Security News

Zyxel Releases Patch for Critical Firewall OS Command Injection Vulnerability
2022-05-13 01:16

Zyxel has moved to address a critical security vulnerability affecting Zyxel firewall devices that enables unauthenticated and remote attackers to gain arbitrary code execution. "A command injection vulnerability in the CGI program of some firewall versions could allow an attacker to modify specific files and then execute some OS commands on a vulnerable device," the company said in an advisory published Thursday.

CISA Urges Organizations to Patch Actively Exploited F5 BIG-IP Vulnerability
2022-05-12 06:47

The U.S. Cybersecurity and Infrastructure Security Agency has added the recently disclosed F5 BIG-IP flaw to its Known Exploited Vulnerabilities Catalog following reports of active abuse in the wild. "An attacker can use this vulnerability to do just about anything they want to on the vulnerable server," Horizon3.

Microsoft Releases Fix for New Zero-Day with May 2022 Patch Tuesday Updates
2022-05-11 09:06

Microsoft on Tuesday rolled out fixes for as many as 74 security vulnerabilities, including one for a zero-day bug that's being actively exploited in the wild. The updates are in addition to 36 flaws patched in the Chromium-based Microsoft Edge browser on April 28, 2022.

Microsoft May 2022 Patch Tuesday fixes 3 zero-days, 75 flaws
2022-05-10 17:37

Today is Microsoft's May 2022 Patch Tuesday, and with it comes fixes for three zero-day vulnerabilities, with one actively exploited, and a total of 75 flaws. Of the 75 vulnerabilities fixed in today's update, eight are classified as 'Critical' as they allow remote code execution or elevation of privileges.

Google Releases Android Update to Patch Actively Exploited Vulnerability
2022-05-08 19:52

Google has released monthly security patches for Android with fixes for 37 flaws across different components, one of which is a fix for an actively exploited Linux kernel vulnerability that came to light earlier this year. Tracked as CVE-2021-22600, the vulnerability is ranked "High" for severity and could be exploited by a local user to escalate privileges or deny service.

Exploits created for critical F5 BIG-IP flaw, install patch immediately
2022-05-08 16:35

Security researchers are warning F5 BIG-IP admins to immediately install the latest security updates after creating exploits for a recently disclosed critical CVE-2022-1388 remote code execution vulnerability. Last week, F5 disclosed a new critical remote code execution in BIG-IP networking devices tracked as CVE-2022-1388.

Week in review: F5 BIG-IP flaw, critical bugs in Aruba and Avaya network switches, Patch Tuesday forecast
2022-05-08 08:00

TLStorm 2.0: Critical bugs in widely-used Aruba, Avaya network switchesArmis researchers have discovered five critical vulnerabilities in the implementation of TLS communications in multiple models of network switches. Critical F5 BIG-IP flaw allows device takeover, patch ASAP!F5 Networks' BIG-IP multi-purpose networking devices/modules are vulnerable to unauthenticated remote code execution attacks via CVE-2022-1388.

May 2022 Patch Tuesday forecast: Look beyond just application and OS updates
2022-05-06 04:06

April Patch Tuesday provided an extensive set of operating system and application updates after a few quiet months. The IE 11 desktop application will continue to get security updates in Windows 8.1, Windows 7, and Windows Server LTSC until they reach their respective EOL dates.

Critical F5 BIG-IP flaw allows device takeover, patch ASAP! (CVE-2022-1388)
2022-05-05 10:57

F5 Networks' BIG-IP multi-purpose networking devices/modules are vulnerable to unauthenticated remote code execution attacks via CVE-2022-1388."This vulnerability may allow an unauthenticated attacker with network access to the BIG-IP system through the management port and/or self IP addresses to execute arbitrary system commands, create or delete files, or disable services," F5 warned yesterday.

QNAP Advises Users to Update NAS Firmware to Patch Apache HTTP Vulnerabilities
2022-04-22 01:15

Network-attached storage appliance maker QNAP on Thursday said it's investigating its lineup for potential impact arising from two security vulnerabilities that were addressed in the Apache HTTP server last month. The critical flaws, tracked as CVE-2022-22721 and CVE-2022-23943, are rated 9.8 for severity on the CVSS scoring system and impact Apache HTTP Server versions 2.4.52 and earlier -.