Security News

Five critical remote code execution vulnerabilities in millions Aruba and Avaya devices can be exploited by cybercriminals to take full control of network switches commonly used in airports, hospitals, and hotels, according to Armis researchers. The flaws affect about 10 million devices across HPE's Aruba and Extreme Networks' Avaya switching portfolio, and have severity scores ranging from 9.0 to 9.8 out of 10.

Nimbuspwn bugs allow attackers to gain root privileges on some Linux machinesMicrosoft has unearthed two security vulnerabilities in the networkd-dispatcher daemon that may be exploited by attackers to gain root on many Linux endpoints, allowing them to deploy backdoors, malware, ransomware, or perform other malicious actions. The 15 most exploited vulnerabilities in 2021In 2021, threat actors aggressively exploited newly disclosed critical software vulnerabilities to hit a broad set of targets worldwide, says the latest advisory published by the US Cybersecurity and Infrastructure Security Agency.

Users of Synology and QNAP network-attached storage devices are advised to be on the lookout for patches for several critical vulnerabilities affecting Netatalk, an open-source implemention of the Apple Filing Protocol that allows Unix-like operating systems to serve file servers for Macs.Network-attached storage devices are usually used by small-to-medium businesses and home users for storing and sharing files and backups.

In 2021, threat actors aggressively exploited newly disclosed critical software vulnerabilities to hit a broad set of targets worldwide, says the latest advisory published by the US Cybersecurity and Infrastructure Security Agency. As you might have noticed due to the last few entries, attackers haven't stopped exploiting older publicly known software flaws.

Log4Shell, ProxyShell, ProxyLogon, ZeroLogon, and flaws in Zoho ManageEngine AD SelfService Plus, Atlassian Confluence, and VMware vSphere Client emerged as some of the top exploited security vulnerabilities in 2021. That's according to a "Top Routinely Exploited Vulnerabilities" report released by cybersecurity authorities from the Five Eyes nations Australia, Canada, New Zealand, the U.K., and the U.S. Other frequently weaponized flaws included a remote code execution bug in Microsoft Exchange Server, an arbitrary file read vulnerability in Pulse Secure Pulse Connect Secure, and a path traversal defect in Fortinet FortiOS and FortiProxy.

2021 included the detection and disclosure of 58 in-the-wild 0-days, the most ever recorded since Project Zero began tracking in mid-2014. While we often talk about the number of 0-day exploits used in-the-wild, what we're actually discussing is the number of 0-day exploits detected and disclosed as in-the-wild.

In partnership with the NSA and the FBI, cybersecurity authorities worldwide have released today a list of the top 15 vulnerabilities routinely exploited by threat actors during 2021. "U.S., Australian, Canadian, New Zealand, and UK cybersecurity authorities assess, in 2021, malicious cyber actors aggressively targeted newly disclosed critical software vulnerabilities against broad target sets, including public and private sector organizations worldwide," the advisory reads.

The U.S. Cybersecurity and Infrastructure Security Agency has added seven vulnerabilities to its list of actively exploited security issues, including those from Microsoft, Linux, and Jenkins. The 'Known Exploited Vulnerabilities Catalog' is a list of vulnerabilities known to be actively exploited in cyberattacks and required to be patched by Federal Civilian Executive Branch agencies.

Network-attached storage appliance maker QNAP on Thursday said it's investigating its lineup for potential impact arising from two security vulnerabilities that were addressed in the Apache HTTP server last month. The critical flaws, tracked as CVE-2022-22721 and CVE-2022-23943, are rated 9.8 for severity on the CVSS scoring system and impact Apache HTTP Server versions 2.4.52 and earlier -.

In this video for Help Net Security, Yotam Perkal, VP of Research at Rezilion, talks about the most critical vulnerabilities published during Q1 2022, and the relevant remediation and mitigation steps you need to take. The first quarter of 2022 was packed with new vulnerabilities, and some are still impacting organizations worldwide.