18
Feb
Vulnerabilities Tag
16
Feb
13
Oct
Two teams of researchers have revealed vulnerabilities this week in Unified Extensible Firmware Interface (UEFI) implementations and bootloaders that could allow attackers to defeat the secure boot defenses of modern PCs and deploy highly persistent rootkits. Researchers from firmware and hardware security firm Eclypsium published a report on vulnerabilities they found in three third-party bootloaders that are digitally signed by Microsoft's root of trust. They can...
Read More
24
Mar
Researchers found an easy-to-exploit vulnerability in Snap, a universal application packaging and distribution system developed for Ubuntu but available on multiple Linux distributions. The flaw allows a low-privileged user to execute malicious code as root, the highest administrative account on Linux. The vulnerability, tracked as CVE-2021-44731, is part of a series of flaws that researchers from security firm Qualys found in various Linux components while investigating...
Read More
26
Feb
A gang of cybercriminals known for breaking into computer systems and selling access to them has been discovered exploiting an Apache Log4j vulnerability, Log4Shell, in unpatched VMware Horizon to plant cryptominers and backdoors on targeted systems. In a blog published Wednesday, Blackberry' researchers Ryan Gibson, Codi Starks and Will Ikard revealed that Prophet Spider was behind the attacks, which could be reliably detected by monitoring ws_TomcatService.exe,...
Read More
08
Jan
The Apache Log4j vulnerability has made global headlines since it was discovered in early December. The flaw has impacted vast numbers of organizations around the world as security teams have scrambled to mitigate the associated risks. Here is a timeline of the key events surrounding the Log4j vulnerability as they have unfolded. Thursday, December 9: Apache Log4j zero-day exploit discovered Apache released details on a critical vulnerability...
Read More
01
Dec
Virtual appliances are a popular way for software vendors to distribute their products to enterprise customers as they contain all the necessary pre-configured software stacks their applications need to function and can be deployed in public clouds or private data centers with ease. Unfortunately, enterprises are at risk of deploying images that are vulnerable out-of-the-box according to a new study. It found that many vendors,...
Read More- 1
- 2