F5, Inc warned the users about the critical vulnerability that harms the iControl REST users. That solution is a framework offered by the F5 Corporation as an advanced tool for software developers. The detected flaw is noted as critical, since it makes the device takeover possible for non-authorised users. F5 warns its customers of a… Continue reading F5 warns of critical BIG-IP RCE vulnerability
Tag: Vulnerabilities
Hackers Use Fresh Vulnerability in Windows Print Spooler in Real Attacks
The US Infrastructure and Cybersecurity Agency (CISA) warned that a vulnerability in the Windows Print Spooler component, patched by Microsoft in February 2022, is being actively exploited by hackers. The issue in question is tracked as CVE-2022-22718 (CVSS score of 7.8) and, according to Microsoft, affects all versions of Windows. At the same time, the… Continue reading Hackers Use Fresh Vulnerability in Windows Print Spooler in Real Attacks
Chinese hackers use Zimbra 0-day vulnerability to hack European media and authorities
Security firm Volexity has warned that a previously unknown Chinese hack group is exploiting a 0-day vulnerability in Zimbra’s collaborative software. According to official statistics, more than 200,000 enterprises in 140 countries around the world use Zimbra, including more than 1,000 government and financial institutions. The researchers write that using the 0-day vulnerability, attackers gain… Continue reading Chinese hackers use Zimbra 0-day vulnerability to hack European media and authorities
Another vulnerability found in Log4j, this time it is a denial of service
Log4Shell, recently discovered in the popular logging library Log4j, which is part of the Apache Logging Project, continues to get worse, as another vulnerability has been found. This time it is time a “denial of service” vulnerability. The problem was originally discovered while catching bugs on Minecraft servers, but the Log4j library is present in… Continue reading Another vulnerability found in Log4j, this time it is a denial of service
Vulnerabilities in STARTTLS threaten popular email clients
At the USENIX conference, a group of German scientists announced the discovery of more than 40 vulnerabilities in STARTTLS implementations in popular mail clients and servers, including Apple Mail, Gmail, Mozilla Thunderbird, Claws Mail, Mutt, Evolution, Exim, Mail.ru, Samsung Email, Yandex and KMail. Exploitation of these issues allows an attacker to steal credentials, intercept emails,… Continue reading Vulnerabilities in STARTTLS threaten popular email clients
Hackers exploit ProxyShell vulnerabilities to install backdoors
Experts warn that hackers are attacking Microsoft Exchange servers, exploiting ProxyShell vulnerabilities, and installing backdoors on them for subsequent access. Let me remind you that the vulnerabilities, which are collectively called ProxyShell, were recently discussed at the Black Hat conference. ProxyShell combines three vulnerabilities that allow remote code execution without authentication on Microsoft Exchange servers.… Continue reading Hackers exploit ProxyShell vulnerabilities to install backdoors
Microsoft Warns of New Print Spooler Vulnerability
Microsoft has released a notice of a new vulnerability in Print Spooler (CVE-2021-36958) that allows local attackers to gain system privileges on a computer. The new vulnerability is related to other PrintNightmare bugs that exploit the configuration settings for Print Spooler, print drivers, anфd Windows Point and Print. Microsoft previously released patches for PrintNightmare in… Continue reading Microsoft Warns of New Print Spooler Vulnerability
Microsoft releases patches for 44 vulnerabilities, including three 0-days
As part of Patch Tuesday this week, Microsoft released patches for 44 vulnerabilities (51 including bugs in Microsoft Edge), seven of which were classified as critical, three were 0-day, and one was already under attack. Patches released this month: .NET Core and Visual Studio, ASP.NET Core and Visual Studio, Azure, Windows Update, Windows Print Spooler… Continue reading Microsoft releases patches for 44 vulnerabilities, including three 0-days
Vulnerabilities in Amazon Kindle Allowed Taking Full Control of the Device
Check Point researchers reported that in April of this year, IT giant Amazon eliminated critical vulnerabilities in the Amazon Kindle. The problems could be used to gain full control over the device, allowed them to steal the Amazon device token and other confidential data stored on it. For a successful attack on a Kindle, just… Continue reading Vulnerabilities in Amazon Kindle Allowed Taking Full Control of the Device
Experts published a list of the most attacked vulnerabilities in 2020-2021
Experts from the FBI, the US Department of Homeland Security (DHS CISA), the Australian Cybersecurity Center (ACSC), and the UK National Cybersecurity Center (NCSC) have published joint security advisories that list the most attacked and most popular vulnerabilities among criminals in 2020 and 2021. Based on data collected by the US government, most of the… Continue reading Experts published a list of the most attacked vulnerabilities in 2020-2021