Security

A researcher found a flaw in Windows OS, tracked as PetitPotam, that can be exploited to force remote Windows machines to share their password hashes. Security researcher Gilles Lionel (aka Topotam) has discovered a vulnerability in the Windows operating system that allows an attacker to force remote Windows machines to authenticate and share their password hashes with […]

The post Obtaining password hashes of Windows systems with PetitPotam attack appeared first on Security Affairs.

Read More Obtaining password hashes of Windows systems with PetitPotam attack

How businesses can benefit from the adoption of an identity and access management solution. Businesses that use outdated manual processes to grant and control access to their IT resources are getting left behind. This article describes what an identity and access management solution is and how it can benefit your business. Identity Is the New […]

The post What Is An Identity and Access Management So-lution and How Can Businesses Benefit From It? appeared first on Security Affairs.

Read More What Is An Identity and Access Management So-lution and How Can Businesses Benefit From It?

Multiple major websites, including Steam, AWS, Amazon, Google, and Salesforce, went offline due to Akamai DNS global outage. A software configuration update triggered a bug in the Akamai DNS which took offline major websites, including Steam, the PlayStation Network, AWS, Google, and Salesforce. “A software configuration update triggered a bug in the DNS (domain name […]

The post Akamai software update triggered a bug that took offline major sites appeared first on Security Affairs.

Read More Akamai software update triggered a bug that took offline major sites

Oracle released its Critical Patch Update for July 2021, it fixes hundreds of flaws, including Critical Remotely Exploitable vulnerabilities in Weblogic Server. Oracle this week released its quarterly Critical Patch Update for July 2021 that contains 342 new security patches for multiple product families. Some of the vulnerabilities addressed by the IT giant could be remotely exploited by […]

The post Oracle fixes critical RCE vulnerabilities in Weblogic Server appeared first on Security Affairs.

Read More Oracle fixes critical RCE vulnerabilities in Weblogic Server

Experts discovered a Local Privilege Escalation, tracked as CVE-2021-33909, that could allow attackers to get root access on most Linux distros. Qualys researchers discovered a local privilege escalation (LPE) tracked as CVE-2021-33909, aka Sequoia, an unprivileged attacker can exploit the flaw to get root privileges on most Linux distros. The issue is a size_t-to-int type […]

The post LPE flaw in Linux kernel allows attackers to get root privileges on most distros appeared first on Security Affairs.

Read More LPE flaw in Linux kernel allows attackers to get root privileges on most distros

Experts discovered a Local Privilege Escalation, tracked as CVE-2021-33909, that could allow attackers to get root access on most Linux distros. Qualys researchers discovered a local privilege escalation (LPE) tracked as CVE-2021-33909, aka Sequoia, an unprivileged attacker can exploit the flaw to get root privileges on most Linux distros. The issue is a size_t-to-int type […]

The post LPE flaw in Linux kernel allows attackers to get root privileges on most distros appeared first on Security Affairs.

Read More LPE flaw in Linux kernel allows attackers to get root privileges on most distros

Experts warn of a 16-year-old vulnerability (CVE-2021-3438) in an HP, Xerox, and Samsung printers driver that an attacker could exploit to gain admin rights on systems. Researchers from SentinelOne discovered a 16-year-old security vulnerability in an HP, Xerox, and Samsung printers driver that can allow attackers to gain admin rights on systems running the flawed […]

The post A 16-year-old bug (CVE-2021-3438) in printer driver affects millions of printers worldwide appeared first on Security Affairs.

Read More A 16-year-old bug (CVE-2021-3438) in printer driver affects millions of printers worldwide

Fortinet fixes a serious bug in its FortiManager and FortiAnalyzer network management solutions that could be exploited to execute arbitrary code as root. Fortinet has released security updates to address a serious bug, tracked as CVE-2021-32589, affecting FortiManager and FortiAnalyzer network management solutions. The CVE-2021-32589 vulnerability is a Use After Free issue that an attacker […]

The post A bug in Fortinet FortiManager and FortiAnalyzer allows unauthenticated hackers to run code as root appeared first on Security Affairs.

Read More A bug in Fortinet FortiManager and FortiAnalyzer allows unauthenticated hackers to run code as root

Cisco Talos experts disclose details of several critical flaws in a router monitoring application developed by industrial and IoT firm Advantech. Cisco Talos researchers discovered multiple critical vulnerabilities in the R-SeeNet application developed by industrial and IoT firm Advantech. The application allows network administrators to monitor Advantech routers in their infrastructure. The monitoring tool collects […]

The post Experts disclose critical flaws in Advantech router monitoring tool appeared first on Security Affairs.

Read More Experts disclose critical flaws in Advantech router monitoring tool

Pegasus Project investigation into the leak of 50,000 phone numbers of potential surveillance targets revealed the abuse of NSO Group’s spyware. Pegasus Project is the name of a large-scale investigation into the leak of 50,000 phone numbers of potential surveillance targets that revealed the abuse of NSO Group’s spyware. Pegasus is a surveillance malware developed by […]

The post Pegasus Project – how governments use Pegasus spyware against journalists appeared first on Security Affairs.

Read More Pegasus Project – how governments use Pegasus spyware against journalists

Cyberspace Administration of China (CAC) issued new vulnerability disclosure regulations that oblige experts to report zero-days to the government. The Cyberspace Administration of China (CAC) has issued a new exacerbated vulnerability disclosure regulation that requires white hat hackers uncovering critical zero-day flaws in computer systems to first report them to the government authorities within two […]

The post Chinese government issues new vulnerability disclosure regulations appeared first on Security Affairs.

Read More Chinese government issues new vulnerability disclosure regulations

Instagram introduced a new security feature dubbed “Security Checkup” to help users to recover their accounts that have been compromised. Good news for the owners of Instagram accounts that may have been compromised, the company launched a new feature named ‘Security Checkup‘ feature that aims to keep accounts safe and help users to recover them. […]

The post Instagram implements ‘Security Checkup’ to help users recover compromised accounts appeared first on Security Affairs.

Read More Instagram implements ‘Security Checkup’ to help users recover compromised accounts

BleepingComputer became aware that the recent wave of attacks targeting vulnerable SonicWall devices was carried out by HelloKitty ransomware operators. SonicWall this week has issued an urgent security alert to warn companies of “an imminent ransomware campaing” targeting some of its equipment that reached end-of-life (EoL). Threat actors could target unpatched devices belonging to Secure Mobile Access […]

The post HelloKitty ransomware gang targets vulnerable SonicWall devices appeared first on Security Affairs.

Read More HelloKitty ransomware gang targets vulnerable SonicWall devices

The US government is offering a $10 million reward to everyone that provides information on operations conducted by nation-state actors. The US government is offering a $10 million reward for information on campaigns conducted by state-sponsored hackers. The move was announced by the U.S. Department of State, the US agency states that its Rewards for […]

The post US govt offers $10 million reward for info on nation-state cyber operations appeared first on Security Affairs.

Read More US govt offers $10 million reward for info on nation-state cyber operations

Cisco addressed a high severity DoS vulnerability in the Adaptive Security Appliance (ASA) and Firepower Threat Defense (FTD) software. Cisco this week released security updates for a high severity vulnerability in the Adaptive Security Appliance (ASA) and Firepower Threat Defense (FTD) products. The flaw resides in the software cryptography module of both ASA and FTD […]

The post Cisco fixes high-risk DoS flaw in ASA, FTD Software appeared first on Security Affairs.

Read More Cisco fixes high-risk DoS flaw in ASA, FTD Software

Network equipment vendor D-Link has released a firmware hotfix to fix multiple vulnerabilities in the DIR-3040 AC3000-based wireless internet router. Network equipment vendor D-Link has released a firmware hotfix to address multiple vulnerabilities affecting the DIR-3040 AC3000-based wireless internet router. An attacker could exploit the flaws to execute arbitrary code on unpatched routers, crash the devices, or gain access […]

The post D-Link issues beta hotfix for multiple flaws in DIR-3040 routers appeared first on Security Affairs.

Read More D-Link issues beta hotfix for multiple flaws in DIR-3040 routers

Microsoft published guidance to mitigate the impact of a new Windows Print Spooler vulnerability tracked as CVE-2021-34481 that was disclosed today. Microsoft published a security advisory for a new Windows Print Spooler vulnerability, tracked as CVE-2021-34481, that was disclosed on Thursday. The flaw is a privilege elevation vulnerability that resides in the Windows Print Spooler, it was […]

The post Microsoft alerts about a new Windows Print Spooler vulnerability appeared first on Security Affairs.

Read More Microsoft alerts about a new Windows Print Spooler vulnerability

Google Chrome 91.0.4472.164 addresses seven security vulnerabilities, including a high severity zero-day flaw exploited in the wild. Google has released Chrome 91.0.4472.164 for Windows, Mac, and Linux that addresses seven vulnerabilities, including a high severity zero-day vulnerability, tracked as CVE-2021-30563, that has been exploited in the wild. The CVE-2021-30563 is a “type confusion” issue that […]

The post Google Chrome 91.0.4472.164 fixes a new zero-day exploited in the wild appeared first on Security Affairs.

Read More Google Chrome 91.0.4472.164 fixes a new zero-day exploited in the wild

Experts said that Israeli surveillance firm Candiru, tracked as Sourgum, exploited zero-days to deliver a new Windows spyware. Microsoft and Citizen Lab believe that the secretive Israel-based Israeli surveillance firm Candiru, tracked as Sourgum, used Windows zero-day exploits to deliver a new Windows spyware dubbed DevilsTongue. According to the experts, at least 100 activists, journalists […]

The post Israeli surveillance firm Candiru used Windows zero-days to deploy spyware appeared first on Security Affairs.

Read More Israeli surveillance firm Candiru used Windows zero-days to deploy spyware

Zero-day exploit broker Zerodium is looking for 0day exploits for the VMware vCenter Server Zero-day exploit broker Zerodium announced it is looking for zero-day exploits for VMware vCenter Server. vCenter Server is the centralized management utility for VMware, and is used to manage virtual machines, multiple ESXi hosts, and all dependent components from a single centralized location. The company will […]

The post Exploit broker Zerodium is looking for VMware vCenter Server exploits appeared first on Security Affairs.

Read More Exploit broker Zerodium is looking for VMware vCenter Server exploits

SonicWall has issued an urgent security alert to warn customers of “an imminent ransomware campaing” targeting EOL equipment. SonicWall has issued an urgent security alert to warn companies of “an imminent ransomware campaing” targeting some of its equipment that reached end-of-life (EoL). Threat actors could target unpatched devices belonging to Secure Mobile Access (SMA) 100 series […]

The post SonicWall warns of ‘imminent ransomware’ attacks on its EOL products appeared first on Security Affairs.

Read More SonicWall warns of ‘imminent ransomware’ attacks on its EOL products

Adobe addressed multiple critical vulnerabilities in several products, including Adobe Acrobat and Reader application. Adobe addressed multiple critical remote code execution and privilege escalation vulnerabilities in multiple products running on both Windows and macOS systems. The flaws fixed by Adobe affect Acrobat and Reader, Illustrator, Framemaker, Dimension and Bridge products. Below the list of advisories […]

The post Adobe patches critical vulnerabilities in Reader, Acrobat, and Illustrator appeared first on Security Affairs.

Read More Adobe patches critical vulnerabilities in Reader, Acrobat, and Illustrator