Morgan Stanley confirms breach of customer SSNs via an exploit of vendor’s Accellion FTA vulnerability
Morgan Stanley has confirmed a data breach of some customer SSNs and other personal data via one if its vendor's vulnerable Accellion FTA systems.
Microsoft patches PrintNightmare vulnerability
Microsoft has patched PrintNightmare, a severe remote code execution (RCE) vulnerability that affects the Windows Print Spooler service under active attacks in the wild.
PrintNightmare: Windows Print Spooler service RCE vulnerability exploit code
Researchers have posted Proof of Concept (PoC) code dubbed PrintNightmare used to exploit a Windows Print Spooler service remote code execution (RCE) vulnerability CVE-2021-1675.
Cisco warns of active exploits against Cisco ASA XSS vulnerability (CVE-2020-3580)
Cisco issued issued an updated advisory warning of active exploits in the wild against a Cisco security appliance XSS vulnerability CVE-2020-3580. Proof of concept (PoC) exploit code has also been released to the public.
Chain of BIOSConnect vulnerabilities impact millions of Dell devices
Security researchers have discovered a chain of Dell Client BIOS (BIOSConnect feature) vulnerabilities that impact 129 Dell models and millions of Dell devices worldwide.
Attackers could have taken over an Atlassian account via one-click exploit
Cybersecurity researchers have discovered a series of chained Atlassian vulnerabilities that could have allowed an attacker to take over an Atlassian account connected via SSO and control Atlassian applications.
VMware patches Critical Carbon Black AppC authentication bypass vulnerability (CVE-2021-21998)
VMware has patched a Critical authentication vulnerability CVE-2021-21998 in VMware Carbon Black App Control (AppC). The tech giant also issued a security advisory for a High risk vulnerability in VMware Tools, VMware Remote Console for Windows (VMRC) and VMware App Volumes products.
Threat actors breach South Korean atomic research institute via VPN vulnerability
Threat actors from suspected North Korea APT group Kimsuky breached a South Korean atomic research institute via a VPN vulnerability.
Google fixes Chrome zero-day (CVE-2021-30554) exploited in the wild
Google has released Chrome 91 security update 91.0.4472.114 for Windows, Mac and Linux with fixes for multiple High severity vulnerabilities, one of those a zero-day vulnerability CVE-2021-30554 exploited in the wild.
SDK supply chain vulnerability exposes security cameras to hacking
A vulnerability in ThroughTek’s Kalay Platform software development hit (SDK) has exposed many security cameras used by original equipment manufacturers (OEMs) of consumer-grade security cameras and IoT devices.