Collaborate Disseminate
A day after the August 2021 Patch Tuesday, Microsoft has released an out-of-band security advisory acknowledging the existence of yet another Print Spooler vulnerability (CVE-2021-36958). Its discovery has been attributed to Victor Mata of FusionX, Acc… Continue reading Microsoft confirms another Windows Print Spooler bug, offers workaround (CVE-2021-36958)
A vulnerability (CVE-2021-33909) in the Linux kernel’s filesystem layer that may allow local, unprivileged attackers to gain root privileges on a vulnerable host has been unearthed by researchers. “Qualys security researchers have been able to in… Continue reading Researchers flag 7-years-old privilege escalation flaw in Linux kernel (CVE-2021-33909)
Security researchers have unearthed new elevation of privilege (EoP) bugs in Windows Print Spooler, one of the oldest Windows components. Scarce details have been shared about the first one (CVE-2021-34481), aside from the note that it “exists wh… Continue reading There are new unpatched bugs in Windows Print Spooler
CVE-2021-1675, a Windows Print Spooler vulnerability that Microsoft patched in June 2021, presents a much greater danger than initially thought: researchers have proved that it can be exploited to achieve remote code execution and – what’s … Continue reading PoC for critical Windows Print Spooler flaw leaked (CVE-2021-1675)
Attackers and bug hunters are leveraging an exploit for CVE-2020-3580 to compromise vulnerable security devices running Cisco ASA or FTD software. Active attacks apparently started after Positive Technologies researchers shared proof-of-concept (PoC) e… Continue reading Cisco security devices targeted with CVE-2020-3580 PoC exploit
In the wake of the Microsoft Exchange ProxyLogon zero-day and F5 BIG-IP security exploits earlier this year, many are questioning if and when should researchers publish proof of concepts for vulnerabilities and associated patches. Hafnium hackers were … Continue reading Is it OK to publish PoC exploits for vulnerabilities and patches?
There’s nothing quite like an actual proof-of-concept to make everyone listen. I was pleased by the PoC released by Google security engineers Stephen Röttger and Artur Janc earlier this month – in a nutshell, they showed how the Spectre vulnerabi… Continue reading Using memory encryption in web applications to help reduce the risk of Spectre attacks
Microsoft Exchange servers around the world are still getting compromised via the ProxyLogon (CVE-2021-26855) and three other vulnerabilities patched by Microsoft in early March. While the initial attacks were attributed by Microsoft to a threat actor … Continue reading As attacks on Exchange servers escalate, Microsoft investigates potential PoC exploit leak
The day after VMware released fixes for a critical RCE flaw (CVE-2021-21972) found in a default vCenter Server plugin, opportunistic attackers began searching for publicly accessible vulnerable systems. We’ve detected mass scanning activity targeting vulnerable VMware vCenter servers (https://t.co/t3Gv2ZgTdt). Query our API for “tags=CVE-2021-21972” for relevant indicators and source IP addresses. #threatintel https://t.co/AcSZ40U5Gp — Bad Packets (@bad_packets) February 24, 2021 “In our opinion, the RCE vulnerability in the vCenter Server can pose no less a … More
The post Attackers are looking to exploit critical VMware vCenter Server RCE flaw, patch ASAP! appeared first on Help Net Security.
Light-equipped bike helmets are now fairly common, but most of them still have to be plugged into a charger, and manually turned on and off as needed. The just-announced Omne Eternal, however, lets ambient light do all the work.Continue ReadingCategory… Continue reading Tail-light-packin’ helmet is powered and activated by ambient light