Security News

Exploits imminent for critical VMware vCenter CVE-2021-22005 bug
2021-09-24 18:04

Exploit code that could be used to achieve remote code execution on VMware vCenter Server vulnerable to CVE-2021-22005 is currently spreading online. Publicly disclosed earlier this week when VMware also addressed it, the bug comes with a critical severity rating of 9.8 and a strong recommendation to install the available patch.

Exploit code released for three iOS 0-days that Apple failed to patch
2021-09-24 11:13

Proof-of-concept exploit code for three iOS zero-day vulnerabilities was published on GitHub after Apple delayed patching and failed to credit the researcher.The researcher who found the four zero-days reported them to Apple between March 10 and May 4.

Hacking group used ProxyLogon exploits to breach hotels worldwide
2021-09-23 19:50

A newly discovered cyberespionage group has been targeting hotels worldwide around the world since at least 2019, as well as higher-profile targets such as governments, international organizations, law firms, and engineering companies. Slovakian internet security firm ESET spotted the hacking group and described it as an "Advanced persistent threat."

Cring Ransomware Gang Exploits 11-Year-Old ColdFusion Bug
2021-09-21 06:00

Unidentified threat actors breached a server running an unpatched, 11-year-old version of Adobe's ColdFusion 9 software in minutes to remotely take over control and deploy file-encrypting Cring ransomware on the target's network 79 hours after the hack. "Devices running vulnerable, outdated software are low-hanging-fruit for cyberattackers looking for an easy way into a target," Sophos principal researcher Andrew Brandt said.

Zero-Click iMessage Exploit
2021-09-17 11:09

Citizen Lab released a report on a zero-click iMessage exploit that is used in NSO Group’s Pegasus spyware. Apple patched the vulnerability; everyone needs to update their OS immediately. News...

Windows MSHTML zero-day exploits shared on hacking forums
2021-09-12 17:07

Threat actors are sharing Windows MSHTML zero-day tutorials and exploits on hacking forums, allowing other hackers to start exploiting the new vulnerability in their own attacks. Last Tuesday, Microsoft disclosed a new zero-day vulnerability in Windows MSHTML that allows threat actors to create malicious documents, including Office and RTF docs, to execute commands on a victim's computer remotely.

Patch now? Why enterprise exploits are still partying like it's 1999
2021-09-08 09:13

Eoin Keary, CEO and founder of Edgescan, told The Register that the oldest common vulnerability discovered in its latest quarterly vulnerability scans report dated back to 1999. Before we look at the why, let's explore some of the what: the old vulnerabilities that are still being used in very real world enterprise attacks to this day.

Cisco Issues Patch for Critical Enterprise NFVIS Flaw — PoC Exploit Available
2021-09-04 00:07

Cisco has patched a critical security vulnerability impacting its Enterprise Network Function Virtualization Infrastructure Software that could be exploited by an attacker to take control of an affected system. The network equipment maker said it's aware of a publicly available proof-of-concept exploit code targeting the vulnerability, but added it's not detected any successful weaponization attempts in the wild.

Conti ransomware now hacking Exchange servers with ProxyShell exploits
2021-09-03 13:21

The Conti ransomware gang is hacking into Microsoft Exchange servers and breaching corporate networks using recently disclosed ProxyShell vulnerability exploits. ProxyShell is the name of an exploit utilizing three chained Microsoft Exchange vulnerabilities that allow unauthenticated, remote code execution on unpatched vulnerable servers.

Patched: Critical bug with public PoC exploit in Cisco infrastructure virtualization software (CVE-2021-34746)
2021-09-03 09:23

A critical vulnerability that affects Cisco Enterprise NFV Infrastructure Software has been patched and Cisco is urging enterprise admins to quickly upgrade to a fixed version, as proof-of-concept exploit code is already available. The bug could be exploited by remote attackers to bypass authentication and log in to an affected device as an administrator.