vulnerabilities Archives - Page 11 of 63

Engineering Workstations Used as Initial Access Vector in Many ICS/OT Attacks: Survey

Issued by: Security Week

The 2022 OT/ICS Cybersecurity Report (PDF) is based on a survey of 332 individuals representing organizations of all sizes across every continent. Less than 11% of respondents said they had experienced a cyber intrusion in the last year, down from 15% in 2021, and 24% were confident that their systems were not breached, up from…

Malware & Threats

VMware Warns of Exploit for Recent NSX-V Vulnerability

Issued by: Security Week

An end-of-life (EOL) product installed as a plug-in to VMware vCenter Server, NSX-V is a network virtualization solution offering networking and security functionality, including VPN, logical switching and routing, and more. The product is bundled within VMware Cloud Foundation. Last week, VMware announced the availability of patches for CVE-2021-39144 (CVSS score of 9.8), an RCE…

Application Security, Software Security

CNC Machines Vulnerable to Hijacking, Data Theft, Damaging Cyberattacks

Issued by: Security Week

Trend Micro is presenting the research this week at SecurityWeek’s 2022 ICS Cyber Security Conference in Atlanta, which can also be joined online via SecurityWeek’s virtual event platform. Registration for the event is still open. CNC machines can be programmed to carry out a wide range of tasks with a high level of efficiency, consistency…

Mobile Security

Apple Fixes Exploited Zero-Day With iOS 16.1 Patch

Issued by: Security Week

The Cupertino device maker confirmed the active exploitation of CVE-2022-42827, warning in a barebones advisory that the flaw exposes iPhones and iPads to arbitrary code execution attacks. “An application may be able to execute arbitrary code with kernel privileges. Apple is aware of a report that this issue may have been actively exploited,” Apple said…

Vulnerabilities

CISA Tells Organizations to Patch Linux Kernel Vulnerability Exploited by Malware

Issued by: Security Week

The vulnerability is tracked as CVE-2021-3493 and it’s related to the OverlayFS file system implementation in the Linux kernel. It allows an unprivileged local user to gain root privileges, but it only appears to affect Ubuntu. CVE-2021-3493 has been exploited in the wild by a stealthy Linux malware named Shikitega, which researchers at AT&T Alien…

Vulnerabilities

WordPress Security Update 6.0.3 Patches 16 Vulnerabilities

Issued by: Security Week

WordPress 6.0.3 fixes nine stored and reflected cross-site scripting (XSS) vulnerabilities, as well as open redirect, data exposure, cross-site request forgery (CSRF), and SQL injection flaws. WordPress security company Defiant has shared a description of each vulnerability. Four of them have a ‘high severity’ rating, and the rest have ‘medium’ or ‘low’ severity. “We have…

Vulnerabilities

Zoom for macOS Contains High-Risk Security Flaw

Issued by: Security Week

The vulnerability, which carries a CVSS severity score of 7.3/10, is documented as a debugging port misconfiguration that is opened by the Zoom client on macOS machines. Details from Zoom’s advisory: Zoom Client for Meetings for macOS (Standard and for IT Admin) starting with 5.10.6 and prior to 5.12.0 contains a debugging port misconfiguration. When…

Vulnerabilities

Flaw in Microsoft OME Could Lead to Leakage of Encrypted Data

Issued by: Security Week

Issues with ECB are not unknown. In its Announcement of Proposal to Revise Special Publication 800-38A, NIST wrote, “The ECB mode encrypts plaintext blocks independently, without randomization; therefore, the inspection of any two ciphertext blocks reveals whether or not the corresponding plaintext blocks are equal… the use of ECB to encrypt confidential information constitutes a…

Vulnerabilities

Chrome 106 Update Patches Several High-Severity Vulnerabilities

Issued by: Security Week

All the newly resolved vulnerabilities were discovered by external researchers and the internet giant has handed out $38,000 in bug bounty rewards to the reporters. Based on the bug bounty amounts that Google has paid out, the most severe of the newly addressed flaws is CVE-2022-3445, a use-after-free vulnerability in Skia, the open-source 2D graphics…

Vulnerabilities

Cisco Patches High-Severity Vulnerabilities in Communications, Networking Products

Issued by: Security Week

The company has informed customers that its Expressway series and TelePresence Video Communication Server software is affected by two high-severity vulnerabilities. One of them, tracked as CVE-2022-20814 and related to improper certificate validation, can allow a remote, unauthenticated attacker to access sensitive data through a man-in-the-middle attack. Successful exploitation of the flaw can result in…