Vulnerabilities
-
CISA and Microsoft Alert on High-Severity Vulnerability in Exchange Servers
Federal agencies are alerted to a significant vulnerability in Microsoft Exchange servers. An emergency directive from CISA requires immediate actions to mitigate risks following insights revealed at the Black Hat conference, highlighting the potential for exploitation by attackers.
-
Discovery of Malicious Go Packages Exposes Supply Chain Vulnerabilities
Recent cybersecurity research highlights a critical vulnerability in the Go programming ecosystem with the discovery of 11 malicious packages designed for covert data exfiltration on Windows and Linux systems. The malware exploits the decentralized nature of Go modules, undermining developer confidence.
-
SonicWall Addresses Surge in SSL VPN Activity Linked to Patched Vulnerability
SonicWall has confirmed that recent SSL VPN activity is linked to an older, patched vulnerability and password reuse, urging users to update firmware and reset passwords to enhance security against ongoing attacks.
-
Air France-KLM Reports Data Breach Affecting Customer Information
Air France and KLM warn of a data breach affecting customer information, while reassuring that financial data remains secure, amid rising cybersecurity threats in the aviation industry.
-
Critical Amazon ECS Vulnerability Exposed: Researchers Present ECScape Attack Method
A critical vulnerability in Amazon Elastic Container Service (ECS) has been discovered, enabling attackers to exploit an ‘end-to-end privilege escalation chain.’ Dubbed ECScape by researchers, the attack could allow malicious containers to gain higher privileges and access sensitive data within cloud environments.
-
Google Confirms Data Breach Linked to Ongoing Salesforce Attacks
Google has confirmed that it suffered a data breach linked to the ShinyHunters extortion group, amidst an ongoing series of Salesforce data theft attacks that have implicated multiple high-profile companies.
-
CISA Adds D-Link Wi-Fi Camera Vulnerabilities to Known Exploited Catalog Amid Active Threats
CISA has added three vulnerabilities affecting D-Link Wi-Fi cameras and video recorders to its KEV catalog amid warnings of active exploitation. Users are urged to take action as fixes for some issues have already been released.
-
Adobe Issues Critical Updates to Address Zero-Day Vulnerabilities in AEM Forms
Adobe has released emergency updates to address critical zero-day vulnerabilities in AEM Forms after researchers revealed proof-of-concept exploit chains that could lead to remote code execution.
-
Serious Security Vulnerabilities Found in Over 100 Dell Laptop Models
Cisco has identified serious vulnerabilities in over 100 Dell laptop models, impacting millions of devices worldwide. These flaws, which can allow attackers to control devices and access sensitive data, necessitate immediate firmware updates from affected users.
-
Google Addresses Critical Vulnerabilities in Android with August Security Updates
Google has released crucial security updates for Android, addressing multiple vulnerabilities linked to Qualcomm chipsets, including serious flaws that have been flagged as actively exploited.
