Security News

Exploit released for critical VMware RCE vulnerability, patch now
2022-10-28 15:34

Proof-of-concept exploit code is now available for a pre-authentication remote code execution vulnerability allowing attackers to execute arbitrary code remotely with root privileges on unpatched Cloud Foundation and NSX Manager appliances. The flaw is in the XStream open-source library used by the two VMware products and was assigned an almost maximum CVSSv3 base score of 9.8/10 by VMware.

Google Issues Urgent Chrome Update to Patch Actively Exploited Zero-Day Vulnerability
2022-10-28 10:40

Google on Thursday rolled out emergency fixes to contain an actively exploited zero-day flaw in its Chrome web browser. The vulnerability, tracked as CVE-2022-3723, has been described as a type confusion flaw in the V8 JavaScript engine.

VMware Releases Patch for Critical RCE Flaw in Cloud Foundation Platform
2022-10-26 04:24

VMware on Tuesday shipped security updates to address a critical security flaw in its VMware Cloud Foundation product. "Due to an unauthenticated endpoint that leverages XStream for input serialization in VMware Cloud Foundation, a malicious actor can get remote code execution in the context of 'root' on the appliance," the company said in an advisory.

Cisco warns admins to patch AnyConnect flaws exploited in attacks
2022-10-25 20:55

Cisco warned customers today that two security vulnerabilities in the Cisco AnyConnect Secure Mobility Client for Windows are being exploited in the wild. [...]

Cisco warns admins to patch AnyConnect flaw exploited in attacks
2022-10-25 20:55

Cisco warned customers today that two security vulnerabilities in the Cisco AnyConnect Secure Mobility Client for Windows are being exploited in the wild. The AnyConnect Secure Mobility Client simplifies secure enterprise endpoint access and enables employees to work from anywhere while connected to a secure Virtual Private Network through Secure Sockets Layer and IPsec IKEv2.

Apple Releases Patch for New Actively Exploited iOS and iPadOS Zero-Day Vulnerability
2022-10-25 03:35

Tech giant Apple on Monday rolled out updates to remediate a zero-day flaw in iOS and iPadOS that it said has been actively exploited in the wild. The iPhone maker said it addressed the bug with improved bounds checking, while crediting an anonymous researcher for reporting the vulnerability.

Apache Commons Text RCE flaw — Keep calm and patch away
2022-10-19 14:13

A remote code execution flaw in the open-source Apache Commons Text library has some people worried that it could turn into the next Log4Shell. However, most cybersecurity researchers say it is...

Windows Mark of the Web bypass zero-day gets unofficial patch
2022-10-17 18:14

A free unofficial patch has been released through the 0patch platform to address an actively exploited zero-day flaw in the Windows Mark of the Web security mechanism. Windows automatically adds MotW flags to all documents and executables downloaded from untrusted sources, including files extracted from downloaded ZIP archives, using a special 'Zone.Id' alternate data stream.

Zimbra Releases Patch for Actively Exploited Vulnerability in its Collaboration Suite
2022-10-17 09:50

Zimbra has released patches to contain an actively exploited security flaw in its enterprise collaboration suite that could be leveraged to upload arbitrary files to vulnerable instances. Tracked as CVE-2022-41352, the issue affects a component of the Zimbra suite called Amavis, an open source content filter, and more specifically, the cpio utility it uses to scan and extract archives.

Fortinet urges admins to patch bug with public exploit immediately
2022-10-15 15:05

Fortinet urges customers to urgently patch their appliances against a critical authentication bypass FortiOS, FortiProxy, and FortiSwitchManager vulnerability exploited in attacks. The company released security updates to address the flaw last week and it also advised customers in private alerts to disable remote management user interfaces on affected devices "With the utmost urgency" to block attacks if they can't immediately patch.