Cybersecurity
Will this CVSS 10 Linux Kernel vuln ruin your holiday?
We're hopeful that Betteridge's law applies...
Cloud
This Azure bug is a perfect CVSS 10, gives you control over K8s clusters
A critical vulnerability in an Azure tool that lets users manage Kubernetes clusters can be exploited remotely without authentication to gain administrative control over Kubernetes clusters, as well as Azure edge devices. The vulnerability, allocated a maximum possible CVSS (severity rating) score of 10 has been allocated CVE-2022-37968. It is
Cybersecurity
SAP systems are getting breached as attackers wake up to CVSS 10 bug
Exploits have circulated since February.
Cybersecurity
Patch Tuesday: Exploited Windows 0day, zero-click pre-auth RCE vuln in RPC
Those 700,000 folks with RPC exposed to the internet should probably...
Cybersecurity
Zyxel, VMware, F5 vulnerabilities under attack: Updated CISA database
Don't put that stuff on the public internet, kids.
Cybersecurity
Hyperscalers, telcos exposing BIG-IP to the internet as pre-auth RCE vulnerability drops
Just block iControl REST access through the management interface for starters...
Read This
The 10 most-exploited vulnerabilities of 2021: Not patched? Likely pwned...
Attackers continue to accelerate their weaponisation of newly-discovered flaws, the Five Eyes list of most-exploited vulnerabilities of 2021 shows. Contrary to some reports suggesting fears of mass-exploitation had been over-indexed, the flaw in Log4j joined the most widely-exploited vulnerabilities last year, despite only being discovered at the year's
Cybersecurity
NSA reports 1 bug under attack, Chinese firm 36, as Patch Tuesday lands with 0days, drama
It's back, it's big, and it's bad. April Patch Tuesday brings 145 vulnerability fixes from Microsoft -- the highest number in 19 months -- including a trio of remote code execution (RCE) vulnerabilities in Hyper-V and a brace of critical (CVSS 9.8) bugs
Cybersecurity
Thousands of VMware customers publicly exposed to pre-auth RCE as exploit reproduced
VMware Cloud Foundation, NSX-T, vRealize Suite, VMware Cloud suites, vRealize Automation, vRealize Log Insight all...
Cybersecurity
A critical Sophos firewall RCE bug is under active attack. Patch now.
Pre-auth RCE has been exploited in the wild...
Read This
CrowdStrike names Turkey and Colombia as significant new sources of cyber-attacks
New state actors, labelled Wolf and Ocelot, identified in threat report
Cybersecurity
Critical bug in ubiquitous Java framework sets off an internet cluster bomb
AWS, Red Hat, VMware, more affected with pre-auth RCE exploits circulating