Security provider SonicWall released a new firmware update for an SMA-100 zero-day vulnerability that was exploited in attacks. SonicWall has released a second firmware update for the SMA-100 zero-day vulnerability that was exploited in attacks in the wild. SonicWall disclosed a security breach on January 22, it blamed sophisticated threat ac

--------------------------------------------------------------docsify <= 4.11.6 DOM-based Cross-Site Scripting Vulnerability--------------------------------------------------------------[-] Software Link:https://docsify.js.org/[-] Affected Versions:Version 4.11.6 and prior versions.[-] Vulnerability Description:The vulnerability exists due to an incomplet

Open Source projects are the building blocks of any software development process. As we indicated in our previous blog, as more and more products use open source code, the increase in the overall attack surface is inevitable, especially when open source code is not audited before use. Hence it is recommended to thoroughly test it for potential vulnerabilitie

The McAfee Advanced Threat Research (ATR) team is committed to uncovering security issues in both software and hardware to help developers provide safer products for businesses and consumers. We recently investigated and published several findings on a personal robot called “temi”, which can be read about in detail here. A byproduct of our robotic research w

Asterisk Project Security Advisory - AST-2021-005 Product Asterisk Summary Remote Crash Vulnerability in PJSIP channel driver Nature of Advisory Denial of Service Susceptibility Remote Unauthenticated Sessions

At least 50% of apps used in sectors such as manufacturing, public services, healthcare, retail, education and utilities contain one or more serious exploitable vulnerabilities, according to a new study by WhiteHat Security.This is particularly concerning given the shift to digital across most sectors in the past year increasing the number of apps being util

A bug bounty hunter claims he has earned a $5,000 reward from Apple for reporting a stored cross-site scripting (XSS) vulnerability on iCloud.com.Vishal Bharad, a researcher and penetration tester from India, published a blog post earlier this week describing his findings. Bharad said he had attempted to find cross-site request forgery (CSRF), insecure direc

byPaul DucklinDigital ad company Confiant, which claims to “improve the digital marketing experience” for online advertisers by knowing about and getting rid of malicious and unwanted ads, has just published an analysis of a malvertising group it calls ScamClub.According to Confiant, this group is behind a massive number of those annoying and sca

QNAP has addressed a critical security vulnerability in the Surveillance Station app that allows attackers to execute malicious code remotely on network-attached storage (NAS) devices running the vulnerable software.Surveillance Station is QNAP's network surveillance Video Management System (VMS), a software solution that can help users manage

A malvertising operation observed last year by advertising cybersecurity company Confiant exploited what turned out to be a zero-day vulnerability in the WebKit browser engine.Confiant researchers discovered the security hole while analyzing a campaign carried out by a threat actor they call ScamClub. The group has been around for several years, launching ma

At the virtual Enigma Conference, Google’s Project Zero’s Maggie Stone gave a talk about zero-day exploits in the wild. In it, she talked about how often vendors fix vulnerabilities only to have the attackers tweak their exploits to work again. From a MIT Technology Review article: Soon after they were spotted, the researchers saw one exploit bei

byPaul DucklinWe discuss bug hunting – how to do it professionally, how NOT to do it, and how to react when bugs are reported to you:Watch directly on YouTube if the video won’t play here.Click the on-screen Settings cog to speed up playback or show subtitles.Related readingFor futher information, please take a look at the following:Have a domain

Slovenia-based cybersecurity research company ACROS Security last week announced the release of an unofficial micro-patch for a zero-day vulnerability in Microsoft Internet Explorer (IE) that North Korean hackers are believed to have exploited in a campaign targeting security researchers.South Korean security vendor ENKI published a report on the IE zero-day

VMware last week informed customers about the availability of patches for a potentially serious vulnerability affecting its vSphere Replication product.vSphere Replication, a VMware vSphere component, is a virtual machine replication engine designed for data protection and disaster recovery.VMware has told customers that several versions of the product are a

Researchers at TIM’s Red Team Research discovered a zero-day vulnerability in IBM InfoSphere Information Server. Today, TIM’s Red Team Research led by Massimiliano Brolli, discovered a new critical vulnerability in IBM InfoSphere Information Server. The flaw has not addressed by IBM, because the product version 8.5.0.0 is in End-of-life. Today, TIM’s