VMware Warns of Newly Discovered Vulnerabilities in vSphere Web Client – Tempemail

VMware has shipped updates to address two security vulnerabilities in vCenter Server and Cloud Foundation that could be abused by a remote attacker to gain access to sensitive information. The more severe of the issues concerns an arbitrary file read vulnerability in the vSphere Web Client. Tracked as CVE-2021-21980, the Continue Reading

Multiple Critical Flaws Discovered in Honeywell Experion PKS and ACE Controllers – Tempemail

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Tuesday released an advisory regarding multiple security vulnerabilities affecting all versions of Honeywell Experion Process Knowledge System C200, C200E, C300, and ACE controllers that could be exploited to achieve remote code execution and denial-of-service (DoS) conditions. “A Control Component Library (CCL) Continue Reading

Critical Flaws Discovered in Azure App That Microsoft Secretly Installed on Linux VMs – Tempemail

Microsoft on Tuesday addressed a quartet of security flaws as part of its Patch Tuesday updates that could be abused by adversaries to target Azure cloud customers and elevate privileges as well as allow for remote takeover of vulnerable systems. The list of flaws, collectively called OMIGOD by researchers from Continue Reading

Critical Flaw Discovered in Cisco APIC for Switches — Patch Released – Tempemail

Cisco Systems on Wednesday issued patches to address a critical security vulnerability affecting the Application Policy Infrastructure Controller (APIC) interface used in its Nexus 9000 Series Switches that could be potentially abused to read or write arbitrary files on a vulnerable system. Tracked as CVE-2021-1577 (CVSS score: 9.1), the issue Continue Reading

Newly Discovered Bugs in VSCode Extensions Could Lead to Supply Chain Attacks – Tempemail

Severe security flaws uncovered in popular Visual Studio Code extensions could enable attackers to compromise local machines as well as build and deployment systems through a developer’s integrated development environment (IDE). The vulnerable extensions could be exploited to run arbitrary code on a developer’s system remotely, in what could ultimately Continue Reading

APT10: sophisticated multi-layered loader Ecipekac discovered in A41APT campaign- Tempemail

Why is the campaign called A41APT? In 2019, we observed an APT campaign targeting multiple industries, including the Japanese manufacturing industry and its overseas operations, that was designed to steal information. We named the campaign A41APT (not APT41) which is derived from the host name “DESKTOP-A41UVJV” from the attacker’s system Continue Reading

Another Critical RCE Flaw Discovered in SolarWinds Orion Platform – Tempemail

IT infrastructure management provider SolarWinds on Thursday released a new update to its Orion networking monitoring tool with fixes for four security vulnerabilities, counting two weaknesses that could be exploited by an authenticated attacker to achieve remote code execution (RCE). Chief among them is a JSON deserialization flaw that allows Continue Reading

First Malware Designed for Apple M1 Chip Discovered in the Wild – Tempemail

One of the first malware samples tailored to run natively on Apple’s M1 chips has been discovered, suggesting a new development that indicates that bad actors have begun adapting malicious software to target the company’s latest generation of Macs powered by its own processors. While the transition to Apple silicon Continue Reading

Update Your iOS Devices Now — 3 Actively Exploited 0-Days Discovered – Tempemail

Apple on Thursday released multiple security updates to patch three zero-day vulnerabilities that were revealed as being actively exploited in the wild. Rolled out as part of its iOS, iPadOS, macOS, and watchOS updates, the flaws reside in the FontParser component and the kernel, allowing adversaries to remotely execute arbitrary Continue Reading