‘Azurescape’ Kubernetes Attack Allows Cross-Container Cloud Compromise
A chain of exploits could allow a malicious Azure user to infiltrate other customers’ cloud instances within Microsoft’s container-as-a-service offering.
A critical security vulnerability allowing attackers to perform cross-account container...
Microsoft, CISA Urge Mitigations for Zero-Day RCE Flaw in Windows
Attackers are actively attempting to exploit a vulnerability in MSHTML that allows them to craft a malicious ActiveX control to be used by Microsoft Office files.
Both Microsoft and federal...
Spoofing Bug Highlights Cybersecurity for Digital Vaccine Passports
Australian immunization app bug lets attackers fake vaccine status.
Three weeks after an independent researcher found a critical bug in the Services Australia COVID-19 digital vaccine certificate that would allow...
Netgear Smart Switches Open to Complete Takeover
The Demon’s Cries, Draconian Fear and Seventh Inferno security bugs are high-severity entryways to corporate networks.
Three severe Netgear vulnerabilities, codenamed Demon’s Cries, Draconian Fear and Seventh Inferno by the...
Jenkins Hit as Atlassian Confluence Cyberattacks Widen
Patch now: The popular biz-collaboration platform is seeing mass scanning and exploitation just two weeks after a critical RCE bug was disclosed.
A just-patched, critical remote code-execution (RCE) vulnerability in...
Google Play Sign-Ins Allow Covert Location-Tracking
A design flaw involving Google Timeline could allow someone to track another device without installing a stalkerware app.
It’s possible to track someone’s user location via Google Play sign-ins, a...
Bluetooth Bugs Open Billions of Devices to DoS, Code Execution
The BrakTooth set of security vulnerabilities impacts at least 11 vendors’ chipsets.
Researchers have disclosed a group of 16 different vulnerabilities collectively dubbed BrakTooth, which impact billions of devices that...
Technical Advisory – New York State Excelsior Pass Vaccine Passport Credential Forgery
Vendor: New York State
Vendor URL: https://play.google.com/store/apps/details?id=gov.ny.its.healthpassport.wallet
Versions affected: 1.2.0
Systems Affected: Android Google Play Store
Author: Siddarth Adukia sid.adukianccgroupcom
Summary
New York State developed an application called NYS Excelsior Pass Wallet that allows users...
Technical Advisory – New York State Excelsior Pass Vaccine Passport Scanner App Sends Data...
Vendor: New York State
Vendor URL: https://covid19vaccine.health.ny.gov/excelsior-pass
Versions affected: iOS 1.4.1, Android 1.4.1
Systems Affected: iOS, Android
Author: Dan Hastings dan.hastingsnccgrouptrust
Advisory URL / CVE Identifier:
Risk: Information Leakage
Summary
The New York State (NYS) Excelsior scanner...
Gutenberg Template Library & Redux Framework Bugs Plague WordPress Sites
Two vulnerabilities in the site-building plugin could be useful tools in the hands of a skilled attacker, researchers warned.
Two vulnerabilities have been found in the Gutenberg Template Library &...