Vulnerabilities & Exploits Archives - Page 37 of 106

Malicious PyPI software packages found stealing payment card numbers and injecting code

Application Security, Malware, Vulnerabilities & Exploits / Frank Crast / August 5, 2021 / JFrog, noblesse, PyPl, Python, SDLC, ShadowHammer, Supply Chain

Security researchers have discovered malicious software packages from Python’s official third party software package repository PyPl stealing payment card numbers and injecting code.

Malicious PyPI software packages found stealing payment card numbers and injecting code Read More »

Apple fixes watchOS vulnerability (CVE-2021-30807) exploited in the wild

Security Updates & Patches, Vulnerabilities & Exploits, Zero-days / Frank Crast / August 4, 2021 / Apple, CVE-2021-30807, watchOS

Apple has fixed a zero-day vulnerability CVE-2021-30807 in Apple watchOS 7.6.1 that is under active attack.

Apple fixes watchOS vulnerability (CVE-2021-30807) exploited in the wild Read More »

Google releases Chrome security update (92.0.4515.131) with fixes for 10 vulnerabilities

Security Updates & Patches, Vulnerabilities & Exploits / Frank Crast / August 2, 2021 / Chrome, Chrome 92, CVE-2021-30590, CVE-2021-30591, CVE-2021-30592, CVE-2021-30593, CVE-2021-30594

Google has released Chrome 92 security update (92.0.4515.131) for Windows, Mac and Linux with fixes for 10 vulnerabilities, 5 rated High severity.

Google releases Chrome security update (92.0.4515.131) with fixes for 10 vulnerabilities Read More »

NSA releases guidance on securing wireless devices in public settings

Cybersecurity Attacks, Endpoint Security, Guidelines, System Hardening, Vulnerabilities & Exploits, Wi-Fi Security / Frank Crast / August 2, 2021 / BlueBorne, Bluebugging, Bluejacking, Bluesnarfing, bluetooth, LLMNR, MFA, NFC, NIST, NSA, SP 800-121, Wi-Fi, Wireless

The National Security Agency (NSA) has released guidance on securing wireless devices in public settings for government national defense entities and the general public. The new 8-page guidance infosheet summarizes ways bad actors target wireless devices as well as good safeguards to protect against such cyberattacks. The NSA warns that although connecting to public Wi-Fi

NSA releases guidance on securing wireless devices in public settings Read More »

Top 30 most commonly exploited vulnerabilities over 2020 and 2021

Cybersecurity Attacks, Vulnerabilities & Exploits / Frank Crast / July 29, 2021 / Atlassian, BIG-IP, Citrix, CVE 2018-13379, CVE 2019-11510, CVE 2019-18935, CVE 2020-15505, CVE 2020-5902, CVE-2017-11882, CVE-2018-13379, CVE-2018-7600, CVE-2019-0604, CVE-2019-11580, CVE-2019-19781, CVE-2019-5591, CVE-2020-0787, CVE-2020-12812, CVE-2020-1472, CVE-2021-21985, CVE-2021-22894, CVE-2021-22899, CVE-2021-27101, CVE-2021-27102, CVE-2021-27103, CVE-2021-27104, Drupal, F5, Fortinet, MobileIron, Netlogon, Office, Pulse, Zerologon

Cybersecurity experts from Australia, U.K., and U.S. governments have released a list of the most commonly exploited vulnerabilities over 2020 and 2021.

Top 30 most commonly exploited vulnerabilities over 2020 and 2021 Read More »

Microsoft issues guidance on mitigating PetitPotam NTLM relay attacks

Cybersecurity Attacks, Security Updates & Patches, Vulnerabilities & Exploits / Frank Crast / July 28, 2021 / AD SC, Certificate Authority, Domain Controller, EPA, IIS, NTLM, PetitPotam, Relay Attack, SMB, Windows

Microsoft has issued guidance on mitigating PetitPotam NTLM relay attacks against Windows domain controllers or other Windows servers.

Microsoft issues guidance on mitigating PetitPotam NTLM relay attacks Read More »

Apple fixes zero-day vulnerability (CVE-2021-30807) in macOS Big Sur and iOS

Security Updates & Patches, Vulnerabilities & Exploits, Zero-days / Frank Crast / July 27, 2021 / Apple, Big Sur, BigSur115, CVE-2021-30807, iOS, iOS147, macOS

Apple has fixed a zero-day vulnerability CVE-2021-30807 in macOS Big Sur and iOS versions that is under active attack.

Apple fixes zero-day vulnerability (CVE-2021-30807) in macOS Big Sur and iOS Read More »

Microsoft issues workaround for zero-day ‘SeriousSAM’ vulnerability

Security Updates & Patches, Vulnerabilities & Exploits, Zero-days / Frank Crast / July 26, 2021 / ACL, CVE-2021–36934, GitHub, HiveNightmare, SAM, SeriousSAM

Microsoft has issued a workaround for a serious zero-day vulnerability CVE-2021–36934 dubbed “SeriousSAM” that could allow an attacker to read any registry hives as a non-administrator.

Microsoft issues workaround for zero-day ‘SeriousSAM’ vulnerability Read More »

Adobe fixes vulnerabilities in multiple products

Security Updates & Patches, Vulnerabilities & Exploits / Frank Crast / July 23, 2021 / Adobe, Adobe Photoshop, After Effects, Audition, Character Animator, Media Encoder, Prelude, Premiere Pro

Adobe has released security updates to address multiple vulnerabilities in Adobe Photoshop, Audition, Character Animator, Prelude, Premiere Pro, After Effects, and Media Encoder.

Adobe fixes vulnerabilities in multiple products Read More »

Drupal patches Critical third-party library vulnerability (CVE-2021-32610)

Security Updates & Patches, Third-Party Security, Vulnerabilities & Exploits / Frank Crast / July 23, 2021 / Archive_Tar, CVE-2021-32610, Drupal, Drupal Core, PEAR Archive_Tar, third party

Drupal has patched a Critical third-party library vulnerability that affects multiple versions of Drupal Core. A remote attacker could exploit this vulnerability to compromise an affected system.

Drupal patches Critical third-party library vulnerability (CVE-2021-32610) Read More »