Tag Archives: vulnerabilities

Critical takeover vulnerabilities in 92,000 D-Link devices under active exploitation

Getty Images reader comments 23 Hackers are actively exploiting a pair of recently discovered vulnerabilities to remotely commandeer network-attached storage devices manufactured by D-Link, researchers said Monday. Roughly 92,000 devices are vulnerable to the remote takeover exploits, which can be remotely transmitted by sending malicious commands through simple HTTP traffic. The vulnerability came to light… Read More »

VMware sandbox escape bugs are so critical, patches are released for end-of-life products

Getty Images reader comments 11 VMware is urging customers to patch critical vulnerabilities that make it possible for hackers to break out of sandbox and hypervisor protections in all versions, including out-of-support ones, of VMware ESXi, Workstation, Fusion, and Cloud Foundation products. A constellation of four vulnerabilities—two carrying severity ratings of 9.3 out of a… Read More »

Critical vulnerability affecting most Linux distros allows for bootkits

reader comments 10 Linux developers are in the process of patching a high-severity vulnerability that, in certain cases, allows the installation of malware that runs at the firmware level, giving infections access to the deepest parts of a device where they’re hard to detect or remove. The vulnerability resides in shim, which in the context… Read More »

As if two Ivanti vulnerabilities under exploit weren’t bad enough, now there are 3

reader comments 12 Mass exploitation began over the weekend for yet another critical vulnerability in widely used VPN software sold by Ivanti, as hackers already targeting two previous vulnerabilities diversified, researchers said Monday. The new vulnerability, tracked as CVE-2024-21893, is what’s known as a server-side request forgery. Ivanti disclosed it on January 22, along with… Read More »

New UEFI vulnerabilities send firmware devs industry wide scrambling

Nadezhda Kozhedub reader comments 56 UEFI firmware from five of the leading suppliers contains vulnerabilities that allow attackers with a toehold in a user’s network to infect connected devices with malware that runs at the firmware level. The vulnerabilities, which collectively have been dubbed PixieFail by the researchers who discovered them, pose a threat mostly… Read More »

ownCloud vulnerability with maximum 10 severity score comes under “mass” exploitation

Getty Images reader comments 33 with Security researchers are tracking what they say is the “mass exploitation” of a security vulnerability that makes it possible to take full control of servers running ownCloud, a widely used open-source filesharing server app. The vulnerability, which carries the maximum severity rating of 10, makes it possible to obtain… Read More »

Critical vulnerability in Atlassian Confluence server is under “mass exploitation”

reader comments 17 with A critical vulnerability in Atlassian’s Confluence enterprise server app that allows for malicious commands and reset servers is under active exploitation by threat actors in attacks that install ransomware, researchers said. “Widespread exploitation of the CVE-2023-22518 authentication bypass vulnerability in Atlassian Confluence Server has begun, posing a risk of significant data… Read More »

The latest high-severity Citrix vulnerability under attack isn’t easy to fix

Getty Images reader comments 7 with A critical vulnerability that hackers have exploited since August, which allows them to bypass multifactor authentication in Citrix networking hardware, has received a patch from the manufacturer. Unfortunately, applying it isn’t enough to protect affected systems. The vulnerability, tracked as CVE-2023-4966 and carrying a severity rating of 9.8 out… Read More »

Thousands of WordPress sites have been hacked through tagDiv plugin vulnerability

reader comments 16 with Thousands of sites running the WordPress content management system have been hacked by a prolific threat actor that exploited a recently patched vulnerability in a widely used plugin. The vulnerable plugin, known as tagDiv Composer, is a mandatory requirement for using two WordPress themes: Newspaper and Newsmag. The themes are available… Read More »

Vulnerabilities in Supermicro BMCs could allow for unkillable server rootkits

Getty Images reader comments 32 with If your organization uses servers that are equipped with baseboard management controllers from Supermicro, it may be time, once again, to patch seven high-severity vulnerabilities that attackers could exploit to gain control of them. And sorry, but the fixes must be installed manually. Typically abbreviated as BMCs, baseboard management… Read More »