A severe flaw has been found in Linux Systemd
Systemd, the Linux system and service manager, has become more prevalent than init as a Linux startup and control program. However, it has always faced criticism from some quarters. Now, after the discovery of a security bug in systemd by Qualys, systemd will have even more critics.
How bad is t...
Kaseya’s former employees claim company ignored flaws
Kaseya may be in hot water, as the fallout of the REvil attack reveals new information about the events leading up to the breach. Former employees have come forward claiming that the company knew of the flaws as early as 2017 but took no action.
The claim was made by five former employees, to Bl...
Coursera’s newly discovered flaws may have exposed private user data
It is emerging that online education provider Coursera may have exposed user data. The revelation comes after researchers at Checkmarx, an application security testing company, found vulnerabilities in Coursera's platform.
The flaws were publicized on Thursday and relate to a range of Coursera...
Cisco HyperFlex web interface has critical vulnerabilities
Cisco has revealed that there are some critical bugs in its HyperFlex hyperconverged infrastructure product. CVE-2021-1497 affects the HyperFlex HX Installer Virtual Machine and means a remote hacker could perform a command injection attack.
The attack would be targeted to hit a web management c...
VMware’s cost management tool has a vulnerable ‘unauthorized API’
VMWare has admitted that vRealize Business for Cloud includes an "unauthorized VAMPI API' that is vulnerable to hackers looking for remote code execution capabilities on the virtual appliance. The security flaw is critical and scored 9.8 on the ten-point Common Vulnerability Scoring System.
VAMI...
Spectre is back with new AMD and Intel vulnerabilities discovered
The chip vulnerability named Spectre which was first discovered in 2018 is back again. Researchers have found variants of Spectre that affect all modern x86 processors from AMD and Intel.
Researchers from the University of Virginia, and the University of California at San Diego, detailed the thr...
Chrome 90 is here with seven vulnerabilities patched
Google has finally released Chrome version 90.0.4430.85 for Windows, Mac, and Linux. The release comes with seven security fixes. One of them is a zero-day vulnerability, which was exploited in the wild. The zero-day was assigned the identifier CVE-2021-21224.
Chrome’s technical program manage...
Hackers breached Pulse Secure VPN of companies and government agencies
Suspected Chinese state-sponsored hackers exploited vulnerabilities in Pulse Secure LLC virtual private network appliances, breaching multiple U.S. government agencies.
The attacks were confirmed by FireEye, Pulse Secure itself and the U.S. Department of Homeland Security’s Cybersecurity and ...
Microsoft closes multiple zero-days in Patch Tuesday
Microsoft has released its monthly series of security updates for its software. During this round of patches, more than one hundred vulnerabilities will be closed, five of which are labelled as zero-days.
Bleeping Computer has posted an overview of all the vulnerabilities on its website. Five of...
New vulnerabilities potentially expose millions of IoT devices
Millions of IoT (Internet of Things) devices have security vulnerabilities that could allow cybercriminals to knock devices offline or control them remotely. The problem with this is that it opens the door to gain wider access to bigger networks.
Nine major vulnerabilities are affecting four TCP...
SAP: attackers only need 72 hours to turn patch into exploit
SAP warns its users to be quick about installing security patches. The company claims that attackers are able to reverse-engineer the patches at lightning speed, with the result that unpatched systems are extra vulnerable.
This is the conclusion of a report drawn up by SAP together with security...
FBI: Fortinet FortiOS vulnerabilities are actively exploited
US agencies warn that advanced persistent threat groups are exploiting Fortinet FortiOS vulnerabilities to compromise government and commercial organizations that use it. Last week, the FBI and the US Cybersecurity Infrastructure Security Agency (CISA) warned in a PDF that cybercriminals are scanni...