CVE-2022-28219: Proof-of-Concept Published for Unauthenticated RCE in Zoho ManageEngine ADAudit Plus
New information and technical details, including a proof-of-concept have been published for a remote code execution flaw in Zoho ManageEngine ADAudit Plus that was patched last month. ...
OT:ICEFALL Research from Forescout Explores Insecure-by-Design State of Operational Technology
The latest research from Forescout’s Vedere Labs explores the state of risk management in operational technology through the lens of 56 insecure-by-design vulnerabilities....
了解勒索软件生态系统:从屏幕锁到价值数百万美元的犯罪企业
Ransomware is a constantly evolving cyberthreat, and it is through its evolution that ransomware has managed to not only survive, but thrive....
CVE-2022-27511, CVE-2022-27512: Patches for Two Citrix Application Delivery Management Vulnerabilities
Citrix patches a “nasty bug” in its Application Delivery Management solution that is difficult to exploit....
Microsoft’s June 2022 Patch Tuesday Addresses 55 CVEs (CVE-2022-30190)
Microsoft addresses 55 CVEs in its June 2022 Patch Tuesday release, including three critical flaws....
CVE-2022-26134: Zero-Day Vulnerability in Atlassian Confluence Server and Data Center Exploited in the Wild
A critical vulnerability in Atlassian Confluence Server and Data Center has been exploited in the wild by multiple threat actors. Organizations should review and implement mitigation guidance until a patch becomes available....
CVE-2022-30190: Zero Click Zero Day in Microsoft Support Diagnostic Tool Exploited in the Wild
Microsoft confirms remote code execution vulnerability in Microsoft Windows Support Diagnostic Tool that has been exploited in the wild since at least April....
Twitter Crypto Scams: Bored Ape Yacht Club, Azuki and Other Projects Impersonated to Steal NFTs, Digital Currencies
Scammers are using verified and unverified accounts to impersonate notable NFT projects like Bored Ape Yacht Club and others, tagging Twitter users to drive them to phishing websites....
CVE-2022-22972: VMware Patches Additional Workspace ONE Access Vulnerabilities (VMSA-2022-0014)
Organizations and government agencies are strongly advised to patch two newly disclosed vulnerabilities in VMware products, following warnings from VMware and the Cybersecurity and Infrastructure Security Agency....
Microsoft’s May 2022 Patch Tuesday Addresses 73 CVEs (CVE-2022-26925)
Microsoft addresses 73 CVEs in its May 2022 Patch Tuesday release, including two zero-day vulnerabilities, one of which was exploited in the wild....
CVE-2022-1388: Authentication Bypass in F5 BIG-IP
CVE-2022-1388: F5 BIG-IP 中的身分驗證迴避 F5 修補了 BIG-IP 系列產品中的身分驗證迴避弱點,它會導致任意指令的執行。 This vulnerability is actively being exploited. Update May 10: The Identifying Affected Systems section now reflect...
Hot Patches for Log4Shell Introduced Multiple Vulnerabilities in Amazon Web Services
Hot Patches for Log4Shell Introduced Multiple Vulnerabilities in Amazon Web Services Amazon Web Services has addressed vulnerabilities introduced by the hot patches released in response to the Log4Shell vulnerability in December. Background On April 19, researchers with Palo Alto’s Unit...