CVEs
CISA warns of high-severity vulnerability in once-popular Microsoft product
Security agency adds CVE-2012-4792 to its catalogue of known vulns and warns it can "execute arbitrary code via a crafted web site"
zero day
Windows 'relics' zombified in Void Banshee zero-day attacks
Threat actors use CVE-2024-38112 to bring the remains of Internet Explorer back to life as a 'zombie' hellbent on stealing valuable data.
DDoS
‘Evil’ botnet unleashes ‘record-breaking’ DDoS attack
“This could be a new era for packet rate attacks: with botnets possibly capable of issuing billions of packets per second. It could seriously challenge how anti-DDoS infrastructures are built and scaled."
Cybersecurity
22,600+ emails = 599 vulnerabilities. Security disclosure triage is HARD
Security researchers regularly chafe at the deafening silence when they report a critical vulnerability in software: White Hats simply wanting to help organisations fix their cybersecurity all too often still find themselves being ignored – or worse, threatened with legal action when trying to help publicly exposed organisations that have not
Cybersecurity
Critical controller bug could trigger traffic chaos: Software vendor ignores CISA outreach
One of 14 new advisories on vulnerable ICS software...
Cybersecurity
Gird your loins: Patch Tuesday’s back
It’s that time of the month again: Microsoft has pushed out 98 security patches for January’s Patch Tuesday: 11 are critical, one CVE-2023-21674 is being actively exploited and another gives unauthenticated remote access to your SharePoint Server – and requires not just the patch but a “SharePoint upgrade action”
Featured
We analysed 90,000+ software vulnerabilities: Here's what we learned
Can you guess the product with the most CVEs in 2022?
Cybersecurity
Will this CVSS 10 Linux Kernel vuln ruin your holiday?
We're hopeful that Betteridge's law applies...
Featured
Hey hackers! Grab some hardcoded Siemens crypto keys and go wild*
Per RATM: "Action must be taken. We don't need the key we'll break in"
Cybersecurity
Critical pre-auth RCE Fortinet vulnerability is a breeze to exploit
A vulnerability in multiple Fortinet products gives an unauthenticated remote attackers root access to its core product’s administrative interface – and the vulnerability has been exploited in the wild the company warned. Given exploitation the company has warned customers to check for Indicators of Compromise. https://twitter.com/Horizon3Attack/status/
Cybersecurity
Two unpatched Microsoft Exchange Server zero days are under attack.
Exploited for a month. No detection in Sentinel, no patch yet. Mitigate urgently.
Cybersecurity
Second critical Sophos Firewall bug exploited in wild
CVSS 9.8 vulnerability added to CISA "known exploited" catalogue