Security News

Got a Lenovo laptop? You might need to do a swift bit of patching judging by the latest set of vulnerabilities uncovered by security researchers at ESET. Three vulnerabilities were reported today: CVE-2021-3970, CVE-2021-3971, and CVE-2021-3972."UEFI threats can be extremely stealthy and dangerous," said ESET researcher Martin Smolár, who discovered the vulnerabilities.

From an operational risk/maintenance perspective, 85% of the 2,097 codebases contained open source that was more than four years out-of-date. Assessed codebases show open source vulnerabilities are decreasing overall.

CISA adds 8 known security vulnerabilities as priorities to patch. The Cybersecurity & Infrastructure Security Agency, or CISA, maintains a database of known security vulnerabilities.

The updates are in addition to 26 other flaws resolved by Microsoft in its Chromium-based Edge browser since the start of the month. The actively exploited flaw relates to an elevation of privilege vulnerability in the Windows Common Log File System.

Invicti Security released a research which reveals a rise in severe web vulnerabilities and the need for executive leaders to intertwine their application security and digital transformation efforts to reduce risk. The report examines web vulnerabilities from over 939 customers worldwide and was derived from the largest data set yet, with more than 23 billion security checks executed on customer applications uncovering over 282,000 direct-impact vulnerabilities.

VMware has released security updates to patch eight vulnerabilities spanning its products, some of which could be exploited to launch remote code execution attacks. Credited with reporting all the vulnerabilities is Steven Seeley of Qihoo 360 Vulnerability Research Institute.

VMware has warned customers to immediately patch critical vulnerabilities in multiple products that threat actors could use to launch remote code execution attacks. "This critical vulnerability should be patched or mitigated immediately per the instructions in VMSA-2021-0011. The ramifications of this vulnerability are serious," VMware warned on Wednesday.

It's been almost a week since the Spring4Shell vulnerability came to light and since the Spring development team fixed it in new versions of the Spring Framework. We might not have all the facts: The US Cybersecurity and Infrastructure Agency has added Spring4Shell to their Known Exploited Vulnerabilities Catalog on Monday.

Rapid7 announced the release of a report examining the 50 most notable security vulnerabilities and high-impact cyberattacks in 2021. Researchers analyze thousands of vulnerabilities each year to understand root causes, dispel misconceptions, and share information on why certain flaws are more likely to be exploited than others.

The Cybersecurity and Infrastructure Security Agency has added a massive set of 66 actively exploited vulnerabilities to its catalog of 'Known Exploited Vulnerabilities. The new set of 66 actively exploited vulnerabilities published by CISA spans disclosure dates between 2005 and 2022, covering a broad spectrum of software and hardware types and versions.