On Friday, the U.S. Cybersecurity and Infrastructure Security Agency (CISA), citing indications of ongoing exploitation, added a previously disclosed significant vulnerability affecting Atlassian’s Bitbucket…
Vulnerabilities
There are two fresh zero-days for Exchange Server
As it looks at (yep, more) reported vulnerabilities in Microsoft Exchange Server that affect the software’s 2013, 2016, and 2019 editions, Microsoft has released…
SolarMarker Attack Uses Vulnerable WordPress Sites and False Chrome Updates
As part of a novel strategy in its watering-hole attacks, the SolarMarker attack organization is encouraging victims to download phoney Chrome browser updates by…
A new 0-day RCE vulnerability on Microsoft Exchange Server was used in a new attack campaign.
While providing security monitoring and incident response services around the beginning of August 2022, the GTSC SOC team learned that a vital infrastructure was…
Critical WhatsApp bugs might have enabled remote device hacking by attackers.
Two WhatsApp bugs for Android and iOS that might allow remote code execution on weak devices have been fixed with security updates. One of…
Java template framework Pebble vulnerable to command injection
The problem still has to be fixed, although there are solutions available. Pebble, a Java templating engine, had a weakness that might let attackers…
Critical Vulnerability in Oracle Cloud Infrastructure Revealed by Researchers
A new, serious Oracle Cloud Infrastructure (OCI) vulnerability has been revealed that users could utilize to get access to the virtual discs of other…
350k open-source repositories still include the 2007 tarfile path traversal problem.
A warning was chosen preferable to a patch and added to the Python documentation. Security experts estimate that a 15-year-old path traversal vulnerability in…
Aircraft WiFi Devices Found to Have Vulnerabilities, Exposing Passengers’ Data
In wireless LAN equipment that is supposedly used to provide internet connectivity in flights, two serious aircraft wifi devices vulnerabilities were discovered. The Flexlan…
There have been reported new vulnerabilities in Baxter’s internet-connected infusion pumps
Baxter’s internet-connected infusion pumps utilized in clinical settings by healthcare providers to administer medication to patients, have been found to contain a number of…