Pierluigi Paganini
January 26, 2022
PrinterLogic has addressed nine vulnerabilities in Web Stack and Virtual Appliance, including three high severity flaws. PrinterLogic has released security updates to address nine vulnerabilities in Web Stack and Virtual Appliance, the most severe ones, tracked as CVE-2021-42631, CVE-2021-42635, and CVE-2021-42638, are rated as high severity flaws (CVSS base score of 8.1). Below is the list […]
Pierluigi Paganini
January 25, 2022
The UK NCSC cybersecurity agency is going to release a collection of NMAP scripts that can allow defenders to find unpatched vulnerabilities. The United Kingdom’s National Cyber Security Centre (NCSC) announced the release of NMAP Scripting Engine scripts that can help defenders to scan their infrastructure to find and fix unpatched vulnerabilities impacting them. The […]
Pierluigi Paganini
January 25, 2022
Threat actors are actively exploiting a critical flaw (CVE-2021-20038) in SonicWall’s Secure Mobile Access (SMA) gateways addressed in December. Threat actors are actively exploiting a critical flaw, tracked as CVE-2021-20038, in SonicWall’s Secure Mobile Access (SMA) gateways addressed by the vendor in December. The vulnerability is an unauthenticated stack-based buffer overflow that was reported by […]
Pierluigi Paganini
January 24, 2022
The maintainers of the Rust programming language fixed a high-severity flaw that could allow attackers to delete files and directories from a vulnerable system. The maintainers of the Rust programming language have released a security update for a high-severity vulnerability, tracked as CVE-2022-21658. An attacker can trigger the vulnerability to delete files and directories from a vulnerable […]
Pierluigi Paganini
January 24, 2022
Cybersecurity provider F5 released security patches to address 25 vulnerabilities affecting its BIG-IP, BIG-IQ, and NGINX products. Cybersecurity firm F5 announced security patches for 25 vulnerabilities affecting its BIG-IP, BIG-IQ, and NGINX products. Most of the vulnerabilities (23) addressed by the company affect the BIG-IP application delivery controller (ADC), 13 of them have been rated […]
Pierluigi Paganini
January 23, 2022
US CISA added seventeen new actively exploited vulnerabilities to the ‘Known Exploited Vulnerabilities Catalog’. The ‘Known Exploited Vulnerabilities Catalog‘ is a list of known vulnerabilities that threat actors have abused in attacks and that are required to be addressed by Federal Civilian Executive Branch (FCEB) agencies. According to Binding Operational Directive (BOD) 22-01: Reducing the […]
Pierluigi Paganini
January 22, 2022
The Dutch National Cybersecurity Centre (NCSC) warns organizations of risks associated with cyberattacks exploiting the Log4J vulnerability. The Dutch National Cybersecurity Centre (NCSC) warns organizations to remain vigilant on possible attacks exploiting the Log4J vulnerability. According to the Dutch agency, threat actors the NCSC will continue to attempt to exploit the Log4Shell flaw in future […]
Pierluigi Paganini
January 21, 2022
McAfee addressed a security flaw in its McAfee Agent software for Windows that allows running arbitrary code with SYSTEM privileges. McAfee (now Trellix) has addressed a high-severity vulnerability, tracked as CVE-2022-0166, that resides in McAfee Agent software for Windows. An attacker can exploit this flaw to escalate privileges and execute arbitrary code with SYSTEM privileges. The McAfee Agent is […]
Pierluigi Paganini
January 21, 2022
Google Project Zero experts disclosed details of two zero-day flaws impacting Zoom clients and Multimedia Router (MMR) servers. Google Project Zero researchers Natalie Silvanovich disclosed details of two zero-day vulnerabilities in Zoom clients and Multimedia Router (MMR) servers. An attacker could have exploited the now-fixed issues to crash the service, execute malicious code, and even leak the content […]
Pierluigi Paganini
January 20, 2022
Cisco addressed a critical RCE flaw in the Cisco Redundancy Configuration Manager (RCM) for Cisco StarOS Software. Cisco has addressed a critical remote code execution vulnerability, tracked as CVE-2022-20649, discovered in the Cisco Redundancy Configuration Manager (RCM) for Cisco StarOS Software. The flaw, discovered by the company experts during internal security testing, can be exploited by […]
