Getty Images reader comments 7 Networking hardware-maker Zyxel is warning of nearly a dozen vulnerabilities in a wide array of its products. If left unpatched, some of them could enable the complete takeover of the devices, which can be targeted as an initial point of entry into large networks. The most serious vulnerability, tracked as… Read More »
Getty Images reader comments 9 Threat actors carried out zero-day attacks that targeted Windows users with malware for more than a year before Microsoft fixed the vulnerability that made them possible, researchers said Tuesday. The vulnerability, present in both Windows 10 and 11, causes devices to open Internet Explorer, a legacy browser that Microsoft decommissioned… Read More »
Getty Images reader comments 22 Roughly 11 million Internet-exposed servers remain susceptible to a recently discovered vulnerability that allows attackers with a foothold inside affected networks. Once they’re in, attackers compromise the integrity of SSH sessions that form the lynchpin for admins to securely connect to computers inside the cloud and other sensitive environments. Terrapin,… Read More »
Getty Images reader comments 7 with A critical vulnerability that hackers have exploited since August, which allows them to bypass multifactor authentication in Citrix networking hardware, has received a patch from the manufacturer. Unfortunately, applying it isn’t enough to protect affected systems. The vulnerability, tracked as CVE-2023-4966 and carrying a severity rating of 9.8 out… Read More »
reader comments 10 with The summer patch cycle shows no signs of slowing down, with tech giants Apple, Google, and Microsoft releasing multiple updates to fix flaws being used in real-life attacks. July also saw serious bugs squashed by enterprise software firms SAP, Citrix, and Oracle. Here’s everything you need to know about the major… Read More »
Getty Images reader comments 21 with 0 posters participating Share this story An explosion of cyberattacks is infecting servers around the world with crippling ransomware by exploiting a vulnerability that was patched two years ago, it was widely reported on Monday. The hacks exploit a flaw in ESXi, a hypervisor VMware sells to cloud hosts… Read More »
Getty Images reader comments 1 with 1 posters participating Share this story Exploit code was released this week for a just-patched vulnerability in VMware Cloud Foundation and NSX Manager appliances that allows hackers with no authentication to execute malicious code with the highest system privileges. VMware patched the vulnerability, tracked as CVE-2021-39144, on Tuesday and… Read More »
reader comments 2 with 2 posters participating Share this story Google’s Project Zero vulnerability research team detailed critical vulnerabilities Zoom patched last week making that made it possible for hackers to execute zero-click attacks that remotely ran malicious code on devices running the messaging software. Tracked as CVE-2022-22786 and CVE-2022-22784, the vulnerabilities made it possible… Read More »
reader comments 26 with 16 posters participating Share this story Data centers around the world have a new concern to contend with—a remote code vulnerability in a widely used VMware product. The security flaw, which VMware disclosed and patched on Tuesday, resides in the vCenter Server, a tool used for managing virtualization in large data… Read More »
Getty Images reader comments 20 with 17 posters participating Share this story SolarWinds, the previously little-known company whose network-monitoring tool Orion was a primary vector for one of the most serious breaches in US history, has pushed out fixes for three severe vulnerabilities. Martin Rakhmanov, a researcher with Trustwave SpiderLabs, said in a blog post… Read More »