Sunday, 30 May, 2021 |
|
A new memory protection bypass vulnerability tracked as CVE-2020-15782 has been discovered in Siemens SIMATIC S7-1200 and S7-1500 CPU products. If exploited successfully, this vulnerability could allow attackers to write arbitrary data to protected memory areas or read sensitive data from the device's memory, which could lead to completely taking over the affected device.
Thursday, 27 May, 2021 |
|
Multiple vulnerabilities have been discovered in Bluetooth devices that support Bluetooth Core and Mesh Specifications. These vulnerabilities allow for impersonation attacks and AuthValue disclosure which, in practice, could allow for man in the middle attacks within the range of two vulnerable bluetooth devices. Please find below the list of vulnerabilities:
Thursday, 27 May, 2021 |
|
A new vulnerability has been discovered in Apple macOS Gatekeeper and is being exploited in the wild to target macOS users. The vulnerability has been tracked as CVE-2021-30657, and could allow attackers to bypass security checks performed by macOS to execute code on remote victims by crafting a malicious image and app file for macOS.
Thursday, 27 May, 2021 |
|
VMware has released security updates addressing two vulnerabilities affecting VMware vCenter server and VMware Cloud Foundation, which have been listed as CVE-2021-21985 and CVE-2021-21986.
Wednesday, 19 May, 2021 |
|
A new proof of concept exploit has been released for CVE-2021-31166, a remote code execution vulnerability in Microsoft's HTTP Protocol Stack that is exploitable without authentication and according to Microsoft, wormable between HTTP services. This use after free vulnerability affects the HTTP.SYS component which handles the HTTP protocol stack, specifically the http!UlpParseContentCoding method.
Thursday, 6 May, 2021 |
|
Thursday, 6 May, 2021 |
|
Tuesday, 4 May, 2021 |
|
A critical set of vulnerabilities known as "BadAlloc" have been identified affecting multiple Real Time Operating System (RTOS), Embedded Software Development Kit and libraries. The vulnerabilities have been categorized as Integer Overflow or Wraparound, and the impact can be Remote Code Execution (RCE) or Denial of Service (DoS) if such vulnerability exploited.
Thursday, 29 April, 2021 |
|
Tuesday, 27 April, 2021 |
|
Oracle released its quarterly critical patch update advisory on April 22nd 2021, addressing a total of 391 vulnerabilities on different Oracle products. It is strongly recommended to apply updates as soon as possible to prevent security incidents from happening.
Thursday, 22 April, 2021 |
|
Wednesday, 21 April, 2021 |
|
Wednesday, 21 April, 2021 |
|
Pulse Connect Secure appliances are being actively exploited in the wild by different malicious actors with different malware families. In order to compromise the Pulse Connect Secure appliances, threat actors are using different vulnerabilities in Pulse Connect Secure, including CVE-2019-11510, CVE-2020-8260, CVE-2020-8243, and a new zero-day vulnerability tracked as CVE-2021-22893.
Monday, 19 April, 2021 |
|
Wednesday, 14 April, 2021 |
|
Wednesday, 14 April, 2021 |
|
