Morgan Stanley confirms breach of customer SSNs via an exploit of vendor’s Accellion FTA vulnerability

Morgan Stanley has confirmed a data breach of some customer SSNs and other personal data via one if its vendor's vulnerable Accellion FTA systems.

Continue ReadingMorgan Stanley confirms breach of customer SSNs via an exploit of vendor’s Accellion FTA vulnerability

Cisco warns of active exploits against Cisco ASA XSS vulnerability (CVE-2020-3580)

Cisco issued issued an updated advisory warning of active exploits in the wild against a Cisco security appliance XSS vulnerability CVE-2020-3580. Proof of concept (PoC) exploit code has also been released to the public.

Continue ReadingCisco warns of active exploits against Cisco ASA XSS vulnerability (CVE-2020-3580)

Attackers could have taken over an Atlassian account via one-click exploit

Cybersecurity researchers have discovered a series of chained Atlassian vulnerabilities that could have allowed an attacker to take over an Atlassian account connected via SSO and control Atlassian applications.

Continue ReadingAttackers could have taken over an Atlassian account via one-click exploit

VMware patches Critical Carbon Black AppC authentication bypass vulnerability (CVE-2021-21998)

VMware has patched a Critical authentication vulnerability CVE-2021-21998 in VMware Carbon Black App Control (AppC). The tech giant also issued a security advisory for a High risk vulnerability in VMware Tools, VMware Remote Console for Windows (VMRC) and VMware App Volumes products.

Continue ReadingVMware patches Critical Carbon Black AppC authentication bypass vulnerability (CVE-2021-21998)

Google fixes Chrome zero-day (CVE-2021-30554) exploited in the wild

Google has released Chrome 91 security update 91.0.4472.114 for Windows, Mac and Linux with fixes for multiple High severity vulnerabilities, one of those a zero-day vulnerability CVE-2021-30554 exploited in the wild.

Continue ReadingGoogle fixes Chrome zero-day (CVE-2021-30554) exploited in the wild