Cisco Releases Patches 3 New Critical Flaws Affecting IOS XE Software – Tempemail

Networking equipment maker Cisco Systems has rolled out patches to address three critical security vulnerabilities in its IOS XE network operating system that remote attackers could potentially abuse to execute arbitrary code with administrative privileges and trigger a denial-of-service (DoS) condition on vulnerable devices. The list of three flaws is Continue Reading

Critical Flaws Discovered in Azure App That Microsoft Secretly Installed on Linux VMs – Tempemail

Microsoft on Tuesday addressed a quartet of security flaws as part of its Patch Tuesday updates that could be abused by adversaries to target Azure cloud customers and elevate privileges as well as allow for remote takeover of vulnerable systems. The list of flaws, collectively called OMIGOD by researchers from Continue Reading

Update Google Chrome to Patch 2 New Zero-Day Flaws Under Attack – Tempemail

Google on Monday released security updates for Chrome web browser to address a total of 11 security issues, two of which it says are actively exploited zero-days in the wild. Tracked as CVE-2021-30632 and CVE-2021-30633, the vulnerabilities concern an out of bounds write in V8 JavaScript engine and a use Continue Reading

New BrakTooth Flaws Leave Millions of Bluetooth-enabled Devices Vulnerable – Tempemail

A set of new security vulnerabilities has been disclosed in commercial Bluetooth stacks that could enable an adversary to execute arbitrary code and, worse, crash the devices via denial-of-service (DoS) attacks. Collectively dubbed “BrakTooth” (referring to the Norwegian word “Brak” which translates to “crash”), the 16 security weaknesses span across Continue Reading

QNAP Working on Patches for OpenSSL Flaws Affecting its NAS Devices – Tempemail

Network-attached storage (NAS) appliance maker QNAP said it’s currently investigating two recently patched security flaws in OpenSSL to determine their potential impact, adding it will release security updates should its products turn out to be vulnerable. Tracked as CVE-2021-3711 (CVSS score: 7.5) and CVE-2021-3712 (CVSS score: 4.4), the weaknesses concern Continue Reading

Kaseya Issues Patches for Two New 0-Day Flaws Affecting Unitrends Servers – Tempemail

U.S. technology firm Kaseya has released security patches to address two zero-day vulnerabilities affecting its Unitrends enterprise backup and continuity solution that could result in privilege escalation and authenticated remote code execution. The two weaknesses are part of a trio of vulnerabilities discovered and reported by researchers at the Dutch Continue Reading

VMware Issues Patches to Fix New Flaws Affecting Multiple Products – Tempemail

VMware on Wednesday shipped security updates to address vulnerabilities in multiple products that could be potentially exploited by an attacker to take control of an affected system. The six security weaknesses (from CVE-2021-22022 through CVE-2021-22027, CVSS scores: 4.4 – 8.6) affect VMware vRealize Operations (prior to version 8.5.0), VMware Cloud Continue Reading

Microsoft Exchange Under Attack With ProxyShell Flaws; Over 1900 Servers Hacked! – Tempemail

The U.S. Cybersecurity and Infrastructure Security Agency is warning of active exploitation attempts that leverage the latest line of “ProxyShell” Microsoft Exchange vulnerabilities that were patched earlier this May, including deploying LockFile ransomware on compromised systems. Tracked as CVE-2021-34473, CVE-2021-34523, and CVE-2021-31207, the vulnerabilities enable adversaries to bypass ACL controls, Continue Reading

Multiple Flaws Affecting Realtek Wi-Fi SDKs Impact Nearly a Million IoT Devices – Tempemail

Taiwanese chip designer Realtek is warning of four security vulnerabilities in three software development kits (SDKs) accompanying its WiFi modules, which are used in almost 200 IoT devices made by at least 65 vendors. The flaws, which affect Realtek SDK v2.x, Realtek “Jungle” SDK v3.0/v3.1/v3.2/v3.4.x/v3.4T/v3.4T-CT, and Realtek “Luna” SDK up Continue Reading

Dozens of STARTTLS Related Flaws Found Affecting Popular Tempemail Clients – Tempemail

Security researchers have disclosed as many as 40 different vulnerabilities associated with an opportunistic encryption mechanism in Tempemail clients and servers that could open the door to targeted man-in-the-middle (MitM) attacks, permitting an intruder to forge mailbox content and steal credentials. The now-patched flaws, identified in various STARTTLS implementations, were Continue Reading