Networking tools firm Netgear has launched patches to remediate a high-severity distant code execution vulnerability affecting a number of routers that might be exploited by distant attackers to take management of an affected system. Traced as CVE-2021-40847 (CVSS rating: 8.1), the safety weak point impacts the next fashions – R6400v2 (fastened in firmware model […]

Travis CI

Steady integration vendor Travis CI has patched a critical safety flaw that uncovered API keys, entry tokens, and credentials, doubtlessly placing organizations that use public supply code repositories liable to additional assaults. The difficulty — tracked as CVE-2021-41077 — issues unauthorized entry and plunder of secret atmosphere knowledge related to a public open-source challenge through […]

HP OMEN Gaming Hub

Cybersecurity researchers on Tuesday disclosed particulars a few high-severity flaw within the HP OMEN driver software program that impacts hundreds of thousands of gaming computer systems worldwide, leaving them open to an array of assaults. Tracked as CVE-2021-3437 (CVSS rating: 7.8), the vulnerabilities might enable risk actors to escalate privileges to kernel mode with out […]

Atlassian Confluence

The maintainers of Jenkins—a preferred open-source automation server software program—have disclosed a safety breach after unidentified risk actors gained entry to certainly one of their servers by exploiting a just lately disclosed vulnerability in Atlassian Confluence service to put in a cryptocurrency miner. The “profitable assault,” which is believed to have occurred final week, was […]

atlassian confluence

The U.S. Cyber Command on Friday warned of ongoing mass exploitation makes an attempt within the wild concentrating on a now-patched important safety vulnerability affecting Atlassian Confluence deployments that could possibly be abused by unauthenticated attackers to take management of a susceptible system. “Mass exploitation of Atlassian Confluence CVE-2021-26084 is ongoing and anticipated to speed […]

ESET’s cybersecurity knowledgeable Marc-Étienne Léveillé analyses in-depth the Quebec’s vaccine proof apps VaxiCode and VaxiCode Verif. The launch of the cell functions permitting the storage and verification of the vaccination passport by the Quebec authorities (VaxiCode and VaxiCode Verif) has brought on plenty of ink to circulation final week. It’s with good motive; the VaxiCode […]

Microsoft Exchange

Particulars have emerged a couple of now-patched safety vulnerability impacting Microsoft Change Server that could possibly be weaponized by an unauthenticated attacker to change server configurations, thus resulting in the disclosure of Personally Identifiable Data (PII). The problem, tracked as CVE-2021-33766 (CVSS rating: 7.3) and coined “ProxyToken,” was found by Le Xuan Tuyen, a researcher […]

Cloud infrastructure safety firm Wiz on Thursday revealed particulars of a now-fixed Azure Cosmos database vulnerability that might have been probably exploited to grant any Azure consumer full admin entry to different clients’ database situations with none authorization. The flaw, which grants learn, write, and delete privileges, has been dubbed “ChaosDB,” with Wiz researchers noting […]

Cisco Software Patch Update

Cisco Techniques on Wednesday issued patches to deal with a crucial safety vulnerability affecting the Software Coverage Infrastructure Controller (APIC) interface utilized in its Nexus 9000 Sequence Switches that may very well be probably abused to learn or write arbitrary information on a susceptible system. Tracked as CVE-2021-1577 (CVSS rating: 9.1), the difficulty — which […]