A recently patched vulnerability in VMware Workspace ONE Access has been leveraged to distribute both cryptocurrency mining malware and ransomware across affected systems. This information comes from Fortinet’s FortiGuard Labs, where researcher Cara Lin highlighted that the attackers aim to exploit victims’ resources extensively. The goal appears to involve not…
Apple Inc. has recently released critical updates addressing a zero-day vulnerability identified in iOS and iPadOS that has reportedly been exploited in active cyberattacks. The flaw, tracked as CVE-2022-42827, pertains to an out-of-bounds write issue within the Kernel. This type of vulnerability can empower malicious applications to execute arbitrary code…
A recently disclosed vulnerability in the SQLite database library raises significant concerns within the cybersecurity community. This high-severity flaw, tracked under the identifier CVE-2022-35737, dates back over two decades to a code update from October 2000, and it poses a risk that could allow attackers to crash or gain control…
On Tuesday, VMware announced the release of security updates aimed at addressing a critical vulnerability within its VMware Cloud Foundation product, a platform utilized for cloud infrastructure management. The vulnerability, identified as CVE-2021-39144, has been assigned a CVSS score of 9.8, indicating its severity. This flaw is related to a…
Cisco has issued a warning regarding active exploitation attempts of two persistent vulnerabilities in the Cisco AnyConnect Secure Mobility Client for Windows, which have been present for two years. The vulnerabilities, identified as CVE-2020-3153 (with a CVSS score of 6.5) and CVE-2020-3433 (CVSS score: 7.8), could potentially allow authenticated local…
Linus Torvalds, the founder of Linux and Git, famously stated, “given enough eyeballs, all bugs are shallow.” While this highlights a core tenet of open-source software—that greater visibility can lead to more rapid identification of issues—recent analysis raises questions about the efficacy of this principle in real-world applications. Emil Wåreus,…
On Tuesday, Microsoft disclosed that it had rectified an authentication bypass vulnerability in Jupyter Notebooks associated with Azure Cosmos DB, which had the potential to grant unauthorized full read and write access. This issue was identified on August 12, 2022, and was effectively resolved worldwide by October 6, 2022, shortly…
OpenSSL has announced critical updates addressing two high-severity vulnerabilities within its cryptographic library. These flaws, identified as CVE-2022-3602 and CVE-2022-3786, pose risks of denial-of-service (DoS) attacks and potential remote code execution (RCE). The vulnerabilities stem from buffer overrun issues that can be exploited during the verification of X.509 certificates, typically…
Recent research has uncovered multiple critical vulnerabilities within Checkmk, an IT infrastructure monitoring software, which may allow an unauthenticated remote attacker to seize full control of affected systems. These vulnerabilities could potentially be mishandled collectively, posing significant risks to users, especially those utilizing Checkmk version 2.1.0p10 or older. Stefan Schiller,…