exploit Archives - Page 3 of 42

exploit

As attacks on Exchange servers escalate, Microsoft investigates potential PoC exploit leak

March 15, 2021

Microsoft Exchange servers around the world are still getting compromised via the ProxyLogon (CVE-2021-26855) and three other vulnerabilities patched by Microsoft in early …

Attackers are looking to exploit critical VMware vCenter Server RCE flaw, patch ASAP!

February 25, 2021

The day after VMware released fixes for a critical RCE flaw (CVE-2021-21972) found in a default vCenter Server plugin, opportunistic attackers began searching for publicly …

57% of vulnerabilities in 2020 were classified as critical or high severity

February 17, 2021

NIST logged more than 18,000 vulnerabilities in 2020, over 10,000 of which were critical or high severity – an all-time high. Redscan’s analysis looks beyond severity scores, …

Nearly 40% of consumers lost money to phone scams in 2020

February 15, 2021

Businesses and consumers are relying on the voice call more than ever during the pandemic with voice traffic up 184% in 2020 compared to 2019, according to a Hiya report. …

Accellion to retire enterprise file-sharing product targeted in recent attacks

February 12, 2021

U.S.-based cloud solutions company Accellion will soon retire FTA, its legacy enterprise file-sharing solution, vulnerabilities in which have recently been exploited by …

When it comes to vulnerability triage, ditch CVSS and prioritize exploitability

February 10, 2021

When it comes to software security, one of the biggest challenges facing developers today is information overload. Thanks in part to the widespread proliferation and use of …

Top 10 most exploited vulnerabilities from 2020

February 3, 2021

Vulnerability intelligence-as-a-service outfit vFeed has compiled a list of the top 10 most exploited vulnerabilities from 2020, and among them are SMBGhost, Zerologon, and …

Out-of-band Drupal security updates fix bugs with known exploits

November 27, 2020

Drupal has released out-of-band security updates to fix two critical code execution flaws (CVE-2020-28948, CVE-2020-28949) in Drupal core, as “there are known exploits …

The effectiveness of vulnerability disclosure and exploit development

November 19, 2020

New research into what happens after a new software vulnerability is discovered provides an unprecedented window into the outcomes and effectiveness of responsible …

Critical vulnerabilities in Cisco Security Manager fixed, researcher discloses PoCs

November 17, 2020

Cisco has patched two vulnerabilities in its Cisco Security Manager solution, both of which could allow unauthenticated, remote attackers to gain access to sensitive …

Git LFS vulnerability allows attackers to compromise targets’ Windows systems (CVE-2020-27955)

November 5, 2020

A critical vulnerability (CVE-2020-27955) in Git Large File Storage (Git LFS), an open source Git extension for versioning large files, allows attackers to achieve remote code …

Google fixes two actively exploited Chrome zero-days (CVE-2020-16009, CVE-2020-16010)

November 4, 2020

For the third time in two weeks, Google has patched Chrome zero-day vulnerabilities that are being actively exploited in the wild: CVE-2020-16009 is present in the desktop …

exploit

As attacks on Exchange servers escalate, Microsoft investigates potential PoC exploit leak

Attackers are looking to exploit critical VMware vCenter Server RCE flaw, patch ASAP!

57% of vulnerabilities in 2020 were classified as critical or high severity

Nearly 40% of consumers lost money to phone scams in 2020

Accellion to retire enterprise file-sharing product targeted in recent attacks

When it comes to vulnerability triage, ditch CVSS and prioritize exploitability

Top 10 most exploited vulnerabilities from 2020

Out-of-band Drupal security updates fix bugs with known exploits

The effectiveness of vulnerability disclosure and exploit development

Critical vulnerabilities in Cisco Security Manager fixed, researcher discloses PoCs

Git LFS vulnerability allows attackers to compromise targets’ Windows systems (CVE-2020-27955)

Google fixes two actively exploited Chrome zero-days (CVE-2020-16009, CVE-2020-16010)

Don't miss

The ripple effect: Why protection against supply chain attacks is a must

API security awareness: The first step to better assessing the risk

Infosec products of the month: November 2021

150+ HP multifunction printers open to attack (CVE-2021-39237, CVE-2021-39238)

How to combat ransomware with visibility