exploit Archives - Page 4 of 45

exploit

Determined APT is exploiting ManageEngine ServiceDesk Plus vulnerability (CVE-2021-44077)

December 3, 2021

An APT group is leveraging a critical vulnerability (CVE-2021-44077) in Zoho ManageEngine ServiceDesk Plus to compromise organizations in a variety of sectors, including …

After failed fix, researcher releases exploit for Windows EoP flaw (CVE-2021-41379)

November 24, 2021

A local elevation of privilege vulnerability (CVE-2021-41379) in the Windows Installer that Microsoft supposedly fixed on November 2021 Patch Tuesday is, according to its …

List of IT assets an attacker is most likely to target for exploitation

October 13, 2021

Randori released a report that identifies the most tempting IT assets that an attacker is likely to target and exploit. Leading up to the anniversary of the Solarwinds hack, …

Nagios XI vulnerabilities open enterprise IT infrastructure to attack

September 23, 2021

Researchers have unearthed 11 vulnerabilities affecting Nagios XI, a widely used enterprise IT infrastructure/network monitoring solution, some of which can be chained to …

Microsoft Power Apps data exposure: Prioritizing sensitive data with secure configuration settings

September 21, 2021

Security misconfigurations are one of the most common gaps hackers look to exploit. One bad configuration setting in a popular cloud platform can have far-reaching …

CVE-2021-40444 exploitation: Researchers find connections to previous attacks

September 16, 2021

The recent targeted attacks exploiting the (at the time) zero-day remote code execution vulnerability (CVE-2021-40444) in Windows via booby-trapped Office documents have been …

Microsoft patches actively exploited MSHTML zero-day RCE (CVE-2021-40444)

September 14, 2021

On September 2021 Patch Tuesday, Microsoft has fixed 66 CVE-numbered vulnerabilities in a wide variety of its solutions. Of these, the most crucial to address is …

Apple fixes “zero-click” iMessage zero-day exploited to deliver spyware (CVE-2021-30860)

September 14, 2021

Apple has released security updates for macOS, iOS, iPadOS, watchOS and Safari that patch two vulnerabilities (CVE-2021-30860, CVE-2021-30858) that are being exploited in …

Patched: Critical bug with public PoC exploit in Cisco infrastructure virtualization software (CVE-2021-34746)

September 3, 2021

A critical vulnerability (CVE-2021-34746) that affects Cisco Enterprise NFV Infrastructure Software (NFVIS) has been patched and Cisco is urging enterprise admins to quickly …

Realtek SDK vulnerability exploitation attempts detected (CVE-2021-35395)

August 24, 2021

Threat actors are attempting to exploit CVE-2021-35395, a group of vulnerabilities in the web interface of the Realtek SDK, to spread Mirai malware to vulnerable IoT devices. …

ProxyShell vulnerabilities actively exploited to deliver web shells and ransomware

August 23, 2021

Three so-called “ProxyShell” vulnerabilities are being actively exploited by various attackers to compromise Microsoft Exchange servers around the world, the …

The value of PII and how it still fuels malign activities in the digital ecosystem

August 10, 2021

The COVID-19 pandemic engendered new vulnerabilities in the digital ecosystem for threat actors to exploit, resulting in items like vaccines, fraudulent vaccine certificates, …

exploit

Determined APT is exploiting ManageEngine ServiceDesk Plus vulnerability (CVE-2021-44077)

After failed fix, researcher releases exploit for Windows EoP flaw (CVE-2021-41379)

List of IT assets an attacker is most likely to target for exploitation

Nagios XI vulnerabilities open enterprise IT infrastructure to attack

Microsoft Power Apps data exposure: Prioritizing sensitive data with secure configuration settings

CVE-2021-40444 exploitation: Researchers find connections to previous attacks

Microsoft patches actively exploited MSHTML zero-day RCE (CVE-2021-40444)

Apple fixes “zero-click” iMessage zero-day exploited to deliver spyware (CVE-2021-30860)

Patched: Critical bug with public PoC exploit in Cisco infrastructure virtualization software (CVE-2021-34746)

Realtek SDK vulnerability exploitation attempts detected (CVE-2021-35395)

ProxyShell vulnerabilities actively exploited to deliver web shells and ransomware

The value of PII and how it still fuels malign activities in the digital ecosystem

Don't miss

Europol details ChatGPT’s potential for criminal abuse

What you need before the next vulnerability hits

Running a security program before your first security hire

What the food and building industry can teach us about securing embedded systems

BEC scammers are after physical goods, the FBI warns