Fortinet Confirms Active Exploitation of Critical Vulnerability in Firewall and Proxy Products On Monday, Fortinet disclosed a critical security vulnerability affecting its firewall and proxy offerings, warning that the flaw is currently being exploited in the wild. This vulnerability, tracked as CVE-2022-40684 and rated with a CVSS score of 9.6,…
A critical vulnerability has been identified in Siemens Simatic programmable logic controllers (PLCs), enabling potential attackers to exploit hard-coded, global private cryptographic keys. This security flaw could allow attackers to gain substantial control over these devices, posing a significant threat to industrial operations. According to a report from the industrial…
A recent investigation has uncovered a significant security vulnerability within Microsoft 365. This flaw may allow malicious actors to deduce the contents of encrypted messages, stemming from the implementation of a compromised cryptographic algorithm. According to a report from Finnish cybersecurity firm WithSecure, the encryption mechanism of Office 365 Message…
HelpSystems has announced a critical out-of-band security update for its Cobalt Strike platform, addressing a remote code execution vulnerability that poses significant risks to system integrity. This vulnerability allows attackers to potentially take control of targeted systems, underscoring the ongoing challenges cybersecurity professionals face in protecting their networks. Cobalt Strike…
Apache Commons Text Vulnerability Exposes Threats to Applications Recently, WordPress security firm Wordfence announced that they began detecting exploitation attempts targeting a significant vulnerability in Apache Commons Text, designated as CVE-2022-42889, commonly referred to as “Text4Shell.” This issue was made public on October 18, 2022, and has been rated with…
A recently patched vulnerability in VMware Workspace ONE Access has been leveraged to distribute both cryptocurrency mining malware and ransomware across affected systems. This information comes from Fortinet’s FortiGuard Labs, where researcher Cara Lin highlighted that the attackers aim to exploit victims’ resources extensively. The goal appears to involve not…
Apple Inc. has recently released critical updates addressing a zero-day vulnerability identified in iOS and iPadOS that has reportedly been exploited in active cyberattacks. The flaw, tracked as CVE-2022-42827, pertains to an out-of-bounds write issue within the Kernel. This type of vulnerability can empower malicious applications to execute arbitrary code…
A recently disclosed vulnerability in the SQLite database library raises significant concerns within the cybersecurity community. This high-severity flaw, tracked under the identifier CVE-2022-35737, dates back over two decades to a code update from October 2000, and it poses a risk that could allow attackers to crash or gain control…
On Tuesday, VMware announced the release of security updates aimed at addressing a critical vulnerability within its VMware Cloud Foundation product, a platform utilized for cloud infrastructure management. The vulnerability, identified as CVE-2021-39144, has been assigned a CVSS score of 9.8, indicating its severity. This flaw is related to a…