Ford SYNC 3 infotainment system Wi-Fi vulnerability discovered
Ford Motor Company has recently announced that a Wi-Fi software driver vulnerability in its Ford SYNC 3 infotainment system was discovered by a researcher.
Third-Party Security
Drupal patches Moderately Critical Guzzle third-party library vulnerabilities (CVE-2022-31042 and CVE-2022-31043)
Drupal has patched two Moderately Critical Guzzle Third-party library vulnerabilities (CVE-2022-31042 and CVE-2022-31043) that affect multiple versions of Drupal Core.
Researchers discover Critical RCE 0-day “Log4Shell” vulnerability (CVE-2021-44228) in Apache Log4j logging utility (update)
Researchers have discovered a Critical 0-day vulnerability (CVE-2021-44228) in Apache Log4j logging utility that can result in remote code execution (RCE). In addition, CISA and Microsoft also issue new guidance for log4j vulnerability remediation.
Embedded malware discovered in NPM package ua-parser-js
Embedded malware has been discovered in an NPM package ua-parser-js, a popular JavaScript library designed to detect browser, engine, OS, CPU, and device type/model from User-Agent data.
Nobelium targets CSPs, MSPs and IT organizations to launch broader attacks
Microsoft has released a new report on Nobelium that has been targeting cloud service providers (CSPs), managed service providers (MSPs) and other IT organizations in order to launch broader attacks against customers they serve.
Drupal patches 3rd-party library CKEditor vulnerabilities
Drupal has patched Moderately Critical third-party library CKEditor vulnerabilities that affect multiple versions of Drupal Core.
Drupal patches Critical third-party library vulnerability (CVE-2021-32610)
Drupal has patched a Critical third-party library vulnerability that affects multiple versions of Drupal Core. A remote attacker could exploit this vulnerability to compromise an affected system.
Attackers could have taken over an Atlassian account via one-click exploit
Cybersecurity researchers have discovered a series of chained Atlassian vulnerabilities that could have allowed an attacker to take over an Atlassian account connected via SSO and control Atlassian applications.
SDK supply chain vulnerability exposes security cameras to hacking
A vulnerability in ThroughTek’s Kalay Platform software development hit (SDK) has exposed many security cameras used by original equipment manufacturers (OEMs) of consumer-grade security cameras and IoT devices.
Drupal fixes ‘Moderately Critical’ XSS bug in CKEditor library
Drupal has patched a Moderately Critical cross-site scripting (XSS) vulnerability in Drupal Core.