Vulnerabilities
Vulnerabilities | News, how-tos, features, reviews, and videos
Unpatched old vulnerabilities continue to be exploited: Report
The top five exploited vulnerabilities in 2022 include several high-severity flaws in Microsoft Exchange, Zoho ManageEngine products, and virtual private network solutions from Fortinet, Citrix and Pulse Secure.
Researchers show techniques for malware persistence on F5 and Citrix load balancers
Tests show that deploying malware in a persistent manner on load balancer firmware is within reach of less sophisticated attackers.
New speculative execution attack Retbleed impacts Intel and AMD CPUs
Unlike other speculative execution attacks like Spectre, Retbleed exploits return instructions rather than indirect jumps or calls.
Cisco reports vulnerabilities in products including email and web manager
New vulnerabilities found in Cisco internal testing allow remote access and scripting that could lead to the loss of sensitive user data.
Microsoft security vulnerabilities drop after five-year rise
While elevated privilege attacks remain a critical security concern when using Microsoft products, a new report says that the raw number of vulnerabilities is dropping.
CISA issues emergency warning over two new VMware vulnerabilities
The U.S. Cybersecurity and Infrastructure Agency issues emergency security directive over VMware vulnerabilities CVE-2022-22972 and CVE-2022-22973, which threat actors are likely to exploit.
TLS implementation flaws open Aruba and Avaya network switches to RCE attacks
The network switch vulnerabilities are considered critical and could allow attackers to break network segmentation, exfiltrate data, and escape captive portals.
CISA warns of attacks against internet-connected UPS devices
Threat actors have targeted power supplies whose control interfaces are connected to the internet, and CISA says that they should be disconnected immediately.
New attack bypasses hardware defenses for Spectre flaw in Intel and ARM CPUs
Though not as easy to exploit, this proof of concept shows that some Intel and ARM processors are still vulnerable to side-channel attacks.
Critical flaws in APC uninterruptible power supplies poses risks to mission-critical devices
Attackers can exploit cloud-connected APC Smart-UPS units to take control of the devices they protect.
Critical flaws in remote management agent impacts thousands of medical devices
The Axeda platform, used by hundreds of IoT devices, has seven vulnerabilities, three of which allow for remote code execution.
Access broker found exploiting Log4j vulnerability in VMware
The Prophet Spider gang uses the Log4Shell vulnerability to target the Tomcat service in unpatched VMware Horizon systems.