IBM Cloud Supply Chain Vulnerability Showcases New Threat Class
A vulnerability in IBM Cloud databases for PostgreSQL could have allowed attackers to launch a supply chain attack on cloud customers by breaching internal IBM Cloud services and disrupting...
Google TAG Warns on Emerging Heliconia Exploit Framework for RCE
Google's Threat Analysis Group (TAG) has discovered a cyberattack framework dubbed Heliconia, built to exploit zero-day and n-day vulnerabilities in Chrome, Firefox, and Microsoft Defender. It likely has connections...
CyberRatings.org Revives NSS Labs Research
AUSTIN, Texas, Nov. 29, 2022
/PRNewswire/ — CyberRatings.org, the nonprofit entity dedicated to
providing transparency on cybersecurity product efficacy, has launched
The NSS Labs archive, a library of over 800 test reports,...
Critical Quarkus Flaw Threatens Cloud Developers With Easy RCE
A critical remote code-execution (RCE) bug in an open source Java virtual machine (JVM) framework threatens enterprise environments by giving attackers an easy way to compromise development teams —...
New Exploit Broker on the Scene Pays Premium for Signal App Zero-Days
Gray-market exploit brokers are alive and kicking, with the latest sign of this flourishing market coming in the form of a bidding war for Signal messaging app zero-days from...
Cyberattackers Selling Access to Networks Compromised via Recent Fortinet Flaw
Fortinet customers that have not yet patched a critical authentication bypass vulnerability that the vendor disclosed in October in multiple versions of its FortiOS, FortiProxy, and FortiSwitch Manager technologies...
Acer Firmware Flaw Lets Attackers Bypass Key Security Feature
Acer is working to fix a firmware flaw affecting five of its laptop models. An exploit could allow attackers to disable a machine's Secure Boot settings to bypass key security...
Killnet Gloats About DDoS Attacks Downing Starlink, White House
Killnet and its band of hacker collaborators are claiming they were able to pull off a trio of symbolic distributed denial-of-service (DDoS) attacks aimed at punishing some of the most...
The Metaverse Could Become a Top Avenue for Cyberattacks in 2023
A combination of maturing and emerging consumer-facing cyber threats could add to the many challenges that enterprise security teams will need to contend with in 2023.Researchers at Kaspersky, looking...
Oracle Fusion Middleware Flaw Flagged by CISA
A critical bug in Oracle's Fusion Middleware Access Manager has landed on the Cybersecurity and Infrastructure Security Agency's list of known exploited vulnerabilities. The critical flaw, tracked under CVE-2021-35587, could...
