Apache Flink flaw is back, and being actively exploited
An improper access control flaw is being actively exploited, CISA is warning......»»
Auth bypass bug in FortiOS, FortiProxy is exploited in the wild (CVE-2022-40684)
After privately warning customers last week that they need to patch or mitigate CVE-2022-40684, a critical vulnerability affecting FortiOS, FortiProxy, and FortiSwitchManager, Fortinet has finally confirmed that it “is aware of an instance wher.....»»
China battery makers actively expanding capacities for energy storage systems
Main China-based lithium-ion battery makers, in view of large potential demand for energy storage systems, have been actively investing in setting up additional production capacities, according to industry sources......»»
Unpatched Zimbra RCE bug exploited by attackers (CVE-2022-41352)
A still unpatched vulnerability (CVE-2022-41352) in Zimbra Collaboration is being exploited by attackers to achieve remote code execution on vulnerable servers. About the vulnerability Zimbra Collaboration (formerly Zimbra Collaboration Suite) is clo.....»»
Critical vm2 sandbox escape flaw uncovered, patch ASAP! (CVE-2022-36067)
Oxeye researchers discovered a severe vm2 vulnerability (CVE-2022-36067) that has received the maximum CVSS score of 10.0. Called SandBreak, this new vulnerability requires R&D leaders, AppSec engineers, and security professionals to ensure they imme.....»»
Week in review: 7 cybersecurity audiobooks to read, Patch Tuesday forecast
Here’s an overview of some of last week’s most interesting news, articles, interviews and videos: MS Exchange zero-days: The calm before the storm? CVE-2022-41040 and CVE-2022-41082, the two exploited MS Exchange zero-days that still have no offi.....»»
Unpatched Zimbra flaw under attack is letting hackers backdoor servers
The flaw has been under attack since at least early September. Enlarge (credit: Jeremy Brooks / Flickr) An unpatched code-execution vulnerability in the Zimbra Collaboration software is under active exploitation by attackers u.....»»
GM hit with $103 million U.S. jury verdict in engine flaw class action
GM said in a statement that it did not believe the verdict was supported by the evidence and planned to appeal......»»
Flaw in macOS Archive Utility let attackers bypass Gatekeeper
One of the best reasons to keep macOS up to date is protecting yourself against security issues — and Jamf found a big one in the summer of 2022 that allowed attackers to bypass macOS Gatekeeper.macOS Archive UtilityJamf Threat Labs found the vulne.....»»
Documenting the world"s crop diversity and making it available
Genebanks play an important role in the long-term conservation of plant genetic resources for food and agriculture. Out of 1,800 genebank collections worldwide, more than 600 are in Europe. This vast array of crop diversity can be exploited to make o.....»»
Atlassian is being actively exploited to compromise corporate networks
US Government urges organizations to patch their endpoints immediately......»»
This dangerous vulnerability tricks researchers by mimicking old threats
The CVE-2022-41040 and CVE-2022-41082 zero-day flaw has been brought to Microsoft's attention after its Exchange email servers were left exposed to bad actors......»»
MS Exchange zero-days: The calm before the storm?
CVE-2022-41040 and CVE-2022-41082, the two exploited MS Exchange zero-days that still have no official fix, have been added to CISA’s Known Exploited Vulnerabilities (KEV) Catalog. But mitigating the risk of exploitation until patches are ready.....»»
Week in review: MS Exchange zero-days exploited, AD attack paths, developing secure APIs
SpyCast: Cross-platform mDNS enumeration tool SpyCast is a cross-platform mDNS enumeration tool that can work either in active mode by recursively querying services or in passive mode by only listening to multicast packets. Attackers use novel techni.....»»
Two Microsoft Exchange zero-days exploited by attackers (CVE-2022-41040, CVE-2022-41082)
Attackers are leveraging two zero-day vulnerabilities (CVE-2022-41040, CVE-2022-41082) to breach Microsoft Exchange servers. News of the attacks broke on Wednesday, when researchers with Vietnamese cybersecurity company GTSC released a warning saying.....»»
Sophos Firewall found a serious security issue
Sophos warns recently discovered flaw is being exploited in the wild to run arbitrary code on vulnerable endpoints......»»
Winbond specialty DRAM cuts into largest e-bike supply chain in Europe
Taiwan's memory maker Windbond Electronics has cut into the supply chain of Europe's largest e-bike maker with its specialty DRAM, and is also actively developing sales of its flash memory for automotive applications, according to industry sources......»»
RCE in Sophos Firewall is being exploited in the wild (CVE-2022-3236)
Sophos has patched an actively exploited remote code execution vulnerability (CVE-2022-3236) in its Firewall solutions, and has pushed the fix to customers who have automatic installation of hotfixes enabled. If this news triggers a feeling of déjà.....»»
Week in review: Revolut data breach, ManageEngine RCE flaw, free Linux security training courses
GTA 6 in-development footage leaked American video game publisher Rockstar Games has suffered an unfortunate data leak: someone has released online in-development footage/videos for Grand Theft Auto (GTA) 6, the eagerly anticipated instalment of the.....»»
Critical ManageEngine RCE flaw is being exploited (CVE-2022-35405)
The US Cybersecurity and Infrastructure Security Agency (CISA) has added CVE-2022-35405, a critical remote code execution vulnerability in ManageEngine PAM360, Password Manager Pro, and Access Manager Plus, to its Known Exploited Vulnerabilities (KEV.....»»
iOS 16 bug can cause the Mail app to instantly crash when a certain string of text is received
Every so often we see a flaw in iOS that can render an entire app unusable. In the past, these bugs have affected apps like Safari and Messages. A new bug in iOS 16, however, can completely lock you out of the Mail app with a single email that conta.....»»