Shim Bootloader Vulnerability Affects Linux Systems

Critical Shim bootloader vulnerability allows attackers to bypass security and control systems before OS loads.

Researchers have identified a critical vulnerability in Shim, a widely-used Linux bootloader. This vulnerability could potentially allow attackers to execute malicious code and gain control of target systems before the kernel is even loaded. This flaw raises significant concerns because it can bypass security mechanisms. These mechanisms are typically enforced by the kernel and the… Continue reading Shim Bootloader Vulnerability Affects Linux Systems

Sierra AirLink Vulnerabilities Expose Critical Infrastructure

Researchers discovered 21 vulnerabilities in ALEOS - firmware for Sierra AirLink routers

The grand total of 21 security flaws was discovered in Sierra Wireless AirLink routers firmware. The vulnerabilities allow for remote code injection, unauthenticated access, DoS attacks, and else. As such network devices are commonly used in industrial manufacturing and applications the like, the impact of such attacks may be rather serious. Sierra AirLink Routers Have… Continue reading Sierra AirLink Vulnerabilities Expose Critical Infrastructure

Cisco Won’t Fix an RCE Vulnerability in Old RV Routers

A 9.8/10 RCE Vulnerability in Old Cisco RV Routers Will Not Be Patched Cisco will not patch the zero-day CVE-2022-20825 vulnerability on end-of-life devices. The affected devices are Small Business RV routers (mobile routers for recreational vehicles and boats.) The specific vulnerable models are RV110W Wireless-N VPN Firewall, RV130 VPN Router, RV130W Wireless-N Multifunction VPN… Continue reading Cisco Won’t Fix an RCE Vulnerability in Old RV Routers

A WSO2 Vulnerability is Fraught with Remote Code Execution

The products by WSO2, an open-source API, applications, and web services provider, have been attacked in the wild through the CVE-2022-29464 vulnerability detected back in April 2022. This vulnerability allows attackers to execute malicious code remotely via unhindered file uploading. The scheme of the attack begins with web shell installation through *.jsp or *.war files… Continue reading A WSO2 Vulnerability is Fraught with Remote Code Execution

Dark Souls 3 found an RCE vulnerability that allows taking control of someone else’s PC

Over the weekend, the developers of the Dark Souls series of games reported that the PC servers of Dark Souls: Remastered, Dark Souls 2, Dark Souls 3 and Dark Souls: PtDE are temporarily disabled due to a dangerous RCE vulnerability that allows remotely taking control of someone else’s machine. One of the first to report… Continue reading Dark Souls 3 found an RCE vulnerability that allows taking control of someone else’s PC