Veeam ONE for IT monitoring contains critical vulnerabilities
Three patches should address four vulnerabilities in Veaam ONE. Two of the vulnerabilities Veeam itself marks as critical.
Two vulnerabilities in Veeam ONE receive about the maximum CVSS score from Veeam. Abuse of one vulnerability enables hackers to perform remote code execution and the other ... Read more
CVSS 4.0 vulnerability scoring system incorporates OT, ICS and IoT
The global vulnerability scoring system is getting a new version after eight years. CVSS 4.0 includes a focus on the cybersecurity of OT, ICS and IoT.
CVSS 4.0 has been officially released by the Forum of Incident Response and Security Teams (FIRST). The scoring system is mostly known under the... Read more
Microsoft closes vulnerabilities in WordPad and Skype for Business
With the new Patch Tuesday, Microsoft is addressing 103 vulnerabilities in its products.
Of the 103 vulnerabilities that have been patched, Microsoft says three are classed as very critical. These vulnerabilities are reportedly already being actively exploited by hackers.
First and foremost i... Read more
Hackers continue to target Citrix NetScaler vulnerability on a massive scale
The CVE-2023-3519 vulnerability in Citrix NetScaler gateways discovered in September is currently being exploited by hackers on a massive scale.
So say researchers at IBM X-Force. Currently, around 600 unique IP addresses are said to have been detected, indicating that hackers are taking advant... Read more
Atlassian patches highly critical zero-day in Confluence software
Atlassian recently released some emergency patches for a highly critical zero-day vulnerability in its Confluence DataCenter and Server software. Hackers have already exploited the vulnerability.
According to Atlassian, this zero-day vulnerability is part of Confluence DataCenter and Server inst... Read more
Hackers can take over Supermicro’s BMCs
Seven vulnerabilities have been found in Supermicro's baseboard management controllers (BMCs). Hackers can exploit these to gain complete control. Although the patches have been released, the vulnerabilities may persist for a long time because these will not be forced through.
According to Supe... Read more
Cisco routers vulnerable due to replacing firmware with backdoor version
The U.S. government is warning about the China-affiliated Blacktech hacker gang replacing firmware in edge devices with its own backdoor version. Cisco routers in particular are vulnerable.
The U.S. NSA, FBI, regulator CISA and Japanese police are warning about the activities of the Blacktech ha... Read more
Researchers denounce Apple and Google for improperly classifying zero-days
Recently, both Apple and Google patched zero-day vulnerabilities in their software. What was not clear from their disclosures, however, was that both were caused by the exact same bug in the WebP image format. Researchers at Rezilion argue that the tech companies' brevity surrounding these vulnerab... Read more
Microsoft discovers vulnerabilities in ‘ncurses’ programming library
Security specialists at Microsoft recently discovered several vulnerabilities in the popular 'ncurses' library. Through these vulnerabilities, attackers can run malicious code in macOS, Linux and FreeBSD applications. A patch is available.
The widely used programming library 'ncurses' provides A... Read more
Latest Microsoft Patch Tuesday fixes two actively abused exploits
The latest Microsoft Patch Tuesday provides fixes for two active exploits and five other security vulnerabilities. A total of 59 fixes for various Microsoft products have been implemented.
The most recent Patch Tuesday for September 2023 addressed two actively abused exploits, according to Micro... Read more