vulnerability Archives - Page 8 of 24

Microsoft Patches ‘Dangerous’ RCE Flaw in Azure Cloud Service

Issued by: Dark Reading

Microsoft has patched what researchers called a “dangerous” flaw in its Azure Service Fabric component of the company’s cloud-hosting infrastructure. If exploited, it would have allowed an unauthenticated, malicious actor to execute code on a container hosted on the platform. Researchers from Orca Security discovered the cross-site scripting (XSS) flaw — which they dubbed Super…

Vulnerabilities

DC Health Link Facing Lawsuits in Hack Affecting Congress

Issued by: DataBreach Today

The online health insurance marketplace servicing residents of Washington, D.C., and staffers and members of the U.S. Congress is facing two proposed class action lawsuits in the aftermath of a hacking incident that affected at least 56,400 individuals. Some of the data stolen in the incident was posted for sale on the dark web earlier…

Malware & Threats

Chinese Hackers Targeting Security and Network Appliances

Issued by: DataBreach Today

Chinese threat actors are turning security appliances into penetration pathways, forcing firewall maker Fortinet to again attempt to fend off hackers with a patch. Researchers from Mandiant say suspected Beijing hackers it tracks as UNC3886 has been targeting chip-based firewall and virtualization boxes. The group, it said in a Thursday blog post, exploited a now-patched…

Vulnerabilities

EV Charging Infrastructure Offers an Electric Cyberattack Opportunity

Issued by: Dark Reading

As electric vehicle (EV) charging infrastructure rushes to keep pace with the dramatic rise in sales of electric vehicles in the United States, cyberattackers and security researchers alike have already started focusing on security weaknesses in the infrastructure. In February, researchers with energy-network cybersecurity firm Saiflow discovered two vulnerabilities in the Open Charge Point Protocol…

Vulnerabilities

Companies urged to patch critical vulnerability in Fortinet FortiNAC

Issued by: CSO Online

Proof-of-concept exploit code is now available for a critical vulnerability in Fortinet FortiNAC appliances and attackers have already started using it in the wild. Users are advised to patch their systems as soon as possible. FortiNAC is a zero-trust network access solution that can be deployed both as a hardware device or as a virtual…

Vulnerabilities

Experts released VMware vRealize Log RCE exploit for CVE-2022-31706

Issued by: Security Affairs

Last week, researchers from Horizon3’s Attack Team announced the release of PoC exploit code for remote code execution in VMware vRealize Log tracked as CVE-2022-31706 (CVSS base 9.8/10). The PoC exploit code will trigger a series of flaws in VMware vRealize Log to achieve remote code execution on vulnerable installs. VMware Aria Operations for Logs…

Vulnerabilities

Critical Vulnerability Impacts Over 120 Lexmark Printers

Issued by: Security Week

The issue, tracked as CVE-2023-23560 (CVSS score of 9.0), is described as a server-side request forgery (SSRF) flaw in the Web Services feature of newer Lexmark devices, which could be exploited to execute arbitrary code. “Successful exploitation of this vulnerability can lead to an attacker being able to remotely execute arbitrary code on a device,”…

Vulnerabilities

Critical bug in Cisco EoL Small Business Routers will receive no patch

Issued by: Security Affairs

Cisco is warning of a critical vulnerability, tracked as CVE-2023-20025 (CVSS score of 9.0), that impacts small business RV016, RV042, RV042G, and RV082 routers. The IT giant announced that these devices will receive no security updates to address the bug because they have reached end of life (EoL). The flaw is an authentication bypass issue…

Vulnerabilities

Open source vulnerabilities add to security debt

Issued by: Help Net Security

The number of open source vulnerabilities that Mend identified and added to its vulnerability database in the first nine months of 2022 was 33 percent greater than the first nine months of 2021, reflecting both the growth in the number of published open-source packages and the acceleration of vulnerabilities. As businesses continue to heavily rely…

Malware & Threats

A year later, Log4Shell still lingers

Issued by: Help Net Security

72% of organizations remain vulnerable to the Log4Shell vulnerability as of October 1, 2022, Tenable‘s latest telemetry study has revealed, based on data collected from over 500 million tests. A vulnerability that’s difficult to eradicate When Log4Shell was discovered in December 2021, organizations around the world scrambled to determine their risk. In the weeks following…