An unofficial security patch has been made available for a new Windows zero-day vulnerability in the Microsoft Support Diagnostic Tool (MSDT), even as the Follina flaw continues to be exploited in the wild. The issue — referenced as DogWalk — relates to a path traversal flaw that can be exploited to stash a malicious executable file to the Windows Startup folder when a … [Read more...] about Researchers Warn of Unpatched “DogWalk” Microsoft Windows Vulnerability
vulnerability
Critical UNISOC Chip Vulnerability Affects Millions of Android Smartphones
A critical security flaw has been uncovered in UNISOC's smartphone chipset that could be potentially weaponized to disrupt a smartphone's radio communications through a malformed packet. "Left unpatched, a hacker or a military unit can leverage such a vulnerability to neutralize communications in a specific location," Israeli cybersecurity company Check Point said in a report … [Read more...] about Critical UNISOC Chip Vulnerability Affects Millions of Android Smartphones
GitLab Issues Security Patch for Critical Account Takeover Vulnerability
GitLab has moved to address a critical security flaw in its service that, if successfully exploited, could result in an account takeover. Tracked as CVE-2022-1680, the issue has a CVSS severity score of 9.9 and was discovered internally by the company. The security flaw affects all versions of GitLab Enterprise Edition (EE) starting from 11.10 before 14.9.5, all versions … [Read more...] about GitLab Issues Security Patch for Critical Account Takeover Vulnerability
Follina (CVE-2022-30190): a vulnerability in MSDT
Researchers have discovered another serious vulnerability in Microsoft products that potentially allows attackers to execute arbitrary code. MITRE designated this vulnerability as CVE-2022-30190, while researchers somewhat poetically named it Follina. The most disturbing thing is that there’s no fix for this bug yet. What’s even worse, the vulnerability is already being … [Read more...] about Follina (CVE-2022-30190): a vulnerability in MSDT
Experts Detail New RCE Vulnerability Affecting Google Chrome Dev Channel
Details have emerged about a recently patched critical remote code execution vulnerability in the V8 JavaScript and WebAssembly engine used in Google Chrome and Chromium-based browsers. The issue relates to a case of use-after-free in the instruction optimization component, successful exploitation of which could "allow an attacker to execute arbitrary code in the context of the … [Read more...] about Experts Detail New RCE Vulnerability Affecting Google Chrome Dev Channel
Critical ‘Pantsdown’ BMC Vulnerability Affects QCT Servers Used in Data Centers
Quanta Cloud Technology (QCT) servers have been identified as vulnerable to the severe "Pantsdown" Baseboard Management Controller (BMC) flaw, according to new research published today. "An attacker running code on a vulnerable QCT server would be able to 'hop' from the server host to the BMC and move their attacks to the server management network, possibly continue and obtain … [Read more...] about Critical ‘Pantsdown’ BMC Vulnerability Affects QCT Servers Used in Data Centers
Cisco Issues Patch for New IOS XR Zero-Day Vulnerability Exploited in the Wild
Cisco on Friday rolled out fixes for a medium-severity vulnerability affecting IOS XR Software that it said has been exploited in real-world attacks. Tracked as CVE-2022-20821 (CVSS score: 6.5), the issue relates to an open port vulnerability that could be abused by an unauthenticated, remote attacker to connect to a Redis instance and achieve code execution. "A successful … [Read more...] about Cisco Issues Patch for New IOS XR Zero-Day Vulnerability Exploited in the Wild
Actively exploited vulnerability in Windows
On the latest Patch Tuesday (May 10) Microsoft released updates for 74 vulnerabilities. At least one of them is already being actively exploited by attackers. Thus, it’s a good idea to install patches as soon as possible. CVE-2022-26925 – the most dangerous of the addressed vulnerabilities Apparently, the most dangerous vulnerability addressed in this update pack is … [Read more...] about Actively exploited vulnerability in Windows
Microsoft Azure Vulnerability Exposes PostgreSQL Databases to Other Customers
Microsoft on Thursday disclosed that it addressed a pair of issues with the Azure Database for PostgreSQL Flexible Server that could result in unauthorized cross-account database access in a region. "By exploiting an elevated permissions bug in the Flexible Server authentication process for a replication user, a malicious user could leverage an improperly anchored regular … [Read more...] about Microsoft Azure Vulnerability Exposes PostgreSQL Databases to Other Customers
Researchers Report Critical RCE Vulnerability in Google’s VirusTotal Platform
Security researchers have disclosed a security vulnerability in the VirusTotal platform that could have been potentially weaponized to achieve remote code execution (RCE). The flaw, now patched, made it possible to "execute commands remotely within VirusTotal platform and gain access to its various scans capabilities," Cysource researchers Shai Alfasi and Marlon Fabiano da … [Read more...] about Researchers Report Critical RCE Vulnerability in Google’s VirusTotal Platform