Vulnerabilities Archives - Page 32 of 85

Continuous Updates: Everything You Need to Know About the Kaseya Ransomware Attack

Issued by: Security Week

The attack appears to impact tens of Kaseya customers and hundreds of downstream businesses. The cybercrime group that launched the attack used the ransomware to encrypt files on compromised systems and they are hoping to earn tens of millions of dollars as a result. SecurityWeek is covering all the new information that emerges and here…

Vulnerabilities

Researcher Describes Potential Impact of Recently Patched SonicWall NSM Flaw

Issued by: Security Week

NSM is a firewall management application that provides the ability to monitor and manage all network security services from a single interface, as well as to automate tasks to improve security operations. The product is available for on-premises deployments or as a SaaS offering. Tracked as CVE-2021-20026 and featuring a CVSS score of 8.8, the…

Vulnerabilities

Microsoft Confirms ‘PrintNightmare’ is New Windows Security Flaw

Issued by: Security Week

Microsoft’s confirmation of a new, unpatched Windows Print Spooler bug comes days after researchers noticed that published proof-of-concept code for a different vulnerability was reliably exploiting fully patched Windows machines. Microsoft’s own misdiagnosis of a Print Spooler flaw that was just patched in June this year also added to the confusion. In a pre-patch advisory…

Vulnerabilities

XSS Vulnerability in Cisco Security Products Exploited in the Wild

Issued by: Security Week

Reports of in-the-wild exploitation emerged shortly after cybersecurity firm Positive Technologies released a proof-of-concept (PoC) exploit for the vulnerability tracked as CVE-2020-3580. Others also released PoC exploits shortly after. CVE-2020-3580 is one of the several XSS vulnerabilities patched in October 2020 by Cisco in its ASA and FTD products. Some of these flaws were reported…

Vulnerabilities

Old Vulnerability Exploited to Hack, Wipe WD Storage Devices

Issued by: Security Week

Victims said a factory reset had been initiated on their device, which resulted in all files being erased. Some users reported losing very important data. WD NAS device vulnerability exploitedOne post on the WD Community forum received more than 160 replies and it has been viewed nearly 15,000 times in just over 24 hours. A…

Vulnerabilities

UK Law Firm Gateley Discloses Data Breach

Issued by: Security Week

Gateley, which is listed on the London Stock Exchange (GTLY), said its IT team detected a breach from a “now known external source.” The firm took some systems offline after the intrusion was discovered, but said it quickly restored core systems. Based on the information collected by the company to date, it believes the impact…

Vulnerabilities

Reality Winner, NSA Contractor in Leak Case, Out of Prison

Issued by: Security Week

Reality Winner, 29, has been moved to home confinement and remains in the custody of the federal Bureau of Prisons, the person said. The person could not discuss the matter publicly and spoke to the AP on condition of anonymity. She pleaded guilty in 2018 to a single count of transmitting national security information. Winner…

Vulnerabilities

GitHub Discloses Details of Easy-to-Exploit Linux Vulnerability

Issued by: Security Week

The flaw, classified as high severity and tracked as CVE-2021-3560, impacts polkit, an authorization service that is present by default in many Linux distributions. The security hole was discovered by Kevin Backhouse of the GitHub Security Lab. On Thursday, the researcher published a blog post detailing his findings, as well as a video showing the…

Vulnerabilities

Google Patches Chrome Zero-Day Used by Commercial Exploit Company

Issued by: Security Week

Ten of the issues were reported by external security researchers: one rated critical severity, seven high severity, and two medium severity. All are patched in Chrome 91.0.4472.101 for Windows, Mac and Linux. The most severe of these is CVE-2021-30544, a critical use-after-free bug that impacts BFCache, a browser optimization meant to enable instant back and…

Vulnerabilities

Intel Releases 29 Advisories to Describe 73 Vulnerabilities Affecting Its Products

Issued by: Security Week

According to Intel, more than half of the bugs were discovered internally and 40% were reported through its bug bounty program. The newly addressed issues represent more than half of the 132 potential vulnerabilities the company patched since the beginning of 2021 — 56 of them in graphics, networking, and Bluetooth components. The most severe…