HelpSystems has announced a critical out-of-band security update for its Cobalt Strike platform, addressing a remote code execution vulnerability that poses significant risks to system integrity. This vulnerability allows attackers to potentially take control of targeted systems, underscoring the ongoing challenges cybersecurity professionals face in protecting their networks. Cobalt Strike…
Apache Commons Text Vulnerability Exposes Threats to Applications Recently, WordPress security firm Wordfence announced that they began detecting exploitation attempts targeting a significant vulnerability in Apache Commons Text, designated as CVE-2022-42889, commonly referred to as “Text4Shell.” This issue was made public on October 18, 2022, and has been rated with…
A recently patched vulnerability in VMware Workspace ONE Access has been leveraged to distribute both cryptocurrency mining malware and ransomware across affected systems. This information comes from Fortinet’s FortiGuard Labs, where researcher Cara Lin highlighted that the attackers aim to exploit victims’ resources extensively. The goal appears to involve not…
Apple Inc. has recently released critical updates addressing a zero-day vulnerability identified in iOS and iPadOS that has reportedly been exploited in active cyberattacks. The flaw, tracked as CVE-2022-42827, pertains to an out-of-bounds write issue within the Kernel. This type of vulnerability can empower malicious applications to execute arbitrary code…
A recently disclosed vulnerability in the SQLite database library raises significant concerns within the cybersecurity community. This high-severity flaw, tracked under the identifier CVE-2022-35737, dates back over two decades to a code update from October 2000, and it poses a risk that could allow attackers to crash or gain control…
On Tuesday, VMware announced the release of security updates aimed at addressing a critical vulnerability within its VMware Cloud Foundation product, a platform utilized for cloud infrastructure management. The vulnerability, identified as CVE-2021-39144, has been assigned a CVSS score of 9.8, indicating its severity. This flaw is related to a…
Cisco has issued a warning regarding active exploitation attempts of two persistent vulnerabilities in the Cisco AnyConnect Secure Mobility Client for Windows, which have been present for two years. The vulnerabilities, identified as CVE-2020-3153 (with a CVSS score of 6.5) and CVE-2020-3433 (CVSS score: 7.8), could potentially allow authenticated local…
Linus Torvalds, the founder of Linux and Git, famously stated, “given enough eyeballs, all bugs are shallow.” While this highlights a core tenet of open-source software—that greater visibility can lead to more rapid identification of issues—recent analysis raises questions about the efficacy of this principle in real-world applications. Emil Wåreus,…
On Tuesday, Microsoft disclosed that it had rectified an authentication bypass vulnerability in Jupyter Notebooks associated with Azure Cosmos DB, which had the potential to grant unauthorized full read and write access. This issue was identified on August 12, 2022, and was effectively resolved worldwide by October 6, 2022, shortly…