Microsoft Faces Wormable, Critical RCE Bug & 6 Zero-Days
The large January 2022 Patch Tuesday update covers nine critical CVEs, including a self-propagator with a 9.8 CVSS score.
Microsoft has addressed a total of 97 security vulnerabilities in...
Here’s REALLY How to Do Zero-Trust Security
It’s not about buying security products! Joseph Carson, chief security scientist from ThycoticCentrify, offers practical steps to start the zero-trust journey.
Zero-trust is without a doubt the new buzzword of...
MacOS Bug Could Let Creeps Snoop On You
The flaw could allow attackers to bypass Privacy preferences, giving apps with no right to access files, microphones or cameras the ability to record you or grab...
Critical SonicWall NAC Vulnerability Stems from Apache Mods
Researchers offer more detail on the bug, which can allow attackers to completely take over targets.
Rapid7 has offered up more details on a SonicWall critical flaw that allows for...
WordPress Bugs Exploded in 2021, Most Exploitable
Record-number WordPress plugin vulnerabilities are wicked exploitable even with low CVSS scores, leaving security teams blind to their risk.
Last year brought forth much more than a Ben Affleck-Jennifer...
URL Parsing Bugs Allow DoS, RCE, Spoofing & More
Dangerous security bugs stemming from widespread inconsistencies among 16 popular third-party URL-parsing libraries could affect a wide swath of web applications.
Eight different security vulnerabilities arising from inconsistencies among 16...
Cyberattackers Hit Data of 80K Fertility Patients
Fertility Centers of Illinois’ security measures protected electronic medical records, but the attackers still got at extremely intimate data in admin files.
The protected health information of nearly 80,000 patients...
Log4J-Related RCE Flaw in H2 Database Earns Critical Rating
Critical flaw in the H2 open-source Java SQL database are similar to the Log4J vulnerability, but do not pose a widespread threat.
Researchers discovered a bug related to the Log4J...
Attackers Exploit Flaw in Google Docs’ Comments Feature
A wave of phishing attacks identified in December targeting mainly Outlook users are difficult for both email scanners and victims to flag, researchers said.
Attackers are using the “Comments” feature...
Partially Unpatched VMware Bug Opens Door to Hypervisor Takeover
ESXi version 7 users are still waiting for a full fix for a high-severity heap-overflow security vulnerability, but Cloud Foundation, Fusion and Workstation users can go ahead and patch....