byPaul DucklinWell-known Google Project Zero researcher Ian Beer has just published a blog post that is attracting a lot of media attention.The article itself has a perfectly accurate and interesting title, namely: An iOS zero-click radio proximity exploit odyssey.But it’s headlines like the one we’ve used above that capture the practical essence

Threat actors are targeting an Oracle WebLogic flaw patched last month in an attempt to install a piece of malware named DarkIRC on vulnerable systems.Tracked as CVE-2020-14882 and leading to code execution, the vulnerability was addressed in the October 2020 Critical Patch Update (CPU). The first attacks targeting it were observed roughly one week after and

An unofficial patch is now available through ACROS Security’s 0patch service for a zero-day vulnerability identified earlier this month in Windows 7 and Windows Server 2008 R2.The privilege escalation flaw, detailed by security researcher Clément Labro on November 12, exists because all users have write permissions for HKLMSYSTEMCurrentControlSetServicesDnsc

byPaul DucklinIt’s the fourth Thursday in November, so it’s not just a day for saying “Happy Thanksgiving” to our US readers……but also a day for thinking about the cool new gadgets you have in mind for your Black Friday shopping spree tomorrow.(Is it just us, or has Cyber Monday disappeared as a concept now that “Bl

NSX-T is a Software-Defined-Networking (SDN) solution of VMware which, as its basic functionality, supports spanning logical networks across VMs on distributed ESXi and KVM hypervisors. The central controller of the SDN is the NSX-T Manager Cluster which is responsible for deploying the network configurations to the hypervisor hosts. This summer, I looked in

byPaul DucklinHi, everyone – for S3 Ep8, we’ve gone live a day early to take into account the US Thanksgiving holiday on Thursday. (Followed, of course, by Black Friday, so if you’re splashing out online, please take care out there!)This week, we talk to hacker and vulnerability disclosure pioneer, Katie Moussouris. Katie Moussouris, CEO of

cPanel last week released patches to address three vulnerabilities in cPanel & WebHost Manager (WHM), including one leading to two-factor authentication bypass.A suite of tools built for Linux, cPanel & WHM helps hosting providers and users automate management and web hosting tasks. With over 20 years of web hosting experience, cPanel claims servers

byPaul DucklinThanks to Bill Kearney of Sophos Rapid Response for his work on this article.If you’ve read the recent Sophos 2021 Threat Report, you’ll know that we deliberately included a section about all the malware out there that isn’t ransomware.Sure, ransomware understandably hogs the media headlines these days, but cybercriminality go

VMware on Monday published an advisory to inform users that it’s working on patching a critical command injection vulnerability affecting Workspace ONE Access and some related components.The flaw, tracked as CVE-2020-4006 and having a CVSS score of 9.1, was reported privately to VMware, but the virtualization giant has not credited anyone in its advisory. Th

VMware has released a workaround to address a critical zero-day in multiple VMware Workspace One components that allows attackers to execute commands on the host Linux and Windows operating systems using escalated privileges.Zero-days are publicly disclosed vulnerabilities not yet patched by the vendor. In some cases, zero-days are also actively exploited in

byPaul DucklinModern telephony is full of anachronisms.For example, we still “dial” calls, and many phone apps still display the word “dialling” while they’re waiting for the person at the other end to pick up.But when was the last time you saw, let alone used, a phone that actually had a dial? And we still use idioms such as &#

VMware has released security updates to fix critical and high severity vulnerabilities in VMware ESXi, Workstation, Fusion, and Cloud Foundation, allowing for code execution and privilege escalation.The two vulnerabilities were successfully exploited by Qihoo 360 Vulcan Team's Xiao Wei and Tianwen Tang during the first day of the 2020 Tia

Document Title:===============VTiger v7.0 CRM - (To) Persistent Email VulnerabilityReferences (Source):====================https://www.vulnerability-lab.com/get_content.php?id=2227Release Date:=============2020-11-18Vulnerability Laboratory ID (VL-ID):====================================2227Common Vulnerability Scoring System:================================

Facebook this week addressed a vulnerability in Facebook Messenger for Android that could have allowed an attacker to connect to an audio call without user interaction.Discovered by Google Project Zero security researcher Natalie Silvanovich, the issue exists because an attacker can send a crafted message that would trick the receiver’s Messenger into automa

Cisco this week announced the availability of software updates that address multiple vulnerabilities across several products, including bugs leading to unauthorized access to Webex meetings.Identified by IBM’s security researchers, the Webex flaws could allow attackers to join meetings as ghosts (without being seen by other participants), remain in the meeti