Security vendor Fortinet has addressed four vulnerabilities in FortiWeb web application firewalls, including a Remote Code Execution flaw. Fortinet has addressed four vulnerabilities in FortiWeb web application firewalls that were reported by Positive Technologies expert Andrey Medov. The first vulnerability, tracked as CVE-2020-29015, is a blind SQL injection that resides in the FortiWeb user interface. […]
Google has addressed an actively exploited zero-day vulnerability, tracked as CVE-2021-21148, with the release of the Chrome 88.0.4324.150 version. Google released Chrome 88.0.4324.150 version that addressed an actively exploited zero-day security vulnerability. The vulnerability is a Heap buffer overflow that resides in the V8, which is an open-source high-performance JavaScript and WebAssembly engine, written in C++. The flaw […]
Netlab researchers spotted a new Android malware, dubbed Matryosh, that is infecting devices to recruit them in a distributed denial-of-service (DDoS) botnet. On January 25, 2021, researchers at 360 netlab detected a suspicious ELF file, initially attributed to Mirai, but that later revealed his nature, a new bot tracked as Matryosh. “On January 25, 2021, […]
The provider of network security products Stormshield discloses data breach, threat actors stole information on some of its clients. Stormshield is a major provider of network security products to the French government, some approved to be used on sensitive networks. Stormshield is a French publisher of software specialized in computer security, its products are certified […]
Cisco addressed multiple pre-auth remote code execution (RCE) flaws in small business VPN routers that allow executing arbitrary code as root. Cisco has fixed several pre-auth remote code execution (RCE) issues in multiple small business VPN routers. The flaws could be exploited by unauthenticated, remote attackers to execute arbitrary code as root on vulnerable devices. […]
Researchers from TIMâs Red Team Research (RTR) discovered 2 new zero-day vulnerabilities in WordPress Plugin Limit Login Attempts Reloaded Italy also joins the security bug research, with the Red Team Research laboratory of TIM, an important Italian telecommunications company. Among the team’s objectives is to detect the vulnerabilities that a potential attacker could exploit to […]
Alleged China-linked hackers have exploited a flaw in the SolarWinds Orion software to hack systems at the U.S. National Finance Center. FBI investigators discovered that allegedly China-linked hackers have exploited a flaw in the SolarWinds Orion software to break into the systems of the U.S. National Finance Center. The National Finance Center is a federal […]
Experts warn that the recently discovered heap-based buffer overflow bug in Linux SUDO also impacts the latest version of Apple macOS Big Sur. Recently Qualys researchers found a Sudo vulnerability, tracked as CVE-2021-3156, that has allowed any local user to gain root privileges on Unix-like operating systems without authentication. Sudo is one of the most important, powerful, […]
The global leader of embedded system software Wind River Systems discloses a data breach that resulted in the theft of customers’ personal information. Wind River Systems, a global leader in delivering software for smart connected systems, discloses a data breach. The company claims its technology is found in more than 2 billion products, it develops […]
Cyber Defense Magazine February 2021 Edition has arrived. We hope you enjoy this month’s editionâŠpacked with over 108 pages of excellent content. 108 PAGESLOADED WITH EXCELLENT CONTENTLearn from the experts, cybersecurity best practicesFind out about upcoming information security related conferences, expos and trade shows. Always free, no strings attached. CLICK HERE AND GRAB THIS VERSION AND […]