Our news
-
Pulse Secure VPNs Get a Fix for Critical Zero-Day Bugs
The security flaw tracked as CVE-2021-22893 is being used by at least two APTs likely linked to China, to attack U.S. defense targets among others.
-
Apple Fixes Zero‑Day Security Bugs Under Active Attack
On Monday, Apple released a quartet of unscheduled updates for iOS, macOS, and watchOS, slapping security patches on flaws in its WebKit browser engine.
-
Hundreds of Millions of Dell Users at Risk from Kernel-Privilege Bugs
The privilege-escalation bug remained hidden for 12 years and has been present in all Dell PCs, tablets and notebooks shipped since 2009.
-
New Attacks Slaughter All Spectre Defenses
The 3+ years computer scientists spent concocting ways to defend against these supply-chain attacks against chip architecture? It’s bound for the dustbin.
-
Hewlett Packard Enterprise Plugs Critical Bug in Edge Platform Tool
Researchers warned that unpatched versions of HPE’s Edgeline Infrastructure Manager are open to remote authentication-bypass attacks.
-
Ivanti Releases Pulse Secure Security Update
Original release date: May 3, 2021 Ivanti has released a security update to address vulnerabilities affecting Pulse Connect Secure (PCS) software outlined in CVE-2021-22893. An attacker could exploit these vulnerabilities to gain system access and take control of an affected system. In response, CISA released AA21-110A: Exploitation of Pulse Connect Secure Vulnerabilities on April 20…
-
Vulnerability Summary for the Week of April 26, 2021
Original release date: May 3, 2021   High Vulnerabilities Primary Vendor — Product Description Published CVSS Score Source & Patch Info avaya — session_border_controller_for_enterprise A command injection vulnerability in Avaya Session Border Controller for Enterprise could allow an authenticated, remote attacker to send specially crafted messages and execute arbitrary commands with the affected system privileges.…
-
Microsoft Warns of 25 Critical Vulnerabilities in IoT, Industrial Devices
Azure Defender security team discovers that memory allocation is a systemic problem that can allow threat actors to execute malicious code remotely or cause entire systems to crash.
-
F5 Big-IP Vulnerable to Security-Bypass Bug
The KDC-spoofing flaw tracked as CVE-2021-23008 can be used to bypass Kerberos security and sign into the Big-IP Access Policy Manager or admin console.
-
Codecov Releases New Detections for Supply Chain Compromise
Original release date: April 30, 2021 CISA is aware of a compromise of the Codecov software supply chain in which a malicious threat actor made unauthorized alterations of Codecov’s Bash Uploader script, beginning on January 31, 2021. Upon discovering the compromise on April 1, 2021, Codecov immediately remediated the affected script. On April 15, 2021,…