+44 (0)203 88 020 88

Menu

Search

cyber security news

PaperCut Flaw Allows RCE on Windows Servers

A critical severity flaw in PaperCut NG and PaperCut MF print management applications that can allow unauthenticated attackers to perform remote code execution (RCE) on vulnerable Windows servers. Any use of the affected PaperCut software prior to version 22.1.3 on Windows that is exposed to the internet is vulnerable to exploitation. For the best security, […]

PaperCut Flaw Allows RCE on Windows Servers Read More »

Canon Printers Retain Wi-Fi Information After Wipe

Canon Inkjet printers have been found to retain sensitive Wi-Fi information after the usual wipe that is performed in the initialisation process. Canon have released a security advisory to warn their customers that information that can be used to connect to previously connected Wi-Fi is kept within the memory of the Wi-Fi connection settings, and

Canon Printers Retain Wi-Fi Information After Wipe Read More »

Ivanti Patch Actively Exploited EPMM Zero-Day Flaw

An actively exploited vulnerability has been patched in that latest updates for Ivanti Endpoint Manager Mobile (EPMM), previously known as MobileIron Core. This zero-day flaw affects all supported versions of this mobile device management software, as well as some older release versions before EPMM 11.8.1.0 that are no longer managed by the developers. Ivanti have

Ivanti Patch Actively Exploited EPMM Zero-Day Flaw Read More »

Unpatched Redis Servers Targeted by P2P Malware

A peer-to-peer (P2P) worm known as P2PInfect has been discovered by security researchers at Unit42 to be actively targeting Windows and Linux based Redis servers. Redis is an open-source database application used in cloud environments. This Rust-based worm targets publicly communicating internet-exposed cloud-based servers by exploiting a flaw that is over a year old. There

Unpatched Redis Servers Targeted by P2P Malware Read More »

Adobe ColdFusion Attack Chain Actively Exploited

Adobe ColdFusion vulnerabilities are being actively exploited by attackers to bypass authentication and execute remote commands to create a webshell on the vulnerable endpoint. ColdFusion is an Adobe product for web developers providing cloud based coding environments to build apps. Researchers at Rapid7 discovered an improper access control vulnerability in Adobe ColdFusion 2018, 2021, and

Adobe ColdFusion Attack Chain Actively Exploited Read More »

MITRE’s Top 25 Most Dangerous CWEs for 2023

A list of the top 25 most dangerous common weakness enumeration (CWE) software weaknesses for 2023 has been compiled by MITRE to inform people of the “most common and impactful” vulnerabilities and weaknesses affecting software over the past two years. This list was created using CVE data from the National Institute of Standards and Technology

MITRE’s Top 25 Most Dangerous CWEs for 2023 Read More »

Mastodon Patch High and Critical Vulnerabilities

Open-source social network Mastodon has needed to address one high severity and two critical severity vulnerabilities affecting their platform and servers, as well as one moderate severity flaw. Security advisories released by Mastodon explain that these vulnerabilities were discovered by auditors at Cure53 during a code review they were completing on behalf of Mozilla.   The

Mastodon Patch High and Critical Vulnerabilities Read More »

Android July Update Patches Actively Exploited Flaws

The new Android security update for this month has fixed a total of 46 vulnerabilities, three of which are thought to be actively exploited in what Android describe as “limited, targeted” attacks. Two security patch levels have been released, 2023-07-01, which addresses all issues within this security patch level for the system and framework as

Android July Update Patches Actively Exploited Flaws Read More »

0

No products in the basket.

No products in the basket.