Security News
CVE-2021-1675, a Windows Print Spooler vulnerability that Microsoft patched in June 2021, presents a much greater danger than initially thought: researchers have proved that it can be exploited to achieve remote code execution and - what's worse - PoC exploits have since been leaked. The Windows Print Spooler is an application / interface / service that interacts with local or networked printers and manages the printing process.
A security vulnerability in Cisco Adaptive Security Appliance that was addressed by the company last October, and again earlier this April, has been subjected to active in-the-wild attacks following the release of proof-of-concept exploit code. The PoC was published by researchers from cybersecurity firm Positive Technologies on June 24, following which reports emerged that attackers are chasing after an exploit for the bug.
Attackers and bug hunters are leveraging an exploit for CVE-2020-3580 to compromise vulnerable security devices running Cisco ASA or FTD software. Active attacks apparently started after Positive Technologies researchers shared proof-of-concept exploit code last Thursday via Twitter.
Researchers at Positive Technologies published the PoC for the bug on Thursday. Real-World Attacks for Cisco ASA. The Cisco ASA is a cybersecurity perimeter-defense appliance that combines firewall, antivirus, intrusion prevention and virtual private network capabilities, all meant to stop threats from making it onto corporate networks.
Soon after uploading the exploit, Jang received an email from Microsoft-owned GitHub stating that PoC exploit was removed as it violated the Acceptable Use Policies. GitHub faced immediate backlash from security researchers who felt that GitHub was policing the disclosure of legitimate security research simply because it was affecting a Microsoft product.
Threat actors are actively scanning for Internet-exposed VMware vCenter servers unpatched against a critical remote code execution vulnerability impacting all vCenter deployments and patched by VMware ten days ago. Attackers have previously mass scanned for unpatched vCenter servers after security researchers published PoC exploit code for another critical RCE security flaw also affecting all default vCenter installs.
Trend Micro on Thursday disclosed the details of a recently patched privilege escalation vulnerability that has been found to impact macOS, iOS and iPadOS. The flaw, tracked as CVE-2021-30724, was discovered by Trend Micro researcher Mickey Jin, and it was patched by Apple on May 24 with the release of macOS 11.4, iOS 14.6 and iPadOS 14.6. The vulnerability, caused by an out-of-bounds memory access issue, can allow a local attacker to elevate privileges by sending specially crafted requests.
A researcher has released a proof-of-concept exploit for CVE-2021-31166, a use-after-free, highly critical vulnerability in the HTTP protocol stack that could lead to wormable remote code execution. An exploit would allow RCE with kernel privileges or a denial-of-service attack.
A researcher has released a proof-of-concept exploit for a recently patched Windows vulnerability that could allow remote code execution and which has been described by Microsoft as wormable. The vulnerability affects the HTTP Protocol Stack and exploitation does not require authentication or user interaction.
Apple fixes four zero-days under attackA week after Apple patched a macOS zero-day exploited by Shlayer malware for months for months, the company has released new security updates for macOS, iOS, iPadOS and watch OS that plug four additional zero-days that "May have been actively exploited". Users increasingly putting password security best practices into playWhile there is awareness of password security best practices, there is still work to be done to put that awareness to full use, a Bitwarden survey reveals.