Category: alerts
Category Added in a WPeMatico Campaign
-
Moobot Botnet Chews Up Hikvision Surveillance Systems
Attackers are milking unpatched Hikvision video systems to drop a DDoS botnet, researchers warned. Read more
-
SonicWall Releases Security Advisory for SMA 100 Series Appliances
Original release date: December 8, 2021 SonicWall has released a security advisory to address vulnerabilities affecting SonicWall Secure Mobile Access (SMA) 100 series appliances. A remote attacker could exploit these vulnerabilities to take control of an affected system. SMA 100 series appliances provide an organization’s employees with remote access to internal resources. Note: although there… Read more
-
Critical SonicWall VPN Bugs Allow Complete Appliance Takeover
Unauthenticated, remote attackers can achieve root-level RCE on SMA 100-series appliances. Read more
-
AWS Among 12 Cloud Services Affected by Flaws in Eltima SDK
Researchers have found a number of high-security vulnerabilities in a library created by network virtualization firm Eltima, that leave about a dozen cloud services used by millions of users worldwide open to privilege-escalation attacks. That includes Amazon WorkSpaces, Accops and NoMachine, among others: all apps that enable remote desktop access by using the Eltima software… Read more
-
Windows 10 Drive-By RCE Triggered by Default URI Handler
There’s an argument injection weakness in the Windows 10/11 default handler, researchers said: an issue that Microsoft has only partially fixed. Read more
-
Zoho Releases Security Advisory for ManageEngine Desktop Central and Desktop Central MSP
Original release date: December 6, 2021 Zoho has released a security advisory to address an authentication bypass vulnerability in ManageEngine Desktop Central and Desktop Central MSP. An attacker could exploit this vulnerability to take control of an affected system. According to Zoho, this vulnerability is being actively exploited in the wild. CISA encourages users and… Read more
-
Cuba Ransomware Gang Hauls in $44M in Payouts
The gang is using a variety of tools and malware to carry out attacks in volume on critical sectors, the FBI warned. Read more
-
CISA Releases Security Advisory on WebHMI Vulnerabilities
Original release date: December 6, 2021 CISA has released an Industrial Controls Systems (ICS) advisory detailing vulnerabilities in Distributed Data Systems WebHMI products. A remote attacker could exploit these vulnerabilities to take control of an affected system. CISA encourages users and administrators to review ICS advisory ICSA-21-336-03 Distributed Data Systems WebHMI for more information and apply… Read more
-
Vulnerability Summary for the Week of November 29, 2021
Original release date: December 6, 2021 High Vulnerabilities Primary Vendor — Product Description Published CVSS Score Source & Patch Info abb — rtu500_firmware Improper Input Validation vulnerability in the APDU parser in the Bidirectional Communication Interface (BCI) IEC 60870-5-104 function of Hitachi Energy RTU500 series allows an attacker to cause the receiving RTU500 CMU… Read more
-
Pegasus Spyware Infects U.S. State Department iPhones
It’s unknown who’s behind the cyberattacks against at least nine employees’ iPhones, who are all involved in Ugandan diplomacy. Read more