Google: 2021 was a Banner Year for Exploited 0-Day Bugs
Last year, Google Project Zero tracked a record 58 exploited-in-the-wild zero-day security holes.
Google Project Zero reported 58 exploited zero-day vulnerabilities in 2021, a record in the short time...
Rethinking Cyber-Defense Strategies in the Public-Cloud Age
Exploring what’s next for public-cloud security, including top risks and how to implement better risk management.
The pandemic has fast-tracked migration to the public cloud, including Amazon Web Services, Google...
Microsoft Zero-Days, Wormable Bugs Spark Concern
For April Patch Tuesday, the computing giant addressed a zero-day under active attack and several critical security vulnerabilities, including three that allow self-propagating exploits.
Microsoft has released patches for 128...
SSRF Flaw in Fintech Platform Allowed for Compromise of Bank Accounts
Researchers discovered the vulnerability in an API already integrated into many bank systems, which could have defrauded millions of users by giving attackers access to their funds.
A server-side request...
Apple Rushes Out Patches for 0-Days in MacOS, iOS
The vulnerabilities could allow threat actors to disrupt or access kernel activity and may be under active exploit.
Apple rushed out patches for two zero-days affecting macOS and iOS Thursday,...
Automaker Cybersecurity Lagging Behind Tech Adoption, Experts Warn
A bug in Honda is indicative of the sprawling car-attack surface that could give cyberattackers easy access to victims, as global use of ‘smart car tech’ and EVs surges.
A...
Cyberattackers Target UPS Backup Power Devices in Mission-Critical Environments
The active attacks could result in critical-infrastructure damage, business disruption, lateral movement and more.
Cyberattackers are targeting uninterruptible power supply (UPS) devices, which provide battery backup power during power surges...
RCE Bug in Spring Cloud Could Be the Next Log4Shell, Researchers Warn
The so-called ‘Spring4Shell’ bug has cropped up, so to speak, and could be lurking in any number of Java applications.
NOTE: While the researchers at Sysdig refer to this Spring...
Critical Sophos Security Bug Allows RCE on Firewalls
The security vendor’s appliance suffers from an authentication-bypass issue.
Cybersecurity stalwart Sophos has plugged a critical vulnerability in its firewall product, which could allow remote code-execution.
The flaw, tracked as CVE-2022-1040,...
Google Chrome Zero-Day Bugs Exploited Weeks Ahead of Patch
Two separate campaigns from different threat actors targeted users with the same exploit kit for more than a month before the company fixed an RCE flaw found in February....
