All posts in security vulnerability
24 Oct, 2023
Cisco, cisco ios xe, cisco threat intelligence, fox-it, hardware, horizon3.ai, International, networking, Security, Security News, security patch, security vulnerability, software
0
The vulnerabilities, one of which was rated critical and one of which was rated highly severe, affect Cisco IOS XE software. Image: mehaniq41/Adobe Stock Cisco has patched two zero-day vulnerabilities that exposed Cisco IOS XE system software hosts to attackers. These vulnerabilities affected devices running the Cisco IOS XE software, . . . Read more
29 Sep, 2023
google, Google Chrome, International, libvpx, Microsoft, Microsoft Edge, mozilla firefox, Security, Security News, security vulnerability, software, webp
0
Google and Mozilla have patched the zero-day vulnerability, which originates in the libvpx library. Image: profit_image/Adobe Stock Google and Mozilla have patched a zero-day exploit in Chrome and Firefox, respectively. The zero-day exploit was being used by a commercial spyware vendor. The zero-day exploit could leave users open to a . . . Read more
11 Dec, 2020
botnet, Cloud Security, cryptomining, CVE-2019-9193, database servers, Linux, Malware, Malware analysis, Monero, Palo Alto, PGMiner, PostgreSQL, RCE, remote code execution, Security News, security vulnerability, Unit 42, Vulnerabilities
0
The malware takes aim at PostgreSQL database servers with never-before-seen techniques. An innovative Linux-based cryptocurrency mining botnet has been uncovered, which exploits a disputed PostgreSQL remote code-execution (RCE) vulnerability to compromise database servers. The malware is unusual and completely novel in a host of ways, researchers said. According to researchers . . . Read more
08 Dec, 2020
big, cisa alert, Critical Infrastructure, cybermdx, default credentials, Device security, GE Healthcare, Healthcare, Hospitals, IoT, medical devices, medical imaging, mri machines, Privacy, radiological devices, remote code execution, Security News, security vulnerability, unpatched, Vulnerabilities
0
A CISA alert is flagging a critical default credentials issue that affects 100+ types of devices found in hospitals, from MRI machines to surgical imaging.
04 Dec, 2020
cisa alert, Command injection, critical, CVE-2020-4006, Cybersecurity, NSA, patch, privilege escalation, security advisory, Security News, security vulnerability, severity rating, vmware, Vulnerabilities, workaround, zero day
0
VMware has issued a full patch and revised the severity level of the NSA-reported vulnerability to “important.” VMware has patched a zero-day bug that was disclosed in late November – an escalation-of-privileges flaw that impacts Workspace One and other platforms, for both Windows and Linux operating systems. VMware has also . . . Read more
01 Dec, 2020
Amazon AWS S3 bucket, Azure blob, Breach, cayman islands, Cloud misconfiguration, Cloud Security, data leak, investment firm, Microsoft Azure Blob, offshore banking, personal information, Privacy, Security News, security vulnerability, Vulnerabilities
0
An offshore Cayman Islands bank’s backups, covering a $500 million investment portfolio, were left unsecured and leaking personal banking information, passport data and even online banking PINs.
24 Nov, 2020
Backdoor, Blackrota, docker flaw, Docker Remote API, EKANS ransomware, ELF, go language, gobfuscate, golang, honeypot, Malware, obfuscation, reverse analysis, Security News, security vulnerability, Snake, unauthorized access
0
Blackrota is targeting a security bug in Docker, but is nearly impossible to reverse-analyze.
23 Nov, 2020
0-day, Cloud Security, Command injection, CVE-2020-4006, privilege escalation, Security News, security vulnerability, VMware Identity Manager, VMware Workspace One Access, vmware zero-day, Vulnerabilities, zero day
0
VMware explained it has no patch for a critical escalation-of-privileges bug that impacts both Windows and Linux operating systems and its Workspace One. The U.S. Cybersecurity and Infrastructure Security Agency is warning of a zero-day bug affecting six VMware products including its Workspace One, Identity Manager and vRealize Suite Lifecycle . . . Read more
19 Nov, 2020
bug hunter, contact tracing, contact tracing app, Corona Warn App, COVID-19, CWA, Data Privacy, Germany, github, java bean validation, Open Source, rce flaw, remote code execution, Security News, security vulnerability, Vulnerabilities, Web Security
0
Bug hunters at GitHub Security Labs help shore up German contact tracing app security, crediting open source collaboration. A security vulnerability in the infrastructure underlying Germany’s official COVID-19 contact-tracing app, called the Corona-Warn-App (CWA), would have allowed pre-authenticated remote code execution (RCE). Researcher Alvaro Muñoz wrote in a report this . . . Read more
19 Nov, 2020
Android, go sms pro, google play, information disclosure, media content exposure, mobile messaging app, Mobile Security, patch, predictable URLs, Privacy, private photos, Security News, security vulnerability, Trustwave SpiderLabs, Vulnerabilities, Web Security
0
The vulnerable version of the app, which has 100 million users, uses easily predictable URLs to link to private content. A security weakness discovered in the GO SMS Pro Android app can be exploited to publicly expose media sent using the app, according to researchers. The GO SMS Pro application . . . Read more