Cybersecurity, VMware released updates to solve many vulnerabilities
The riskiest was the CVE-2021-21972. It was caused by gaps in the validation of user inputs by the vROP plugin in the vCenter Server Web Application.
Cybercrime, web shell attacks on servers continue to grow
Microsoft cybersecurity experts: It may be attributed to how simple and effective they can be. Attackers exploit vulnerabilities in web applications.
Cyber Espionage, North Korea’s hackers target cybersecurity researchers
Google Threat Analysis Group: They use multiple platforms to communicate, a blog as a lure, and a novel social engineering technique.
Cybersecurity, AMNESIA:33 hit open source TCP/IP stacks
Forescout: It’s a group of 33 vulnerabilites in IoT and embedded devices, caused by memory management bugs. Pay attention!
Cybercrime, WordPress hit by waves of attacks targeting Epsilon Framework themes
Wordfence cybersecurity experts: They exploit Function Injection and other older vulnerabilities, The aggressions seem to search flaws.
Cyber Security, Microsoft fixes urgently two Codec vulnerabilities
They are the CVE-2020-1425 and the CVE-2020-1457, and affects Library on several Windows 10 and Windows Server versions. Up to date, there aren’t any alternative mitigating measures.
Cyber Security, Microsoft fixes 129 product vulnerabilities at once
Eleven were critical, but none of them has been exploited by cybercrime. SecurityAffairs: One was located in the Server Message Block (SMB) protocol, and dubbed SMBleed.
Cyber Security, two new medium vulnerabilities on Linux Kernel
They allow an actor to perform a denial of service (DoS) attack. The first one at local level, the second one by remote. Install the updates to mitigate the risks!
Cybercrime, Salt servers hacked thanks to two flaws
The Cyber Security Experts: The attackers used CVE-2020-11651 and CVE-2020-11652 to install backdoors and cryptominers. More than 6,000 devices could be compromised.
Cyber security, two serious vulnerabilities in billion chips discovered
Worcester Polytechnic Institute (WPI) cyber security researchers: affected chips made by Intel and STMicroelectronics. Side-channel attacks could have caused cryptographic keys steal.