Working Exploit Is Out for VMware vCenter CVE-2021-22005 Flaw
The unredacted RCE exploit allows unauthenticated, remote attackers to upload files to the vCenter Server analytics service.
A fully working exploit for the critical CVE-2021-22005 remote code-execution (RCE) vulnerability in...
5 Steps to Securing Your Network Perimeter
Ekaterina Kilyusheva, head of the Information Security Analytics Research Group at Positive Technologies, offers a blueprint for locking up the fortress.
When it comes to security, some of tomorrow’s biggest...
Critical Cisco Bugs Allow Code Execution on Wireless, SD-WAN
Unauthenticated cyberattackers can also wreak havoc on networking device configurations.
Cisco is warning three critical security vulnerabilities affect its flagship IOS XE software, the operating system for most of its...
Exchange/Outlook Autodiscover Bug Spills $100K+ Email Passwords
Hundreds of thousands of email credentials, many of which double as Active Directory domain credentials, came through to credential-trapping domains in clear text.
Guardicore security researcher Amit Serper has...
100M IoT Devices Exposed By Zero-Day Bug
A high-severity vulnerability could cause system crashes, knocking out sensors, medical equipment and more.
A flaw in a widely used internet-of-things (IoT) infrastructure code left more than 100 million...
Unpatched Apple Zero-Day in macOS Finder Allows Code Execution
All a user needs to do is click on an email attachment, and boom – the code is silently executed without the victim knowing. It affects Big Sur and...
Netgear SOHO Security Bug Allows RCE, Corporate Attacks
The issue lies in a parental-control function that’s always enabled by default, even if users don’t configure for child security.
A high-severity security bug affecting several Netgear small office/home office...
Payment API Bungling Exposes Millions of Users’ Payment Data
Misconfigured APIs make any app risky, but when you’re talking about financial apps, you’re talking about handing ne’er-do-wells the power to turn your pockets inside-out.
App developers have once again...
Porn Problem: Adult Ads Persist on US Gov’t, Military Sites
Cities, states, federal and military agencies should patch the Laserfiche CMS post-haste, said the security researcher whose jaw dropped at 50 sites hosting porn and Viagra spam.
U.S. military...
Azure Zero-Day Flaws Highlight Lurking Supply-Chain Risk
Dubbed OMIGOD, a series of vulnerabilities in the Open Management Infrastructure used in Azure on Linux demonstrate hidden security threats, researchers said.
Four Microsoft zero-day vulnerabilities in the Azure cloud...