Our news
-
VMware Releases Security Updates
Original release date: June 23, 2021 VMware has released security updates to address vulnerabilities in the VMware Carbon Black App Control management server as well as VMware Tools for Windows, VMware Remote Console for Windows, and VMware App Volumes. An attacker could exploit these vulnerabilities to take control of an affected system. CISA encourages users…
-
Unpatched Linux Marketplace Bugs Allow Wormable Attacks, Drive-By RCE
A pair of zero-days affecting Pling-based marketplaces could allow for some ugly attacks on unsuspecting Linux enthusiasts — with no patches in sight.
-
SonicWall ‘Botches’ October Patch for Critical VPN Bug
Company finally rolls out the complete fix this week for an RCE flaw affecting some 800,000 devices that could result in crashes or prevent users from connecting to corporate resources.
-
Cryptominers Slither into Python Projects in Supply-Chain Campaign
These code bombs lurk in the PyPI package repository, waiting to be inadvertently baked into software developers’ applications.
-
Email Bug Allows Message Snooping, Credential Theft
A year-old proof-of-concept attack that allows an attacker to bypass TLS email protections to snoop on messages has been patched.
-
Lexmark Printers Open to Arbitrary Code-Execution Zero-Day
“No remedy available as of June 21, 2021,” according to the researcher who discovered the easy-to-exploit, no-user-action-required bug.
-
Bugs in NVIDIA’s Jetson Chipset Opens Door to DoS Attacks, Data Theft
Chipmaker patches nine high-severity bugs in its Jetson SoC framework tied to the way it handles low-level cryptographic algorithms.
-
Agent Tesla RAT Returns in COVID-19 Vax Phish
An unsophisticated campaign shows that the pandemic still has long legs when it comes to being social-engineering bait.
-
iPhone Wi-Fi Crushed by Weird Network
… until you reset network settings and stop connecting to a weirdly named network, that is. FUD is spreading. iOS Wi-Fi demolition is not.
-
Vulnerability Summary for the Week of June 14, 2021
Original release date: June 21, 2021 High Vulnerabilities Primary Vendor — Product Description Published CVSS Score Source & Patch Info bloofox — bloofoxcms bloofoxCMS 0.5.2.1 is infected with Unrestricted File Upload that allows attackers to upload malicious files (ex: php files). 2021-06-16 7.5 CVE-2020-35760 MISC google — android In avrc_msg_cback of avrc_api.cc, there is…