Vulnerabilities Archives - Page 24 of 85

Details Disclosed for Recent Vulnerabilities in SonicWall Remote Access Appliances

Issued by: Security Week

The impacted devices include the SMA 200, 210, 400, 410, and 500 edge network access control systems that have the Web Application Firewall (WAF) enabled. The most severe of these vulnerabilities is CVE-2021-20038 (CVSS score of 9.8), an unauthenticated stack-based buffer overflow that could lead to remote code execution (RCE) as the ‘nobody’ user. “The…

Vulnerabilities

Adobe Patches Reader Flaws That Earned Hackers $150,000 at Chinese Contest

Issued by: Security Week

Of the 26 security holes fixed in the Windows and macOS versions of Acrobat and Reader, 16 have been assigned a “critical” severity rating (high severity based on their CVSS score), and a majority are memory-related issues that can be exploited for arbitrary code execution. Four of these critical vulnerabilities — CVE-2021-44704 through CVE-2021-44707 —…

Application Security, Cloud Security, Vulnerabilities

VMware Plugs Security Holes in Workstation, Fusion and ESXi

Issued by: Security Week

Tracked as CVE-2021-22045 (CVSS score of 7.7), the security vulnerability exists in the CD-ROM device emulation function of Workstation, Fusion and ESXi. In an advisory, VMWare said the security defect could be exploited by attackers with access to a virtual machine that has CD-ROM device emulation enabled. An attacker capable of combining the security error…

Vulnerabilities

Chinese Spies Exploit Log4Shell to Hack Major Academic Institution

Issued by: Security Week

Tracked as CVE 2021-44228 and also referred to as Log4Shell and LogJam, the security hole affects the Apache Log4j Java logging framework and has been exploited in targeted attacks since early December. As part of a recent campaign, the OverWatch security researchers observed Aquatic Panda leveraging a modified version of the Log4j exploit for initial…

Vulnerabilities

Albanian Prime Minister Apologizes Over Database Leak

Issued by: Security Week

A file containing the personal identity card numbers, employment and salary data of some 637,000 people became public this week and was widely shared through messaging apps. Prime Minister Edi Rama said the leak is being investigated. “According to a preliminary analysis, it looks more like an internal infiltration rather than an outside … cyber-attack,”…

Vulnerabilities

New Flaws Expose EVlink Electric Vehicle Charging Stations to Remote Hacking

Issued by: Security Week

Schneider announced the availability of patches on December 14, when it urged customers to immediately apply patches or mitigations. The flaws have been found to impact EVlink City (EVC1S22P4 and EVC1S7P4), Parking (EVW2, EVF2 and EVP2PE) and Smart Wallbox (EVB1A) devices, as well as some products that have reached end of life. The vendor has…

Vulnerabilities

400,000 Individuals Affected by Email Breach at West Virginia Healthcare Company

Issued by: Security Week

Mon Health says it became aware of the intrusion on July 28, when a vendor notified it of a payment that had not come through. An investigation launched into the matter revealed that adversaries likely had unauthorized access to the email system between May 10 and August 15, 2021. As part of the incident, cybercriminals…

Vulnerabilities

Log4Shell is a dumpster fire that should have been avoided

Issued by: Help Net Security

On Thursday, December 9, 2021, my young, Minecraft-addicted kids were still completely oblivious of the Log4j vulnerabilities in their favorite game. Then again, so was every cybersecurity professional in the world. That all changed when the Apache Log4j project announced CVE-2021-44228 (aka Log4Shell) – a zero-day vulnerability in Log4j’s standardized method of handling log files…

Vulnerabilities

Corellium Lands $25 Million Investment for Virtualization Tech

Issued by: Security Week

Corellium, a Florida-based company with its roots in the iPhone jailbreaking community, said the $25 million Series A also included investments from Cisco investments and other strategic investors. Corellium LogoThe money comes exactly a year after a federal judge dismissed Apple’s copyright lawsuit against Corellium and the two sides reached a settlement on another matter…

Vulnerabilities

Facebook Will Reward Researchers for Reporting Scraping Bugs

Issued by: Security Week

As part of its bug bounty program, the company will pay monetary rewards to security researchers who discover flaws that allow attackers to bypass existing scraping limitations and gain access to data at scale. Scrapers – including malicious apps, scripts, and websites – constantly adapt to evade detection, and Facebook says it is seeking ways…