Azure Zero-Day Flaws Highlight Lurking Supply-Chain Risk
Dubbed OMIGOD, a series of vulnerabilities in the Open Management Infrastructure used in Azure on Linux demonstrate hidden security threats, researchers said.
Four Microsoft zero-day vulnerabilities in the Azure cloud...
Ninja Forms WordPress Plugin Bug Opens Websites to Hacks
The popular plugin is installed on more than 1 million websites, and has four flaws that allow various kinds of serious attacks, including site takeover and email hijacking.
Click to...
Open Redirect Flaw Snags Amex, Snapchat User Data
Separate phishing campaigns targeting thousands of victims impersonate FedEx and Microsoft, among others, to trick victims.
Attackers are exploiting a well-known open redirect flaw to phish people’s credentials and personally...
APT ‘Aquatic Panda’ Targets Universities with Log4Shell Exploit Tools
Researchers from CrowdStrike disrupted an attempt by the threat group to steal industrial intelligence and military secrets from an academic institution.
Cyber criminals, under the moniker Aquatic Panda, are the...
Fuzz Off: How to Shake Up Code to Get It Right – Podcast
Is fuzzing for the cybersec elite, or should it be accessible to all software developers? FuzzCon panelists say join the party as they share fuzzing wins & fails.
LAS...
October Patch Tuesday: Microsoft Patches Critical, Wormable RCE Bug
There were 11 critical bugs and six that were unpatched but publicly known in this month’s regularly scheduled Microsoft updates.
Microsoft has pushed out fixes for 87 security vulnerabilities in...
Cisco Zero-Day in AnyConnect Secure Mobility Client Remains Unpatched
Cisco also disclosed high-severity vulnerabilities in its Webex and SD-WAN products.
Cisco has disclosed a zero-day vulnerability – for which there is not yet a patch – in the Windows,...
Windows Hello Bypass Fools Biometrics Safeguards in PCs
A Windows security bug would allow an attacker to fool a USB camera used in the biometric facial-recognition aspect of the system.
A vulnerability in Microsoft’s Windows 10 password-free authentication...
Massive Zero-Day Hole Found in Palo Alto Security Appliances
Researchers have a working exploit for the vulnerability (now patched), which allows for unauthenticated RCE and affects an estimated 70,000+ VPN/firewalls.
Researchers have developed a working exploit to gain...
SAP Stomps Out Critical RCE Flaw in Manufacturing Software
The remote code execution flaw could allow attackers to deploy malware, modify network configurations and view databases.
Enterprise software giant SAP pushed out fixes for a critical-severity vulnerability in...