Vulnerabilities & Exploits Archives - Page 45 of 106

Juniper patches multiple vulnerabilities in Junos OS and other products (April 2021)

Network Security, Security Updates & Patches, Vulnerabilities & Exploits / Frank Crast / April 16, 2021 / CVE-2021-0248, EX4300, Juniper, Junos, Networking, PTX, QFX, SRX

Juniper Networks has released security advisories to fix many vulnerabilities on Junos OS, EX4300, PTX Series, QFX Series, SRX Series network devices and multiple other products.

Juniper patches multiple vulnerabilities in Junos OS and other products (April 2021) Read More »

Adobe fixes Critical vulnerabilities in Photoshop, Bridge and other products

Security Updates & Patches, Vulnerabilities & Exploits / Frank Crast / April 15, 2021 / Adobe, Bridge, CVE-2021-21092, CVE-2021-21093, CVE-2021-21094, CVE-2021-21095, CVE-2021-21100, Digital Editions, Photoshop, RoboHelp

Adobe has patched Critical vulnerabilities in Photoshop, Bridge, Digital Editions and RoboHelp. An attacker could exploit these vulnerabilities and potentially take over impacted systems.

Adobe fixes Critical vulnerabilities in Photoshop, Bridge and other products Read More »

Microsoft April 2021 Security Updates, includes fixes for Critical Exchange Server vulnerabilities

Security Updates & Patches, Vulnerabilities & Exploits / Frank Crast / April 14, 2021 / AppX, Azure, codecs, CVE-2021-28480, CVE-2021-28481, CVE-2021-28482, CVE-2021-28483, DevOps, Exchange, Hyper-V, Sphere, Win32K, WLAN

Microsoft has released the April 2021 Security updates that includes patches for 114 vulnerabilities, 19 of those rated Critical. The updates also include fixes for multiple Microsoft Exchange flaws that have a higher likelihood of being exploited.

Microsoft April 2021 Security Updates, includes fixes for Critical Exchange Server vulnerabilities Read More »

Chrome security update (89.0.4389.128) fixes 2 zero-days exploited in the wild

Security Updates & Patches, Vulnerabilities & Exploits, Zero-days / Frank Crast / April 14, 2021 / CVE-2021-21206, CVE-2021-21220

Google has released Chrome 89 security update 89.0.4389.128) for Windows, Mac and Linux with fixes for 2 vulnerabilities exploited in the wild.

Chrome security update (89.0.4389.128) fixes 2 zero-days exploited in the wild Read More »

CISA publishes reports on DearCry ransomware and China Chopper Web Shell malware linked to Exchange Server exploits (update-2)

Cybersecurity Attacks, Malware, Security Updates & Patches, Vulnerabilities & Exploits, Zero-days / Frank Crast / April 13, 2021 / China Chopper, CVE-2021-26855, CVE-2021-26857, CVE-2021-26858, CVE-2021-27065, DearCry, Exchange, Microsoft, web shell

The Cybersecurity and Infrastructure Security Agency (CISA) has published reports on DearCry ransomware and China Chopper Web Shell malware linked to recent Exchange Server exploits. Attackers can use this malware to further compromise on-premise Microsoft Exchange servers and launch other attacks.

CISA publishes reports on DearCry ransomware and China Chopper Web Shell malware linked to Exchange Server exploits (update-2) Read More »

Cisco patches vulnerabilities in SD-WAN, Small Business routers and other products

Network Security, Security Updates & Patches, Vulnerabilities & Exploits / Frank Crast / April 8, 2021 / Cisco, CVE-2021-1137, CVE-2021-1480, malware, Routers, SD-WAN, Small Business

Cisco has patched multiple vulnerabilities in Cisco SD-WAN, Small Business routers, Unified Communications Products and Advanced Malware Protection. Two of those vulnerabilities (CVE-2021-1479, CVE-2021-1459) are rated Critical.

Cisco patches vulnerabilities in SD-WAN, Small Business routers and other products Read More »

PHP user database leak allegedly led to PHP source code compromise

Application Security, Password Management, Vulnerabilities & Exploits / Frank Crast / April 7, 2021 / Gilotine, PHP, Source Code

PHP maintainer Nikita Popov has published new details regarding the likely cause of a recent PHP source code compromise and insert of malicious code.

PHP user database leak allegedly led to PHP source code compromise Read More »

Legacy QNAP NAS devices vulnerable to zero-day cyberattacks

Security Updates & Patches, Storage Security, Vulnerabilities & Exploits, Zero-days / Frank Crast / April 7, 2021 / CVE-2020-2509, CVE-2021-36195, QNAP, QSnatch, Threatpost, TS-231

Security researchers have warned legacy QNAP NAS devices are vulnerable to zero-day cyberattacks. Although QNAP patched two vulnerabilities in recent firmware updates, the company acknowledged patches were not yet available for certain legacy devices.

Legacy QNAP NAS devices vulnerable to zero-day cyberattacks Read More »

Threat actors target vulnerable critical SAP applications

Configuration Management, Cybersecurity Attacks, Security Updates & Patches, Vulnerabilities & Exploits / Frank Crast / April 6, 2021 / 10KBlaze, CISA, CVE-2020-6287, ERP, Onapsis, RECON, SAP

Security experts from Onapsis and SAP have released a new threat intel report for SAP customers that warns of cyber threat actors targeting unprotected SAP applications.

Threat actors target vulnerable critical SAP applications Read More »

FBI and CISA warn of Fortinet FortiOS vulnerability exploits

Security Updates & Patches, Vulnerabilities & Exploits / Frank Crast / April 2, 2021 / APT, CISA, CVE-2018-13379, CVE-2019-5591, CVE-2020-12812, FBI, Fortinet, FortiOS, Zerologon

Cybersecurity experts from the FBI and CISA have issued a joint cybersecurity advisory warning of APT exploits of Fortinet FortiOS vulnerabilities CVE-2018-13379, CVE-2019-5591 and CVE-2020-12812.

FBI and CISA warn of Fortinet FortiOS vulnerability exploits Read More »