Security Research Archives - Cyber Security Minute

Experts released VMware vRealize Log RCE exploit for CVE-2022-31706

Issued by: Security Affairs

Last week, researchers from Horizon3’s Attack Team announced the release of PoC exploit code for remote code execution in VMware vRealize Log tracked as CVE-2022-31706 (CVSS base 9.8/10). The PoC exploit code will trigger a series of flaws in VMware vRealize Log to achieve remote code execution on vulnerable installs. VMware Aria Operations for Logs…

Cloud Security

devOcean Emerges From Stealth With Cloud-Native Security Operations Platform

Issued by: Security Week

The Israel-based startup was founded in 2021 by former CyberArk GMs of security research and innovation, Doron Naim and Gil Makmel, who now serve as CEO and CTO, respectively. At the moment, the company has 15 employees. devOcean says its Security-as-a-Service (SaaS) platform collects insights from all cloud and security tools to provide information on…

Vulnerabilities

Potential RCE Flaw Patched in PyPI’s GitHub Repository

Issued by: Security Week

On Friday, security researcher RyotaK published information on three vulnerabilities in PyPI, one of which could potentially lead to the compromise of the entire PyPI ecosystem. Python Package Index (PyPI) is the official third-party software repository for the Python programming language, with some package managers using it as the default source for packages and dependencies….

Vulnerabilities

Google Patches Chrome Zero-Day Used by Commercial Exploit Company

Issued by: Security Week

Ten of the issues were reported by external security researchers: one rated critical severity, seven high severity, and two medium severity. All are patched in Chrome 91.0.4472.101 for Windows, Mac and Linux. The most severe of these is CVE-2021-30544, a critical use-after-free bug that impacts BFCache, a browser optimization meant to enable instant back and…

Malware & Threats

Cybersecurity Community Unhappy With GitHub’s Proposed Policy Updates

Issued by: Security Week

The community has been asked to provide feedback until June 1 on proposed clarifications regarding exploits and malware hosted on GitHub. “Our policy updates focus on the difference between actively harmful content, which is not allowed on the platform, and at-rest code in support of security research, which is welcome and encouraged. These updates also…

Malware & Threats

Ransomware Took Heavy Toll on US in 2020: Researchers

Issued by: Security Week

The study released Monday by the security firm Emsisoft said ransomware attacks — which encrypt and disable computer systems while demanding a ransom — affected 113 federal, state and municipal governments, 560 health facilities and 1,681 schools, colleges and universities last year. “The attacks caused significant, and sometimes life-threatening, disruption: ambulances carrying emergency patients had…

Vulnerabilities

Cisco Webex Vulnerability Allows Ghost Access to Meetings

Issued by: Security Week

Identified by IBM’s security researchers, the Webex flaws could allow attackers to join meetings as ghosts (without being seen by other participants), remain in the meeting as a ghost after being expelled, and access information on meeting attendees (names, email addresses and IP addresses). Tracked as CVE-2020-3419, the first of the issues impacts both Webex…

Vulnerabilities

Serious Vulnerabilities Patched in Chrome, Firefox

Issued by: Security Week

Google included a total of 32 security fixes in Chrome 81, which was finally promoted to the stable channel, after the current COVID-19 pandemic forced the Internet giant to delay stable releases and roll back some of the recently introduced protections in Chrome. Twenty-three of the patches fix vulnerabilities reported by external security researchers, including…