Security News

NET Core remote code execution vulnerability in PowerShell 7 caused by how text encoding is performed in. PowerShell provides a command-line shell, a framework, and a scripting language focused on automation for processing PowerShell cmdlets.

A proof-of-concept exploit related to a remote code execution vulnerability affecting Windows Print Spooler and patched by Microsoft earlier this month was briefly published online before being taken down. The Windows maker addressed the vulnerability as part of its Patch Tuesday update on June 8, 2021.

The Secure Remote Access product of industrial cybersecurity firm Claroty is affected by a vulnerability that could be useful to threat actors targeting industrial organizations. Claroty SRA is a secure remote access solution specifically built for OT environments, including in terms of operational, administrative and security needs.

Western Digital on Tuesday confirmed that the recent attacks targeting some of its older network-attached storage devices involved the exploitation of a zero-day vulnerability. The attacks came to light last week, with many owners of My Book Live and My Book Live Duo devices reporting on the WD Community forum that a factory reset had been initiated on their devices, which resulted in all files being erased.

A security researcher has disclosed the details of a vulnerability that can be exploited to take over virtual machines on Google Cloud Platform. Rad decided to disclose the vulnerability due to Google's failure to fix the issue and provide information on its progress.

A cross-site scripting vulnerability patched last year in Cisco's Adaptive Security Appliance and Firepower Threat Defense software has reportedly been exploited in the wild. Reports of in-the-wild exploitation emerged shortly after cybersecurity firm Positive Technologies released a proof-of-concept exploit for the vulnerability tracked as CVE-2020-3580.

Hackers are scanning for and actively exploiting a vulnerability in Cisco ASA devices after a PoC exploit was published on Twitter. This Cisco ASA vulnerability is cross-site scripting vulnerability that is tracked as CVE-2020-3580.

Many owners of My Book Live and My Book Live Duo network-attached storage devices made by Western Digital reported having their files wiped, and it seems that it's the result of an attack exploiting an old vulnerability. Victims said a factory reset had been initiated on their device, which resulted in all files being erased.

VMware this week announced the availability of patches for an authentication bypass vulnerability in VMware Carbon Black App Control running on Windows machines. Carbon Black App Control is designed to improve the security of servers and other critical systems by locking them down to prevent unauthorized tampering.

Linux marketplaces that are based on the Pling platform are impacted by a cross-site scripting vulnerability and potentially exposed to supply chain attacks, according to German cybersecurity consultancy Positive Security. Positive Security co-founder Fabian Bräunlein discovered that all Pling-based marketplaces are impacted by a wormable XSS that potentially opens the door for supply chain attacks.