Apple Confirms New Zero-Day Attacks on Older iPhones
This is the 16th documented in-the-wild zero-day exploitation of security defects in Apple’s iOS and macOS platforms so far this year. “Apple is aware of reports that an exploit for this issue exists in the wild,” the company said without elaborating. No other details of IOCs (indicators of compromise) were provided. The Cupertino, Calif. software…
Flaws in Nagios Network Management Product Can Pose Risk to Many Companies
The vulnerabilities were discovered by researchers at industrial cybersecurity firm Claroty as part of a research project focusing on the use of network management systems in IT, OT and IoT networks. The security holes have been found to impact Nagios XI, XI Switch Wizard, XI Docker Wizard, and XI WatchGuard. The vendor released patches for…
Google Working on Improving Memory Safety in Chrome
Over 70% of the severe bugs identified last year in Chrome were memory safety issues, namely “mistakes with pointers in the C or C++ languages,” and Google decided to tackle the problem before it becomes even more serious. Of the potential solutions, the Internet search giant decided to focus on two, namely introducing runtime checks…
U.S. Agencies Warn of APTs Exploiting Recent ADSelfService Plus Zero-Day
Tracked as CVE-2021-40539 and rated critical severity (CVSS score of 9.8), the vulnerability has been exploited since August 2021 to execute code remotely and take over vulnerable systems. Affecting the representational state transfer (REST) application programming interface (API) URLs of the self-service password management and single sign-on solution, the issue is an authentication bypass bug…
Mirai Botnet Starts Exploiting OMIGOD Flaw as Microsoft Issues More Guidance
Microsoft’s guidance was published just as researchers noticed that one of the vulnerabilities is already being exploited in the wild. It appears that the Mirai botnet is attempting to compromise vulnerable systems and that it also closes port 5896 (OMI SSL port) to keep other attackers out. An open-source Web-Based Enterprise Management (WBEM) implementation, OMI…
OMI vulnerabilities threaten Linux virtual machines on Azure
News has surfaced of a rather dangerous practice in Microsoft Azure, whereby when a user creates a Linux virtual machine and enables certain Azure services, the Azure platform automatically installs the Open Management Infrastructure (OMI) agent on the machine. The user won’t know it. Although a stealth installation might sound terrible on its face, this…
ICS Patch Tuesday: Siemens, Schneider Electric Address Over 40 Vulnerabilities
Siemens Siemens has released 21 new advisories and updated 25 previously published advisories. The new advisories cover 36 vulnerabilities, including five that have been assigned a critical severity rating. One of the critical flaws, with a CVSS score of 10, impacts the Desigo CC building management platform and the Cerberus danger management station (DMS). The…
SAP Patches Critical Vulnerabilities With September 2021 Security Updates
The most important of the newly released security notes patches a missing authorization check in SAP NetWeaver Application Server for Java. Tracked as CVE-2021-37535, the vulnerability has a CVSS score of 10. Two other critical vulnerabilities (CVSS score of 9.9) were addressed with Hot News security notes for NetWeaver. These include CVE-2021-38163, an unrestricted file…
Swiss Post Offers up to €230,000 for Critical Vulnerabilities in e-Voting System
The country introduced e-voting in 2003 on a limited basis, as part of ongoing tests, and earlier this year it disclosed the future Swiss e-voting system, in phases, to be able to implement any necessary improvements. The e-voting system is expected to deliver not only transparency, but also reliability, voting secrecy, and verifiability, while meeting…
WordPress 5.8.1 Patches Several Vulnerabilities
Users have been informed that the latest update includes three security fixes, including for a data exposure flaw related to the REST API, and a cross-site scripting (XSS) issue in the block editor. WordPress 5.8.1 also updates Lodash, a JavaScript library that provides utility functions for common programming tasks, to address security issues. These vulnerabilities…
