Author: DEFENDEDGE
-
Millions of Routers Exposed to RCE by USB Kernel Bug
The high-severity RCE flaw is in the KCodes NetUSB kernel module, used by popular routers from Netgear, TP-Link, DLink, Western Digital, et al. Read more
-
CISA Adds 15 Known Exploited Vulnerabilities to Catalog
Original release date: January 10, 2022 CISA has added 15 new vulnerabilities to its Known Exploited Vulnerabilities Catalog, based on evidence that threat actors are actively exploiting the vulnerabilities listed in the table below. These types of vulnerabilities are a frequent attack vector for malicious cyber actors of all types and pose significant risk to the… Read more
-
Vulnerability Summary for the Week of January 3, 2022
Original release date: January 10, 2022 High Vulnerabilities Primary Vendor — Product Description Published CVSS Score Source & Patch Info beyondtrust — appliance_base_software BeyondTrust Secure Remote Access Base Software through 6.0.1 allows an attacker to achieve full admin access to the appliance, by tricking the administrator into creating a new admin account through an… Read more
-
URL Parsing Bugs Allow DoS, RCE, Spoofing & More
Dangerous security bugs stemming from widespread inconsistencies among 16 popular third-party URL-parsing libraries could affect a wide swath of web applications. Read more
-
Cyber-Spike: Orgs Suffer 925 Attacks per Week, an All-Time High
Cyberattacks increased 50 percent YoY in 2021 and peaked in December due to a frenzy of Log4j exploits, researchers found. Read more
-
EoL Systems Stonewalling Log4j Fixes for Fed Agencies
End of life, end of support, pandemic-induced shipping delays and remote work, scanning failures: It’s a recipe for a patching nightmare, federal cyberserurity CTO Matt Keller says. Read more
-
Cyberattackers Hit Data of 80K Fertility Patients
Fertility Centers of Illinois’ security measures protected electronic medical records, but the attackers still got at extremely intimate data in admin files. Read more
-
QNAP: Get NAS Devices Off the Internet Now
There are active ransomware and brute-force attacks being launched against internet-exposed, network-attached storage devices, the device maker warned. Read more
-
Log4J-Related RCE Flaw in H2 Database Earns Critical Rating
Critical flaw in the H2 open-source Java SQL database are similar to the Log4J vulnerability, but do not pose a widespread threat. Read more
-
Partially Unpatched VMware Bug Opens Door to Hypervisor Takeover
ESXi version 7 users are still waiting for a full fix for a high-severity heap-overflow security vulnerability, but Cloud Foundation, Fusion and Workstation users can go ahead and patch. Read more