exploit Archives - Page 6 of 44

exploit

Critical vulnerabilities in Cisco Security Manager fixed, researcher discloses PoCs

November 17, 2020

Cisco has patched two vulnerabilities in its Cisco Security Manager solution, both of which could allow unauthenticated, remote attackers to gain access to sensitive …

Git LFS vulnerability allows attackers to compromise targets’ Windows systems (CVE-2020-27955)

November 5, 2020

A critical vulnerability (CVE-2020-27955) in Git Large File Storage (Git LFS), an open source Git extension for versioning large files, allows attackers to achieve remote code …

Google fixes two actively exploited Chrome zero-days (CVE-2020-16009, CVE-2020-16010)

November 4, 2020

For the third time in two weeks, Google has patched Chrome zero-day vulnerabilities that are being actively exploited in the wild: CVE-2020-16009 is present in the desktop …

Easily exploitable RCE in Oracle WebLogic Server under attack (CVE-2020-14882)

October 29, 2020

A critical and easily exploitable remote code execution vulnerability (CVE-2020-14882) in Oracle WebLogic Server is being targeted by attackers, SANS ISC has warned. Oracle …

Attacks on IoT devices continue to escalate

October 28, 2020

Attacks on IoT devices continue to rise at an alarming rate due to poor security protections and cybercriminals use of automated tools to exploit these vulnerabilities, …

Are your domain controllers safe from Zerologon attacks?

September 15, 2020

CVE-2020-1472, a privilege elevation vulnerability in the Netlogon Remote Protocol (MS-NRPC) for which Microsoft released a patch in August, has just become a huge liability …

New attack vectors make securing virtual companies even more challenging

August 25, 2020

As organizations are settling into long-term remote working, new attack vectors for opportunistic cyberattackers—and new challenges for network administrators have been …

Exploits for vBulletin zero-day released, attacks are ongoing

August 11, 2020

The fix for CVE-2019-16759, a remote code execution vulnerability in vBulletin that was patched in September 2019, is incomplete, security researcher Amir Etemadieh has …

Critical ManageEngine ADSelfService Plus RCE flaw patched

August 10, 2020

A critical vulnerability (CVE-2020-11552) in ManageEngine ADSelfService Plus, an Active Directory password-reset solution, could allow attackers to remotely execute commands …

Attackers are exploiting Cisco ASA/FTD flaw in search for sensitive data

July 27, 2020

An unauthenticated file read vulnerability (CVE-2020-3452) affecting Cisco Adaptive Security Appliance (ASA) and Firepower Threat Defense (FTD) software is being exploited by …

Attackers are probing Citrix controllers and gateways through recently patched flaws

July 10, 2020

Earlier this week, Citrix released security updates for Citrix Application Delivery Controller (ADC), Citrix Gateway, and the Citrix SD-WAN WANOP appliance, and urged admins …

Attackers are bypassing F5 BIG-IP RCE mitigation – you might want to patch after all

July 8, 2020

Attackers are bypassing a mitigation for the BIG-IP TMUI RCE vulnerability (CVE-2020-5902) originally provided by F5 Networks, NCC Group’s Research and Intelligence …

exploit

Critical vulnerabilities in Cisco Security Manager fixed, researcher discloses PoCs

Git LFS vulnerability allows attackers to compromise targets’ Windows systems (CVE-2020-27955)

Google fixes two actively exploited Chrome zero-days (CVE-2020-16009, CVE-2020-16010)

Easily exploitable RCE in Oracle WebLogic Server under attack (CVE-2020-14882)

Attacks on IoT devices continue to escalate

Are your domain controllers safe from Zerologon attacks?

New attack vectors make securing virtual companies even more challenging

Exploits for vBulletin zero-day released, attacks are ongoing

Critical ManageEngine ADSelfService Plus RCE flaw patched

Attackers are exploiting Cisco ASA/FTD flaw in search for sensitive data

Attackers are probing Citrix controllers and gateways through recently patched flaws

Attackers are bypassing F5 BIG-IP RCE mitigation – you might want to patch after all

Don't miss

MS Exchange zero-days: The calm before the storm?

Detecting fileless malware infections is becoming easier

The impact of DevSecOps practices on software development

Why organizations take data sovereignty seriously

How to start and grow a cybersecurity consultancy