Kubernetes Cloud Clusters Face Cyberattacks via Argo Workflows
Misconfigured permissions for Argo’s web-facing dashboard allow unauthenticated attackers to run code on Kubernetes targets, including cryptomining containers.
Kubernetes clusters are being attacked via misconfigured Argo Workflows instances, security researchers...
16-Year-Old HP Printer-Driver Bug Impacts Millions of Windows Machines
The bug could allow cyberattackers to bypass security products, tamper with data and run code in kernel mode.
Researchers have released technical details on a high-severity privilege-escalation flaw in HP...
Top CVEs Trending with Cybercriminals
An analysis of criminal forums reveal what publicly known vulnerabilities attackers are most interested in.
Criminal small talk in underground forums offer critical clues about which known Common Vulnerabilities...
Critical Juniper Bug Allows DoS, RCE Against Carrier Networks
Telecom providers, including wireless carriers, are at risk of disruption of network service if the bug in SBR Carrier is exploited.
A critical remote code-execution vulnerability in Juniper Networks’ Steel-Belted...
Safari Zero-Day Used in Malicious LinkedIn Campaign
Researchers shed light on how attackers exploited Apple web browser vulnerabilities to target government officials in Western Europe.
Threat actors used a Safari zero-day flaw to send malicious links...
Windows Hello Bypass Fools Biometrics Safeguards in PCs
A Windows security bug would allow an attacker to fool a USB camera used in the biometric facial-recognition aspect of the system.
A vulnerability in Microsoft’s Windows 10 password-free authentication...
Apps Built Better: Why DevSecOps is Your Security Team’s Silver Bullet
Phil Richards, vice president and CSO at Ivanti, explains how organizations can design DevOps processes and systems to thwart cyberattacks.
Security should never be an afterthought when developing software and...
Adobe Patches 11 Critical Bugs in Popular Acrobat PDF Reader
Adobe July patch roundup includes fixes for its ubiquitous and free PDF reader Acrobat 2020 and other software such as Illustrator and Bridge.
Eleven critical bugs in Adobe’s...
Unpatched Critical RCE Bug Allows Industrial, Utility Takeovers
The ‘ModiPwn’ bug lays open production lines, sensors, conveyor belts, elevators, HVACs and more that use Schneider Electric PLCs.
A critical remote code-execution (RCE) vulnerability in Schneider Electric programmable logic...
Kaseya Patches Zero-Days Used in REvil Attacks
The security update addresses three VSA vulnerabilities used by the ransomware gang to launch a worldwide supply-chain attack on MSPs and their customers.
Kaseya made good on its promise to...
