VMWare Urges Users to Patch Critical Authentication Bypass Bug
VMware has urged users to implement a recently released patch as soon as possible to protect against a string of flaws that could lead to an attack chain. Multiple products are reportedly affected by a critical authentication bypass vulnerability that can allow a malicious actor to gain access to a
Google Patches Critical Android Bluetooth Flaw in August Security Bulletin
On Monday, Google published its monthly security bulletin, releasing the latest available patches for Android devices. In this month’s update, a total of 37 vulnerabilities were patched. One of these patches is a critical security flaw that lies in the System component. If exploited by malicious actors, the flaw could
New UnRAR Vulnerability Could Lead to Zimbra Webmail Hack
Security researchers have discovered a new flaw located in the UnRAR utility by RARlabs. The flaw can reportedly be exploited to steal emails from Zimbra email accounts and has been allocated a severity score of 7.5 out of 10 on the CVSS scale. Zimbra is an enterprise email solution that
Chinese Researchers Find Critical Security Flaws in CoDeSys Automation Software
According to an advisory by Chinese cybersecurity firm NSFOCUS, its researchers have detected 11 security vulnerabilities that lie in the CoDeSys automation software that could lead to unauthorized access to company resources or denial-of-service attacks. The researchers claim that the bugs are simple to exploit and can have severe consequences,
Microsoft Addresses Wi-Fi Hotspots Issues in Latest Update
Microsoft has addressed a known issue that is currently affecting Wi-Fi hotspot features in its systems. The vulnerability has been added to its official Health Dashboard page as of this week after the company discovered that Windows 10 and 11 machines are subject to the bug. It is likely that
US Researchers Spot New Hertzbleed Flaw Affecting AMD and Intel CPUs
Researchers at the University of Texas have discovered, in collaboration with the University of Washington and the University of Illinois Urbana-Champaign, a new vulnerability that reportedly affects all modern AMD and Intel CPUs. The flaw is being referred to as “Hertzbleed” and is a new group of side-channel attacks. The
Zoom patches XMPP vulnerability chain that could lead to remote code execution
Zoom users have been advised to update their software to the latest version, 5.10.0, to fix a number of flaws detected by Google Project Zero researchers. According to the researcher who discovered the holes, Ivan Fratric, user interaction is not required for an attacker to successfully leverage the flaws. The
Over 20,000 Zyxel Firewalls Still Exposed to Critical Bug
According to security researchers, over 20,000 Zyxel Firewalls remain vulnerable to critical bug that was patched by the vendor back in April. The flaw lies in the ATP series, VPN series, and USG FLEX series of the firewall product. Security company Rapid7 discovered and disclosed the vulnerability in April of
This unpatched DNS bug could put ‘well-known’ IoT devices at risk
IoT security researchers at Nozomi Networks have warned that a popular library for the C programming language is at risk for DNS cache-poisoning attacks. The bug in the library is roughly 10 years old, and could not be fixed by the owners and maintainers of the library. Security researcher Andrea
Elementor Fixes Critical Bug in Popular WordPress Plugin
Elementor, a popular WordPress plugin, has received a critical update that patches a vulnerability that could be leveraged by attackers to change the appearance of websites. Elementor functions as a website building plugin, enabling users too easily create websites for themselves or their business without having to write code. Elementor