Author: DEFENDEDGE
-
Zero-Day Used to Wipe My Book Live Devices
Threat actors may have been duking it out for control of the compromised devices, first using a 2018 RCE, then password-protecting a new vulnerability. Read more
-
PoC Exploit Circulating for Critical Windows Print Spooler Bug
The “PrintNightmare” bug may not be fully patched, some experts are warning, leaving the door open for widespread remote code execution attacks. Read more
-
Microsoft Translation Bugs Open Edge Browser to Trivial UXSS Attacks
The bug in Edge’s auto-translate could have let remote attackers pull off RCE on any foreign-language website just by sending a message with an XSS payload. Read more
-
CISA Begins Cataloging Bad Practices that Increase Cyber Risk
Original release date: June 29, 2021 In a blog post by Executive Assistant Director (EAD) Eric Goldstein, CISA announced the creation of a catalog to document bad cybersecurity practices that are exceptionally risky for any organization and especially dangerous for those supporting designated Critical Infrastructure or National Critical Functions. While extensive guidance on cybersecurity “best practices” exists,… Read more
-
Details of RCE Bug in Adobe Experience Manager Revealed
Disclosure of a bug in Adobe’s content-management solution – used by Mastercard, LinkedIn and PlayStation – were released. Read more
-
NVIDIA Patches High-Severity GeForce Spoof-Attack Bug
A vulnerability in NVIDIA’s GeForce Experience software opens the door to remote data access, manipulation and deletion. Read more
-
Vulnerability Summary for the Week of June 21, 2021
Original release date: June 28, 2021 High Vulnerabilities Primary Vendor — Product Description Published CVSS Score Source & Patch Info apache — nuttx Apache Nuttx Versions prior to 10.1.0 are vulnerable to integer wrap-around in functions malloc, realloc and memalign. This improper memory assignment can lead to arbitrary memory allocation, resulting in unexpected behavior… Read more
-
Cisco ASA Bug Now Actively Exploited as PoC Drops
In-the-wild XSS attacks have commenced against the security appliance (CVE-2020-3580), as researchers publish exploit code on Twitter. Read more
-
My Book Live Users Wake Up to Wiped Devices, Active RCE Attacks
“I am totally screwed,” one user wailed after finding years of data nuked. Western Digital advised yanking the NAS storage devices offline ASAP: There’s an exploit. Read more
-
Citrix Releases Security Updates for Hypervisor
Original release date: June 25, 2021 Citrix has released security updates to address vulnerabilities in Hypervisor. An attacker could exploit these vulnerabilities to cause a denial-of-service condition. CISA encourages users and administrators to review Citrix Security Update CTX316325 and apply the necessary updates. This product is provided subject to this Notification and this Privacy & Use… Read more