June 2021

Cisco warns of active exploits against Cisco ASA XSS vulnerability (CVE-2020-3580)

Cisco issued an updated advisory warning of active exploits in the wild against a Cisco security appliance XSS vulnerability CVE-2020-3580. Proof of concept (PoC) exploit code has also been released to the public.

Cisco warns of active exploits against Cisco ASA XSS vulnerability (CVE-2020-3580) Read More »

Chain of BIOSConnect vulnerabilities impact millions of Dell devices

Security researchers have discovered a chain of Dell Client BIOS (BIOSConnect feature) vulnerabilities that impact 129 Dell models and millions of Dell devices worldwide.

Chain of BIOSConnect vulnerabilities impact millions of Dell devices Read More »

Attackers could have taken over an Atlassian account via one-click exploit

Cybersecurity researchers have discovered a series of chained Atlassian vulnerabilities that could have allowed an attacker to take over an Atlassian account connected via SSO and control Atlassian applications.

Attackers could have taken over an Atlassian account via one-click exploit Read More »

VMware patches Critical Carbon Black AppC authentication bypass vulnerability (CVE-2021-21998)

VMware has patched a Critical authentication vulnerability CVE-2021-21998 in VMware Carbon Black App Control (AppC). The tech giant also issued a security advisory for a High risk vulnerability in VMware Tools, VMware Remote Console for Windows (VMRC) and VMware App Volumes products.

VMware patches Critical Carbon Black AppC authentication bypass vulnerability (CVE-2021-21998) Read More »

Google fixes Chrome zero-day (CVE-2021-30554) exploited in the wild

Google has released Chrome 91 security update 91.0.4472.114 for Windows, Mac and Linux with fixes for multiple High severity vulnerabilities, one of those a zero-day vulnerability CVE-2021-30554 exploited in the wild.

Google fixes Chrome zero-day (CVE-2021-30554) exploited in the wild Read More »

SDK supply chain vulnerability exposes security cameras to hacking

A vulnerability in ThroughTek’s Kalay Platform software development hit (SDK) has exposed many security cameras used by original equipment manufacturers (OEMs) of consumer-grade security cameras and IoT devices.

SDK supply chain vulnerability exposes security cameras to hacking Read More »

Thousands of unpatched VMware vCenter servers exposed on the internet

Security researchers have spotted thousands of vulnerable unpatched VMware vCenter servers exposed on the internet. Multiple proof-of-concepts (PoCs) have also been posted online for exploits against a remote code execution (RCE) vulnerability CVE-2021-21985.

Thousands of unpatched VMware vCenter servers exposed on the internet Read More »