zero-day RCE vulnerabilities in Windows Adobe Type Manager Library actively exploited
New Mobile Internet Protocol Vulnerabilities Let Hackers Target 4G/5G Users
High impact vulnerabilities in modern communication protocol used by mobile network operators (MNOs) can be exploited to intercept user data and carry out impersonation, fraud, and denial of service (DoS) attacks, cautions a newly published research.The findings are part of a new Vulnerabilities in LTE and 5G Networks 2020 report published by London-based cybersecurity firm … [Read more...] about New Mobile Internet Protocol Vulnerabilities Let Hackers Target 4G/5G Users
Microsoft Releases June 2020 Security Patches For 129 Vulnerabilities
Microsoft today released its June 2020 batch of software security updates that patches a total of 129 newly discovered vulnerabilities affecting various versions of Windows operating systems and related products.This is the third Patch Tuesday update since the beginning of the global Covid-19 outbreak, putting some extra pressure on security teams struggling to keep up with … [Read more...] about Microsoft Releases June 2020 Security Patches For 129 Vulnerabilities
BMC Vulnerabilities Expose Supermicro Servers to Remote USB-Attacks
Enterprise servers powered by Supermicro motherboards can remotely be compromised by virtually plugging in malicious USB devices, cybersecurity researchers at firmware security company Eclypsium told The Hacker News.Yes, that's correct. You can launch all types of USB attacks against vulnerable Supermicro servers without actually physically accessing them or waiting for your … [Read more...] about BMC Vulnerabilities Expose Supermicro Servers to Remote USB-Attacks