Category Archives: Vulnerabilities
5 Critical VMware ESXi Vulnerabilities
It has been alerted; five security vulnerabilities could lead to major potential issues for VMware ESXi customers. This includes command execution and DoS. VMware has issued a critical security update to patch its ESXi customers. Exploitation of these vulnerabilities could give hackers access to virtual machine environments. VMware suggested that patching ESXi servers immediately is…
Hackers Exploiting Cisco RV VPN Routers
Security researchers have found critical vulnerabilities in Cisco Small Business RV VPN routers. The bugs could allow attackers to take control of the router with root privileges, get access to customer data, and conduct DDOS attacks. Why are they even still used? Well, the RV series of VPN appliances is affordable and functional. They can…
New UEFI Bootkit called MoonBounce
Researchers have discovered a sophisticated new type of malware that targets UEFI and its called MoonBounce. The Bootkit or also known as rootkit malware is suspected to be associated with (advanced persistent threat 41). APT41 is a group of hackers who have been robbing businesses for many years. Researchers at Kaspersky Labs discovered a new…
SSRF Vulnerability In VMware Authentication
Researchers have found that VMware has a server-side request forgery (SSRF) vulnerability could allow an attacker to obtain administrative JSON Web Tokens (JWT) in versions of the VMware authentication software. This serious security vulnerability was found in a popular service called VMware Workspace ONE Access. It’s used to provide multi-factor authentication, conditional access, and single…
Microsoft Warns Log4j Flaw Attacks Remain High
Microsoft has warned that Windows and Azure customers should be on high alert after spotting state-sponsored and cyber-criminal hackers probing systems for a flaw in the Log4j. Microsoft says it spotted attackers using the Log4j flaw through December. The Apache open source project disclosed on December 9 and will likely take a long time to…
Windows Zero-Day Allows Privileged File Access
A Windows security vulnerability could allow information disclosure and local privilege escalation (LPE), researchers have warned. The issue (CVE-2021-24084) has yet to get an official fix, but there is a way to protect yourself. A micropatch has been rolled out as a stop-gap measure. Security researcher Abdelhamid Naceri reported a bug in Microsoft’s…
Hashthemes Demo Importer WordPress Plugin Vulnerability
The Hashthemes Demo Importer and is found in more than 8,000 blogs, according to researchers at Wordfence. It’s a high-severity security flaw. This WordPress plugin is designed to import demo content from HashThemes.com. However, it’s possible for subscribers to use the demo importer as a tool to wipe out content on any WordPress site. The…
Google Chrome Releases Two Zero Day Patches
Google has released an emergency update Chrome 94.0.4606.71 that fixes two zero-day vulnerabilities being exploited in the wild. These are the second and third zero-day vulnerabilities found this year. A total of twelve zero-days have been found in the browser since January. The new version will be released on all three platforms, Windows, Mac, Linux,…
Apple users to update immediately. Apple Zero-Click Exploit
The Citizen Lab has discovered a zero-click zero-day flaw in all Apple products. The new zero-day flaw is called ForcedEntry, and it affects iPhones, iPads, Macs, Apple Watches, and even AirPods. Citizen Lab urges all Apple users to update their devices immediately. Apple released a Security update on Monday. The iOS 14.8 for iPhones and…
Microsoft Office 0-day Vulnerability
On Tuesday, Microsoft revealed an alarming vulnerability in Internet Explorer, a bug that is being used to harm Windows users. The attack is enabled by a weaponized Office file and works like this: A victim receives an email with a link to a Word document inside. It is very important that you do not click…