VMware has published security fixes for its Workstation, Fusion, and ESXi products to address a heap-overflow vulnerability identified as CVE-2021-22045.
The Apache Software Foundation has published a new version 2.4.52 of the Apache HTTP Server to fix two vulnerabilities in one of the world's most popular web servers - one of which is rated as high, and the other as critical.
Organizations have been increasingly relying on cloud services from Azure, since Microsoft provides native support. As a result, CSW penetration testers have been researching various attack vectors related to Azure. Read on to find out more about their findings.
Securin Researchers have developed a script to detect the JNDI vulnerability - the well-known LogShell-like vulnerability. Run our simple-to-use script to ensure your projects are free from JNDI injections.
Two Active Directory bugs with vulnerability-chaining capabilities allow attackers to impersonate regular domain users to gain privileges and get access in unpatched Microsoft Windows Active Directory.
An APT group is using CVE-2021-44077 and CVE-2021-44515 in Zoho ManageEngine ServiceDesk Plus and Desktop Central Servers to compromise businesses in a range of industries, including military and technology.
A zero-day vulnerability has been discovered in Palo Alto Networks GlobalProtect VPN that unauthenticated attackers can exploit to execute arbitrary commands on affected devices with root privileges.
Thousands of Azure users and millions of endpoints are impacted by ‘OMIGOD’ zero-days,” was the initial outburst when the open-source vulnerabilities were disclosed. Many Azure customers are unwittingly putting themselves in danger.
On October 4, 2021, Apache announced fixes for a couple of vulnerabilities, including a zero-day flaw that affects Apache HTTP Server version 2.4.49—a widely used open-source, cross-platform web server for Unix and Windows.
The FBI, CISA, and the Cyber Guard (CGCYBERs) warned of a serious vulnerability (CVE-2021-40539) in a single Zoho Signup and Password Management Solution that State Advanced Persistent Threat (APT) actors are actively scanning the internet for vulnerable servers.
A critical security flaw in the Linux kernel went unpatched for 15 years till attackers used it to gain local privilege escalation, escape the Kubernetes pod and obtain root privileges on Linux systems. Read our analysis where we look into the vulnerability’s characteristics and the impact it can have.
Two OpenSSL vulnerabilities, one remote code execution, and a denial-of-service were discovered by network-attached storage device manufacturers, Synology and QNAP. The fear of a ransomware attack leveraging the vulnerabilities still remains high. Here is our analysis of the vulnerabilities.