Multiple vulnerabilities have been patched in a new update for VMware vRealize Log Insight last week, some of which can be chained into an attack that results in remote code execution on unpatched systems. VMware vRealize Log Insight is an administrative tool for log analysis and infrastructure management also known as VMware Aria Operations for […]
VMware Patch Remote Code Execution Vulnerabilities Read More »
Two new vulnerabilities have been disclosed on end-of-life Cisco RV Series small business routers. These vulnerabilities can be exploited individually or chained into an attack that allows for remote attackers to gain root access to the operating system where they can then execute arbitrary code. The affected devices are RV016 Multi-WAN VPN Routers, RV042 Dual
Critical Authentication Bypass in Cisco Routers Read More »
Proof of concept (PoC) code has been released for three critical vulnerabilities in WordPress plugins that allow for SQL injection into the website code. The affected plugins are Paid Memberships Pro, Easy Digital Downloads, and Survey Maker, all of which have now received security updates that patch the SQL injection flaws. A security researcher at
WordPress Plugins have SQL Injection Vulnerabilities Read More »
A high severity SQL injection vulnerability has been patched in recent updates for Zoho ManageEngine products Password Manager Pro, PAM360, and Access Manager Plus. The software provider released a security advisory for this vulnerability where they advised customers of all three affected products to upgrade to the latest versions immediately due to the severity of
High Severity Vulnerability in ManageEngine Products Read More »
Endpoint detection and response (EDR) systems, and antivirus (AV) software, are used to increase the cybersecurity of a device. However, these security software solutions are now able to be exploited for their data deletion capabilities, effectively turning them into data wipers. Security researcher Or Yair at SafeBreach Labs discovered this capability alongside multiple zero-day vulnerabilities
Endpoint Detection Systems Used as Data Wipers Read More »
A critical zero-day vulnerability has been confirmed to be actively exploited by state-backed attackers to gain access to corporate networks. The National Security Agency (NSA), a branch of the US Government, have released a cybersecurity advisory to help organisations detect and mitigate attacks that exploit this vulnerability. Products affected by this flaw are Citrix ADC
Citrix Zero-Day Vulnerability Actively Exploited Read More »
A critical vulnerability in FortiOS SSL-VPN has been confirmed to be exploited in the wild by Fortinet. FortiGuard Labs, the threat and research branch of Fortinet, have published a security advisory this week warning users to immediately validate their systems against the list of indicators of compromise (IoC) which can be found in the security
Critical RCE Vulnerability Exploited in FortiOS Read More »
An update for NVIDIA GPU Display Driver was recently released, addressing 26 different security vulnerabilities, eight of which are considered high-severity flaws with a CVSS base score of between 7.1 and 8.8. Four vulnerabilities were also patched in the NVIDIA VGPU Software, 3 of which were also high-severity flaws. Last week, the Cisco Talos Intelligence
High Severity NVIDIA Driver Vulnerabilities Patched Read More »
Distributed Denial of Service (DDoS) attacks are on the rise, with the second half of 2021 showing a 43% increase in attacks since the first half of the same year. The Microsoft Digital Defence Report for 2022 shows that so far in 2022 Microsoft have mitigated nearly 2000 DDoS attacks each day. This report also
The Threat of Holiday DDoS Attacks Read More »
Three Android apps with over 2 million combined downloads have been found to have critical vulnerabilities that could result in remote code execution. These applications, Lazy Mouse, Telepad, and PC Keyboard, act as a remote keyboard or mouse for a desktop or laptop computer from the Android device they are installed on. Seven different vulnerabilities
Remote Code Execution Flaws in Keyboard Apps Read More »