Technical Advisory – Multiple Vulnerabilities in U-Boot (CVE-2022-30790, CVE-2022-30552)
By Nicolas Bidron, and Nicolas Guigo.
U-boot is a popular boot loader for embedded systems with implementations for a large number of architectures and prominent in most Linux based embedded...
The Ultimate SaaS Security Posture Management (SSPM) Checklist
As one might expect, not all SSPM solutions are created equal. Monitoring, alerts, and remediation should sit at the heart of your SSPM solution. They ensure that any vulnerabilities...
Scammers Target NFT Discord Channel
Hackers escalate phishing and scamming attacks to exploit popular Discord bot and persuade users to click on the malicious links.
Discord a public chat application designed for gamers has grown...
The Challenge Digital Executive Protection Poses to Enterprise Security Teams
CISOs do heroic work protecting their executives when inside the organization’s four walls. But risks originating in personal digital lives present a challenge that enterprise security teams cannot solve,...
Microsoft Releases Workaround for ‘One-Click’ 0Day Under Active Attack
Threat actors already are exploiting vulnerability, dubbed ‘Follina’ and originally identified back in April, to target organizations in Russia and Tibet, researchers said.
Microsoft has released a workaround for a...
ChromeLoader Browser Hijacker Provides Gateway to Bigger Threats
The malvertiser’s use of PowerShell could push it beyond its basic capabilities to spread ransomware, spyware or steal data from browser sessions, researchers warn.
ChromeLoader may seem on the surface...
Critical Flaws in Popular ICS Platform Can Trigger RCE
Cisco Talos discovered eight vulnerabilities in the Open Automation Software, two of them critical, that pose risk for critical infrastructure networks.
Critical flaws in a popular platform used by industrial...
Zoom Patches ‘Zero-Click’ RCE Bug
The Google Project Zero researcher found a bug in XML parsing on the Zoom client and server.
Zoom patched a medium-severity flaw, advising Windows, macOS, iOS and Android users to...
Technical Advisory – SerComm h500s – Authenticated Remote Command Execution (CVE-2021-44080)
Current Vendor: SerComm
Vendor URL: https://www.sercomm.com
Systems Affected: SerComm h500s
Versions affected: lowi-h500s-v3.4.22
Authors: Diego Gómez Marañón & @rsrdesarrollo
CVE Identifier: CVE-2021-44080
Risk: 6.6(Medium)- AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H
Summary
The h500s is a router device manufactured by SerComm and packaged...
Critical Vulnerability in Premium WordPress Themes Allows for Site Takeover
Privilege escalation flaw discovered in the Jupiter and JupiterX Core Plugin affects more than 90,000 sites.
A critical privilege escalation flaw found in two themes used by more than 90,000...