Getty Images reader comments 32 Kremlin-backed hackers have been exploiting a critical Microsoft vulnerability for four years in attacks that targeted a vast array of organizations with a previously undocumented tool, the software maker disclosed Monday. When Microsoft patched the vulnerability in October 2022—at least two years after it came under attack by the Russian ..
Tag : Vulnerabilities
reader comments 22 Highly capable hackers are rooting multiple corporate networks by exploiting a maximum-severity zero-day vulnerability in a firewall product from Palo Alto Networks, researchers said Friday. The vulnerability, which has been under active exploitation for at least two weeks now, allows the hackers with no authentication to execute malicious code with root privileges, ..
Getty Images reader comments 46 Hackers are actively exploiting a pair of recently discovered vulnerabilities to remotely commandeer network-attached storage devices manufactured by D-Link, researchers said Monday. Roughly 92,000 devices are vulnerable to the remote takeover exploits, which can be remotely transmitted by sending malicious commands through simple HTTP traffic. The vulnerability came to light ..
Getty Images reader comments 5 VMware is urging customers to patch critical vulnerabilities that make it possible for hackers to break out of sandbox and hypervisor protections in all versions, including out-of-support ones, of VMware ESXi, Workstation, Fusion, and Cloud Foundation products. A constellation of four vulnerabilities—two carrying severity ratings of 9.3 out of a ..
reader comments 46 Linux developers are in the process of patching a high-severity vulnerability that, in certain cases, allows the installation of malware that runs at the firmware level, giving infections access to the deepest parts of a device where they’re hard to detect or remove. The vulnerability resides in shim, which in the context ..
Threat actors have started exploiting a critical information disclosure vulnerability in the open source file-sharing and collaboration software ownCloud only days after its public disclosure. The vulnerability, tracked as CVE-2023-49103, impacts the Graphapi app, allowing attackers to retrieve sensitive environment variables, including credentials, license keys, and other system information. Impacting Graphapi versions 0.2.0 to 0.3.0, ..
Open-source file-sharing and collaboration software ownCloud is plagued by critical vulnerabilities that could lead to the exposure of credentials and other sensitive information and to authentication and validation bypass. The most serious issue, which carries a CVSS score of 10/10, impacts the graphapi app, which uses a third-party library providing a URL that, when accessed, ..
Microsoft announced on Tuesday that it is willing to pay up to $20,000 for vulnerabilities reported as part of a new bug bounty program for Defender products. The new Microsoft Defender Bounty Program kicks off with Defender for Endpoint APIs, but the tech giant says other products in the Defender brand will be added in ..
Australian and US governmental agencies and Citrix this week issued fresh warnings on the exploitation of a critical NetScaler product vulnerability. Tracked as CVE-2023-4966 (CVSS score of 9.4) and referred to as CitrixBleed, the unauthenticated bug leads to information disclosure. It impacts Netscaler ADC and Gateway appliances that are configured as a gateway or an ..
Microsoft on Monday announced that it has paid out $63 million in rewards to the security researchers participating in its bug bounty programs. The tech giant launched its first bug bounty programs in 2013, when it was accepting reports of exploitation techniques in Windows 8.1 and flaws in the preview version of Internet Explorer 11. ..