Microsoft October 2022 Patch Tuesday fixes zero-day used in attacks, 84 flaws
This month's Patch Tuesday fixes two publicly zero-day vulnerabilities, one actively exploited in attacks and one publicly disclosed.
Read More...
Researchers Detail Critical RCE Flaw Reported in Popular vm2 JavaScript Sandbox
In light of the critical nature of the vulnerability, users are recommended to update to the latest version as soon as possible to mitigate possible threats.
Read More...
Microsoft Issues Improved Mitigations for Unpatched Exchange Server Vulnerabilities
Successful weaponization of the flaws could enable an authenticated attacker to chain the two vulnerabilities to achieve remote code execution on the underlying server
Read More...
BlackByte Ransomware Abuses Vulnerable Windows Driver to Disable Security Solutions
An analysis of the ransomware sample has uncovered multiple similarities between the EDR bypass implementation and that of a C-based open-source tool called EDRSandblast, designed to abuse vulnerable signed drivers to evade detection.
Read More...
Fortinet warns admins to patch critical auth bypass bug immediately
An authentication bypass using an alternate path or channel [CWE-88] in FortiOS and FortiProxy may allow an unauthenticated attacker to perform operations on the administrative interface via specially crafted HTTP or HTTPS requests
Read More...
CISA: Hackers exploit critical Bitbucket Server flaw in attacks
The Cybersecurity and Infrastructure Security Agency (CISA) has added three more security flaws to its list of bugs exploited in attacks, including a Bitbucket Server RCE and two Microsoft Exchange zero-days.
Read More...
New malware backdoors VMware ESXi servers to hijack virtual machines
With the help of malicious vSphere Installation Bundles, the attacker could install on the bare-metal hypervisor two backdoors
Read More...
New Microsoft Exchange zero-day actively exploited in attacks
The vulnerability turns out to be so critical that it allows the attacker to do RCE on the compromised system
Read More...
Sophos warns of new firewall RCE bug exploited in attacks
Tracked as CVE-2022-3236, the flaw was found in the User Portal and Webadmin of Sophos Firewall, allowing attackers to perform remote code execution (RCE)
Read More...
CISA Warns of Hackers Exploiting Recent Zoho ManageEngine Vulnerability
Zoho has warned of the public availability of a proof-of-concept (PoC) exploit for the vulnerability
Read More...