Researchers uncovered a new flaw, dubbed ÆPIC, in Intel CPUs that enables attackers to obtain encryption keys and other secret information from the processors.... weiterlesen

Zoom addressed two high-severity vulnerabilities in its macOS app that were disclosed at the DEF CON conference. Zoom last week released macOS updates... weiterlesen

Exploit code has been released for a critical vulnerability affecting networking devices with Realtek's RTL819x system on a chip (SoC), which are estimated... weiterlesen

... weiterlesen

... weiterlesen

As reported by The Verge, Zoom has issued a patch for a bug on macOS that could allow a hacker to take control of a user’s operating system (via MacRumors).... weiterlesen

Bootloaders present in a majority of computers made in the past 10 years are affected by Secure Boot bypass vulnerabilities, according to firmware security... weiterlesen

Flaws in Xiaomi Redmi Note 9T and Redmi Note 11 models could be exploited to disable the mobile payment mechanism and even forge transactions. Check... weiterlesen

A severe authentication bypass vulnerability existed in the Zimbra Collaboration Suite (ZCS), risking email security.… Researchers Discover Zimbra Authentication... weiterlesen

Researchers discovered a flaw in three signed third-party UEFI boot loaders that allow bypass of the UEFI Secure Boot feature. Researchers from hardware... weiterlesen

Palo Alto Networks has issued a security advisory warning of an actively exploited high-severity vulnerability impacting PAN-OS, the operating system... weiterlesen

The Department of Homeland Security (DHS) is urging states and localities to beef up security around proprietary devices that connect to the Emergency... weiterlesen

Threat actors are exploiting an authentication bypass Zimbra flaw, tracked as CVE-2022-27925, to hack Zimbra Collaboration Suite email servers worldwide.... weiterlesen

Threat actors are exploiting an authentication bypass Zimbra flaw, tracked as CVE-2022-27925, to hack Zimbra Collaboration Suite email servers worldwide.... weiterlesen

More than 1 million instances of firewalls running Cisco Adaptive Security Appliance (ASA) software have four vulnerabilities that undermine its security,... weiterlesen

... weiterlesen

This week Microsoft finally released a patch for a zero-day security flaw being exploited by hackers, that the company had claimed since 2019 was not actually... weiterlesen

Cybersecurity researchers have disclosed multiple severe security vulnerabilities asset management platform Device42 that, if successfully exploited,... weiterlesen

... weiterlesen

Cisco addressed a high severity flaw, tracked as CVE-2022-20866, affecting Adaptive Security Appliance (ASA) and Firepower Threat Defense (FTD) software.... weiterlesen

Microsoft fixes 121 vulnerabilities, including 17 ‘critical’ and the rest ‘important.’ Compared to last month’s patch Tuesday, critical vulnerabilities... weiterlesen

70% of Large enterprises that previously addressed the Log4j flaw are still struggling to patch Log4j-vulnerable assets. INTRODUCTION In December 2021... weiterlesen

... weiterlesen

Last month, a small cybersecurity firm told a major Indian online insurance brokerage it had found critical vulnerabilities in the company’s internet-facing... weiterlesen

... weiterlesen

US Critical Infrastructure Security Agency (CISA) adds vulnerabilities in the UnRAR utility to its Known Exploited Vulnerabilities Catalog. The Cybersecurity... weiterlesen

... weiterlesen

... weiterlesen

As many as 121 new security flaws were patched by Microsoft as part of its Patch Tuesday updates for the month of August, which also includes a fix for... weiterlesen

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added two more flaws to its catalog of Known Exploited Vulnerabilities, based on evidence... weiterlesen

The race to mitigate a gaping authentication bypass vulnerability in VMware Workspace ONE Access, Identity Manager and vRealize Automation products just... weiterlesen

Today is Microsoft's August 2022 Patch Tuesday, and with it comes fixes for the actively exploited 'DogWalk' zero-day vulnerability and a total of 121 flaws.... weiterlesen

Software maker Adobe has released patches for at least 25 documented security vulnerabilities that expose Windows and macOS users to malicious hacker attacks. The... weiterlesen

Open redirect vulnerabilities affecting American Express and Snapchat websites were exploited earlier this year as part of phishing campaigns targeting... weiterlesen

Zimbra CVE-2022-27824 has been added to the CISA’s “Known Exploited Vulnerabilities” catalog as a new vulnerability. Hackers are actively exploiting... weiterlesen

An anonymous reader quotes a report from Ars Technica: The US Department of Homeland Security is warning of vulnerabilities in the nation's emergency broadcast... weiterlesen

DEF CON may be about to blow lid off security hole The US government is warning of critical vulnerabilities in its Emergency Alert System (EAS) systems... weiterlesen

The Cybersecurity and Infrastructure Security Agency (CISA) has added the Zimbra CVE-2022-27824 flaw to its 'Known Exploited Vulnerabilities Catalog,'... weiterlesen

Workplace productivity software giant Slack on Friday forced password resets for a tiny fraction of its users after the discovery of a security flaw that... weiterlesen

The US Federal Emergency Management Agency (FEMA) has issued an advisory urging organizations to ensure that their emergency alert systems are patched,... weiterlesen

The U.S. DHS warns of critical security vulnerabilities in Emergency Alert System (EAS) encoder/decoder devices. The Department of Homeland Security (DHS)... weiterlesen

... weiterlesen

The U.S. Department of Homeland Security (DHS) has warned of critical security vulnerabilities in Emergency Alert System (EAS) encoder/decoder devices. If... weiterlesen

At least Switchzilla thinks they're salvageable, unlike the boxes it ordered binned back in June Cisco has revealed four of its small business router ranges... weiterlesen

The Department of Homeland Security (DHS) warned that attackers could exploit critical security vulnerabilities in unpatched Emergency Alert System (EAS)... weiterlesen

The opensource shared file server for UNIX-like systems could put thousands of installations at risk due to a critical vulnerability allowing anyone to... weiterlesen

A high EnterpriseDT CompleteFTP vulnerability (CVE-2022-2560), which was discovered by rgod on Jun 7, 2022, just goes public today on... The post CVE-2022-2560:... weiterlesen

A high EnterpriseDT CompleteFTP vulnerability (CVE-2022-2560), which was discovered by rgod on Jun 7, 2022, just goes public today on... The post CVE-2022-2560:... weiterlesen

Samba maintainers have just released new versions of their networking software to patch 5 vulnerabilities that could allow attackers to... The post CVE-2022-32744:... weiterlesen

Samba maintainers have just released new versions of their networking software to patch 5 vulnerabilities that could allow attackers to... The post CVE-2022-32744:... weiterlesen

VMware on Tuesday announced patches for several critical and high-severity vulnerabilities affecting VMware Workspace ONE Access, Identity Manager, vRealize... weiterlesen

VMware on Tuesday announced patches for several critical and high-severity vulnerabilities affecting VMware Workspace ONE Access, Identity Manager, vRealize... weiterlesen

Cisco has released software updates that address multiple vulnerabilities in Cisco Small Business VPN routers which allow an unauthenticated, remote attacker... weiterlesen

Cisco fixes critical remote code execution vulnerability, tracked as CVE-2022-20842, impacting Small Business VPN routers. Cisco addressed a critical security... weiterlesen

Cisco on Wednesday rolled out patches to address eight security vulnerabilities, three of which could be weaponized by an unauthenticated attacker to gain... weiterlesen

Google addressed a critical vulnerability in Android OS, tracked as CVE-2022-20345, that can be exploited to achieve remote code execution over Bluetooth.... weiterlesen

Google fixes at least 27 security flaws in Chrome 104 and the browser has dropped its original API for supporting USB two-factor authentication security... weiterlesen

Google fixes at least 27 security flaws in Chrome 104 and the browser has dropped its original API for supporting USB two-factor authentication security... weiterlesen

Virtualization services provider VMware on Tuesday shipped updates to address 10 security flaws affecting multiple products that could be abused by unauthenticated... weiterlesen

Meanwhile, a security update for rsync VMware has fixed a critical authentication bypass vulnerability that hits 9.8 out of 10 on the CVSS severity scale... weiterlesen

... weiterlesen

Google released a security alert on Monday outlining the most recent batch of Android operating system upgrades. There have been fixes for thirty-two vulnerabilities,... weiterlesen

Google on Monday published a security bulletin describing the latest round of patches for the Android operating system. Three dozen vulnerabilities have... weiterlesen

The US Cybersecurity and Infrastructure Security Agency (CISA) has instructed government organizations — and advised private sector companies — to... weiterlesen

A security researcher found severe cross-site scripting (XSS) vulnerabilities in Google Cloud and Google Play.… Researcher Found XSS Flaws In Google... weiterlesen

A vulnerability, tracked as CVE-2022-30563, impacting Dahua IP Camera can allow attackers to seize control of IP cameras. The CVE-2022-30563 vulnerability... weiterlesen

US Critical Infrastructure Security Agency (CISA) adds the critical Confluence flaw, tracked as CVE-2022-26138, to its Known Exploited Vulnerabilities... weiterlesen

Threat actors are actively exploiting the recently patched critical flaw in Atlassian Confluence Server and Data Center Recenlty Atlassian released security... weiterlesen

LibreOffice maintainers addressed three security flaws in their productivity software, including an arbitrary code execution issue. LibreOffice is an open-source office... weiterlesen

Researchers found numerous security flaws in various Nuki Smart locks. Exploiting the vulnerabilities could affect… Multiple Security Flaws Found In... weiterlesen

Two potentially serious vulnerabilities that could allow threat actors to cause significant disruption have been found in a widely used industrial connectivity... weiterlesen

Two potentially serious vulnerabilities that could allow threat actors to cause significant disruption have been found in a widely used industrial connectivity... weiterlesen

Ubuntu’s beleaguered Firefox Snap package is tackling another of its long-standing drawbacks: a lack of native messaging support. This fancy feature... weiterlesen

FileWave's mobile device management (MDM) system has been found vulnerable to two critical security flaws that could be leveraged to carry out remote attacks... weiterlesen

On July 4, 2022, the Google Chrome stable channel was updated to version 103.0.5060.114. The vulnerabilities fixed by this update... The post Candiru spyware... weiterlesen

Multiple flaws in FileWave mobile device management (MDM) product exposed organizations to cyberattacks. Claroty researchers discovered two vulnerabilities... weiterlesen

Drupal development team released security updates to fix multiple issues, including a critical code execution flaw. Drupal developers have released security... weiterlesen

"Google has released security updates for Google Chrome browser for Windows, Mac and Linux, addressing vulnerabilities that could allow a remote attacker... weiterlesen

A recently patched Chrome vulnerability that appears to have been exploited by an Israeli spyware company also impacts Microsoft’s Edge and Apple’s... weiterlesen

... weiterlesen

Original Report: https://hackerone.com/reports/1524555 Impact Depending on the specific web application, HRS can lead to cache poisoning, bypassing of... weiterlesen

The Cisco Nexus Dashboard data center management solution was found to have severe vulnerabilities that Cisco has addressed recently. The total number... weiterlesen

... weiterlesen

Atlassian has fixed three critical vulnerabilities and is urging customers using Confluence, Bamboo, Bitbucket, Crowd, Fisheye and Crucible, Jira and Jira... weiterlesen

Apple released security updates to address multiple vulnerabilities that affect iOS, iPadOS, macOS, tvOS, and watchOS devices. Apple released security... weiterlesen

... weiterlesen

... weiterlesen

... weiterlesen

Cisco on Wednesday released security patches for 45 vulnerabilities affecting a variety of products, some of which could be exploited to execute arbitrary... weiterlesen

Fixes issued, warns it 'has not exhaustively enumerated all potential consequences' Atlassian has warned users of its Bamboo, Bitbucket, Confluence, Fisheye,... weiterlesen

... weiterlesen

Atlassian has patched a critical hardcoded credentials vulnerability in Confluence Server and Data Center that could let remote, unauthenticated attackers... weiterlesen

... weiterlesen

... weiterlesen

About '1.5 million' folks and organizations use these gadgets A handful of vulnerabilities, some critical, in MiCODUS GPS tracker devices could allow criminals... weiterlesen

Researchers published an analysis of the Windows remote code execution vulnerability CVE-2022-30136 impacting the Network File System. Trend Micro Research... weiterlesen

Juniper Networks has pushed security updates to address several vulnerabilities affecting multiple products, some of which could be exploited to seize... weiterlesen

A vulnerability in the Netwrix Auditor software can be exploited to execute arbitrary code on affected devices. Bishop Fox discovered a vulnerability in... weiterlesen

CISA urges admins to apply recently released fixes in Juniper Networks products, including Junos Space, Contrail Networking and NorthStar Controller. CISA... weiterlesen

Threat actors are targeting VoIP servers by exploiting a vulnerability in Digium’s software to install a web shell, Palo Alto Networks warns. Recently,... weiterlesen