Vulnerabilities Archives - Page 19 of 85

The 3 Critical Elements You Need for Vulnerability Management Today

Issued by: Dark Reading

In a world increasingly dependent on technology, software sprawl is growing. Companies use custom-built software, open source software, and products from third-party providers when building applications. Through this software supply chain, the digital attack surface expands. Each software dependency can also open it up to potential attack as bugs are found in all types of…

Vulnerabilities

Microsoft fixes exploited zero-day in Windows CSRSS (CVE-2022-22047)

Issued by: Help Net Security

The July 2022 Patch Tuesday is upon us and has brought fixes for 84 CVEs in various Microsoft products, including an actively exploited zero-day: CVE-2022-22047, an elevation of privilege bug in Windows’ Client/Server Runtime Subsystem (CSRSS). “An attacker who successfully exploited this vulnerability could gain SYSTEM privileges,” Microsoft noted, but the attacker must first gain…

Vulnerabilities

Emergency Chrome 103 Update Patches Actively Exploited Vulnerability

Issued by: Security Week

The flaw, tracked as CVE-2022-2294, has been described as a heap buffer overflow in WebRTC. The security hole was reported to Google by a member of the Avast Threat Intelligence team on July 1. The zero-day has been patched with the release of Chrome 103.0.5060.114 for Windows. No information has been made available about the…

Vulnerabilities

Study Reveals Traditional Data Security Tools Have a 60% Failure Rate Against Ransomware and Extortion

Issued by: Dark Reading

Titaniam, Inc., the industry’s most advanced data security platform, announced today the ‘State of Data Exfiltration & Extortion Report.’ The survey revealed that while over 70% of organizations have an existing set of prevention, detection, and backup solutions, nearly 40% of organizations have been hit with ransomware attacks in the last year, and more than…

Vulnerabilities

Exchange Servers Backdoored Globally by SessionManager

Issued by: Dark Reading

Attackers once focused on exploiting ProxyLogon Microsoft Exchange server vulnerabilities have made a pivot to the new SessionManager backdoor, which can be used to gain persistent, undetected access to emails — and even take over the target organization’s infrastructure. Researchers from Kaspersky today report the emergence of SessionManager, which they say is part of a…

Vulnerabilities

MITRE Publishes 2022 List of 25 Most Dangerous Vulnerabilities

Issued by: Security Week

The 2022 CWE Top 25 Most Dangerous Software Weaknesses list contains the most common and impactful weaknesses, and is based on the analysis of nearly 38,000 CVE records from the previous two years. Out-of-bounds write and cross-site scripting (XSS) remain the two most dangerous vulnerabilities. Some of the most significant changes include race conditions moving…

Vulnerabilities

Log4Shell Vulnerability in VMware Leads to Data Exfiltration and Ransomware

Issued by: Trend Micro Blog

Trend Micro Research recently analyzed several cases of a Log4Shell vulnerability being exploited in certain versions of the software VMware Horizon. After investigating the chain of events, we found that many of these attacks resulted in data being exfiltrated from the infected systems. However, we also found that some of the victims were infected with…

Vulnerabilities

Windows Updates Patch Actively Exploited ‘Follina’ Vulnerability

Issued by: Security Week

The Follina vulnerability can and has been exploited for remote code execution using specially crafted documents. The root cause of the vulnerability has been known for at least a couple of years, but Microsoft appears to have largely ignored the issue until a researcher saw it being exploited in May. The first attacks leveraging Follina…

Vulnerabilities

DoS Vulnerability Allows Easy Envoy Proxy Crashes

Issued by: Dark Reading

Researchers have discovered a denial-of-service (DoS) vulnerability in Envoy Proxy, which gives attackers the opportunity to crash the proxy server. This could lead to performance degradation or unavailability of resources handled by the proxy, according to JFrog Security Research, which disclosed the vulnerability (CVE-2022-29225). Envoy is a widely used open source edge and service proxy…

Vulnerabilities

New CyberCatch Research Discovers Alarming Increase in Cyber Vulnerabilities for Small and Medium Sized Businesses in US and Canada

Issued by: Dark Reading

CyberCatch today announced the publication of its quarterly Small and Medium-Sized Businesses Vulnerabilities Report (SMBVR) for Q1 2022 to alert small and medium-sized businesses (SMBs) to an alarming rise in vulnerabilities detected in Internet-facing websites, servers and applications. Of greatest concern, CyberCatch’s SMBVR has detected – for the first time in the report’s history —…