Last week, researchers from Horizon3’s Attack Team announced the release of PoC exploit code for remote code execution in VMware vRealize Log tracked as CVE-2022-31706 (CVSS base 9.8/10). The PoC exploit code will trigger a series of flaws in VMware vRealize Log to achieve remote code execution on vulnerable installs. VMware Aria Operations for Logs…
We’ve recently seen substantial layoffs across the tech sector, to the tune of around 140,000 redundancies made by big names such as Amazon, Salesforce, Microsoft, and Tesla. As the recession bites, falling stock prices and further contraction in the market, together with merger and acquisition activity, are expected to force businesses to reduce head count…
SysKit, a SaaS software company, has published a report on the effects of digital transformation on IT admins and the current governance landscape. The survey found that 40% of companies experienced a data leak in the previous year, which can have severe consequences on an organization’s efficiency and result in large fines, downtime, and loss…
QNAP released QTS and QuTS firmware updates to address a critical vulnerability, tracked as CVE-2022-27596 (CVSS v3 score: 9.8), that affects QNAP NAS devices. A remote attacker can exploit the vulnerability to inject malicious code on QNAP NAS devices. The flaw is easy to exploit without user interaction or privileges on the vulnerable device. The…
U.S. government and industry authorities are warning the healthcare sector of a surge in distributed-denial-of-service attacks in recent days against hospitals and other medical entities instigated by Russian nuisance hacking group KillNet. The American Hospital Association on Monday issued an alert for its members based on a warning also issued Monday by the Department of…
A wealthy Russian businessman and associates made tens of millions of dollars by cheating the stock market in an elaborate scheme that involved hacking into U.S. computer networks to steal insider information about companies such as Microsoft and Tesla, a prosecutor told jurors on Monday. Vladislav Klyushin, the owner a Moscow-based information technology company with…
Tracking malicious hackers’ early activities using open source intelligence can offer substantial clues about the likelihood of their becoming a persistent threat in the future, two university researchers claimed in a report this week. That knowledge can help guide early intervention efforts to nudge fledgling hackers off their criminal trajectories, they noted. Christian Howell, assistant…
The issue, tracked as CVE-2023-23560 (CVSS score of 9.0), is described as a server-side request forgery (SSRF) flaw in the Web Services feature of newer Lexmark devices, which could be exploited to execute arbitrary code. “Successful exploitation of this vulnerability can lead to an attacker being able to remotely execute arbitrary code on a device,”…
At the end of November 2022, the Amsterdam police arrested a 25-year-old man from Almere who is suspected of having stolen or traded the personal data of tens of millions of people around the world. The investigation into the activity of the man was launched by the Austrian Federal Criminal Investigation Service which spotted the…
In 2022, we saw broad support behind federal privacy legislation in the US Congress. While the American Data Privacy Protection Act (ADPPA) did not see the president’s pen prior to the midterms, the fact that such a bill saw a committee vote in the House — approved 53–2, with bipartisan support — and both industry…
Experts released VMware vRealize Log RCE exploit for CVE-2022-31706
