vulnerability
Cacti servers under attack by attackers exploiting CVE-2022-46169
If you’re running the Cacti network monitoring solution and you haven’t updated it since early December, now is the time to do it to foil attackers exploiting a …
Vulnerabilities in cryptographic libraries found through modern fuzzing
Recently patched vulnerabilities in MatrixSSL and wolfSSL, two open-source TLS/SSL implementations / libraries for embedded environments, have emphasized the great potential …
FortiOS flaw was exploited to compromise governmental targets (CVE-2022-42475)
A critical vulnerability in FortiOS SSL-VPN (CVE-2022-42475) that Fortinet has issued patches for in November 2022 has been exploited by attackers to compromise governmental …
Critical vulnerabilities in Siemens PLC devices could allow bypass of protected boot features (CVE-2022-38773)
Red Balloon Security disclosed multiple, critical architectural vulnerabilities in the Siemens SIMATIC and SIPLUS S7-1500 Series PLC that allow for bypass of all protected …
Cisco won’t fix router flaws even though PoC exploit is available (CVE-2023-20025, CVE-2023-20026)
Cisco has acknowledged one critical (CVE-2023-20025) and two medium-severity (CVE-2023-20026, CVE-2023-20045) vulnerabilities affecting some of its Small Business series of …
Crypto audit of Threema revealed many vulnerabilities
Researchers have discovered cryptographic vulnerabilities in Swiss-based secure messaging application Threema that may have allowed attackers to do things like break …
Open source vulnerabilities add to security debt
The number of open source vulnerabilities that Mend identified and added to its vulnerability database in the first nine months of 2022 was 33 percent greater than the first …
State-sponsored attackers actively exploiting RCE in Citrix devices, patch ASAP! (CVE-2022-27518)
An unauthenticated remote code execution flaw (CVE-2022-27518) is being leveraged by a Chinese state-sponsored group to compromise Citrix Application Delivery Controller (ADC) …
Critical FortiOS pre-auth RCE vulnerability exploited by attackers (CVE-2022-42475)
A critical RCE vulnerability (CVE-2022-42475) in Fortinet’s operating system, FortiOS, is being exploited by attackers, reportedly by a ransomware group. “Fortinet …
24% of technology applications contain high-risk security flaws
With, arguably, a higher proportion of applications to contend with than other industries, tech firms would benefit from implementing improved secure coding training and …
Vulnerability with public PoC affects Cisco IP phones, fix unavailable (CVE-2022-20968)
A high-risk stack overflow vulnerability (CVE-2022-20968) may allow attackers to DoS or possibly even execute code remotely on Cisco 7800 and 8800 Series IP phones, the …
Research reveals where 95% of open source vulnerabilities lie
New research from Endor Labs offers a view into the rampant but often unmonitored use of existing open-source software in application development and the dangers arising from …