Category: alerts

Company urges iPhone, iPad and Mac users to install updates to fix a critical memory corruption flaw that can allow for attackers to take over a system. Read more

Microsoft releases mitigations for a Windows NT LAN Manager exploit that forces remote Windows systems to reveal password hashes that can be easily cracked. Read more

Sprechen Sie Rust? Polyglot malware authors are increasingly using obscure programming languages to evade detection. Read more

Original release date: July 26, 2021   High Vulnerabilities Primary Vendor — Product Description Published CVSS Score Source & Patch Info dlink — dir-3040_firmware A hard-coded password vulnerability exists in the Libcli Test Environment functionality of D-LINK DIR-3040 1.13B03. A specially crafted network request can lead to code execution. An attacker can send a sequence… Read more

The software-engineering platform is urging users to patch the critical flaw ASAP. Read more

Critical ICS vulnerabilities can be exploited through leading cloud-management platforms. Read more

A privilege elevation bug in Windows 10 opens all systems to attackers to access data and create new accounts on systems. Read more

Update now: The ream of bugs includes some remotely exploitable code execution flaws. Still to come: a fix for what makes iPhones easy prey for Pegasus spyware. Read more

Researchers are skeptical that much will come from calling out China for the Microsoft Exchange attacks and APT40 activity, but the move marks an important foreign-policy change. Read more

Original release date: July 21, 2021 The Homeland Security Systems Engineering and Development Institute, sponsored by the Department of Homeland Security and operated by MITRE, has released the 2021 Common Weakness Enumeration (CWE) Top 25 Most Dangerous Software Weaknesses list. The Top 25 uses data from the National Vulnerability Database (NVD) to compile the most frequent… Read more