Vulnerabilities Archives - Page 12 of 85

Experts released VMware vRealize Log RCE exploit for CVE-2022-31706

Issued by: Security Affairs

Last week, researchers from Horizon3’s Attack Team announced the release of PoC exploit code for remote code execution in VMware vRealize Log tracked as CVE-2022-31706 (CVSS base 9.8/10). The PoC exploit code will trigger a series of flaws in VMware vRealize Log to achieve remote code execution on vulnerable installs. VMware Aria Operations for Logs…

Vulnerabilities

QNAP addresses a critical flaw impacting its NAS devices

Issued by: Security Affairs

QNAP released QTS and QuTS firmware updates to address a critical vulnerability, tracked as CVE-2022-27596 (CVSS v3 score: 9.8), that affects QNAP NAS devices. A remote attacker can exploit the vulnerability to inject malicious code on QNAP NAS devices. The flaw is easy to exploit without user interaction or privileges on the vulnerable device. The…

Vulnerabilities

How Noob Website Hackers Can Become Persistent Threats

Issued by: Dark Reading

Tracking malicious hackers’ early activities using open source intelligence can offer substantial clues about the likelihood of their becoming a persistent threat in the future, two university researchers claimed in a report this week. That knowledge can help guide early intervention efforts to nudge fledgling hackers off their criminal trajectories, they noted. Christian Howell, assistant…

Vulnerabilities

Critical Vulnerability Impacts Over 120 Lexmark Printers

Issued by: Security Week

The issue, tracked as CVE-2023-23560 (CVSS score of 9.0), is described as a server-side request forgery (SSRF) flaw in the Web Services feature of newer Lexmark devices, which could be exploited to execute arbitrary code. “Successful exploitation of this vulnerability can lead to an attacker being able to remotely execute arbitrary code on a device,”…

Vulnerabilities

Pakistan hit by nationwide power outage, is it the result of a cyber attack?

Issued by: Security Affairs

On Monday, a nationwide blackout in Pakistan left millions of people in the darkness, and the authorities are investigating if it was caused by a cyberattack. The power outage impacted all the major cities in Pakistan. The good news is that authorities were able to restore power across Pakistan within 24 hours. “Pakistan‘s energy minister…

Vulnerabilities

P-to-P fraud most concerning cyber threat in 2023: CSI

Issued by: CSO Online

US financial institutions see peer-to-peer fraud and other digital fraud as the biggest cybersecurity concern in 2023. It was cited by 29% of respondents in a survey by Computer Systems Inc. (CSI), followed by data breaches (23%), ransomware (20%) and a breach at a third party (15%). Industry respondents also expressed concerns over identity theft…

Vulnerabilities

Experts released PoC exploit for critical Zoho ManageEngine RCE flaw

Issued by: Security Affairs

The CVE-2022-47966 flaw is an unauthenticated remote code execution vulnerability that impacts multiple Zoho products with SAML SSO enabled in the ManageEngine setup. The issue also impacts products that had the feature enabled in the past. The root cause of the problem is that ManageEngine products use an outdated third-party dependency, Apache Santuario. “This vulnerability…

Vulnerabilities

Critical bug in Cisco EoL Small Business Routers will receive no patch

Issued by: Security Affairs

Cisco is warning of a critical vulnerability, tracked as CVE-2023-20025 (CVSS score of 9.0), that impacts small business RV016, RV042, RV042G, and RV082 routers. The IT giant announced that these devices will receive no security updates to address the bug because they have reached end of life (EoL). The flaw is an authentication bypass issue…

Vulnerabilities

Synology fixes multiple critical vulnerabilities in its routers

Issued by: Security Affairs

Taiwanese NAS maker Synology published two new critical advisories in December. The first advisory is related to the most severe vulnerability addressed by the company, which is a critical out-of-bounds write issue, tracked as CVE-2022-43931 (CVSS3 Base Score10). The vulnerability resides in the Remote Desktop Functionality of Synology VPN Plus Server before 1.4.3-0534 and 1.4.4-0635….