Vulnerabilities & Exploits Archives - Page 17 of 106

Emotet botnet reemerges with new threat behaviors

Cybersecurity Attacks, Malware, Vulnerabilities & Exploits / Frank Crast / May 4, 2022 / AppX, botnet, Emotet, malware, TA542, XLL

Researchers from Proofpoint have observed the reemergence of Emotet botnet that has exhibited new behaviors in using new attack techniques.

Emotet botnet reemerges with new threat behaviors Read More »

The Top 15 mostly commonly exploited vulnerabilities in 2021

Cybersecurity Attacks, Security Updates & Patches, Vulnerabilities & Exploits / Frank Crast / May 2, 2022 / CVE-2018-13379, CVE-2019-11510, CVE-2020-0688, CVE-2020-1472, CVE-2021-21972, CVE-2021-26855, CVE-2021-26857, CVE-2021-26858, CVE-2021-27065, CVE-2021-31207, CVE-2021-34473, CVE-2021-34523, CVE-2021-40539, CVE-2021-44228, log4Shell, ProxyLogon, ProxyShell, Zerologon

The Cybersecurity Advisory (CSA) published details on the top 15 vulnerabilities most routinely exploited by malicious cyber actors in 2021. Common CVEs include Log4Shell, ProxyLogon, ProxyShell, ZeroLogon and others.

The Top 15 mostly commonly exploited vulnerabilities in 2021 Read More »

Cisco issues security updates for Spring Framework, Firepower and IOS XR software

Network Security, Security Updates & Patches, Vulnerabilities & Exploits / Frank Crast / April 29, 2022 / Cisco, Firepower, IOS XR, Spring, Spring4Shell

Cisco has released a security updates for Spring Framework (“Spring4Shell”), Firepower Management Center (FMC) and IOS XR software that address Critical and High severity vulnerabilities.

Cisco issues security updates for Spring Framework, Firepower and IOS XR software Read More »

Millions of Java apps still vulnerable to Log4Shell

Vulnerabilities & Exploits / Frank Crast / April 29, 2022 / Apache, CVE-2021-44228, Log4j, log4Shell, Rezilion

Researchers have found millions of Java applications still vulnerable in the wild to the infamous Log4Shell vulnerability CVE-2021-44228, more than four months after the severe flaw was discovered.

Millions of Java apps still vulnerable to Log4Shell Read More »

security, professional, secret-5199239.jpg

Microsoft discovers Nimbuspwn Linux vulnerabilities

Vulnerabilities & Exploits / Frank Crast / April 26, 2022 / CVE-2022-29799, CVE-2022-29800, kernel, Linux, Microsoft, Nimbuspwn

Microsoft researchers have discovered a collection of Linux vulnerabilities dubbed Nimbuspwn that could lead to privilege escalation as root on Linux desktop systems.

Microsoft discovers Nimbuspwn Linux vulnerabilities Read More »

Google releases Chrome 101 security update with fixes for 30 vulnerabilities

Security Updates & Patches, Vulnerabilities & Exploits / Frank Crast / April 26, 2022 / Chrome, Chrome101, CVE-2022-1477, CVE-2022-1478, CVE-2022-1479, CVE-2022-1480, CVE-2022-1481, CVE-2022-1482, CVE-2022-1483

Google has released Chrome 101.0.4951.41 for Windows, Mac and Linux with fixes for 30 vulnerabilities, to include seven rated High severity.

Google releases Chrome 101 security update with fixes for 30 vulnerabilities Read More »

CISA adds 7 vulnerabilities to Known Exploited Vulnerabilities Catalog (to include Dirty Pipe Linux kernel vulnerability)

Vulnerabilities & Exploits, Zero-days / Frank Crast / April 26, 2022 / CISA, CVE-2022-0847, CVE-2022-21919, CVE-2022-26904, CVE-2022-29464, Dirty Pipe

The Cybersecurity and Infrastructure Security Agency (CISA) has added seven vulnerabilities to its Known Exploited Vulnerabilities Catalog, to include Dirty Pipe vulnerability and a Windows zero-day patched earlier this month.

CISA adds 7 vulnerabilities to Known Exploited Vulnerabilities Catalog (to include Dirty Pipe Linux kernel vulnerability) Read More »

Oracle Critical Patch Update for April 2022

Security Updates & Patches, Vulnerabilities & Exploits / Frank Crast / April 20, 2022 / CVE-2022-22965, CVE-2022-23305, Database, Java, MySQL, Oracle, Spring Framework, Spring4Shell

Oracle has released its Critical Patch Update for April 2022 to include 520 vulnerability fixes across multiple products. The updates also include fixes for Log4j and Spring Framework vulnerabilities.

Oracle Critical Patch Update for April 2022 Read More »

CISA adds 9 vulnerabilities to Known Exploited Vulnerabilities Catalog (to include new Chrome zero-day)

Security Updates & Patches, Vulnerabilities & Exploits, Zero-days / Frank Crast / April 15, 2022 / Chrome, CVE-2022-1364, CVE-2022-22960, VMware, Workspace ONE

The Cybersecurity and Infrastructure Security Agency (CISA) has added 9 vulnerabilities to its Known Exploited Vulnerabilities Catalog. The issues include recently patched Chrome zero-day CVE-2022-1364.

CISA adds 9 vulnerabilities to Known Exploited Vulnerabilities Catalog (to include new Chrome zero-day) Read More »

Google releases Chrome 100 security update with fix for zero-day vulnerability (CVE-2022-1364) exploited in the wild

Security Updates & Patches, Vulnerabilities & Exploits, Zero-days / Frank Crast / April 15, 2022 / Chrome, Chrome 100, CVE-2022-1096, CVE-2022-1364, Google, JavaScript, V8

Google has released Chrome 100.0.4896.127 for Windows, Mac and Linux with fixes for two vulnerabilities, to include one zero-day (CVE-2022-1364) exploited in the wild.

Google releases Chrome 100 security update with fix for zero-day vulnerability (CVE-2022-1364) exploited in the wild Read More »