Tens of thousands of IPs vulnerable to Fortinet flaw dubbed ‘must patch’ by feds
The Shadowserver Foundation put the figure at around 87,000 for a vulnerability rated as critical and first discovered in February.
Advertisement
remote code execution
‘Spring4Shell’ bug in framework for Java programming draws widespread warnings
Web applications created in the Spring platform could leave users open to remote code execution, CISA and others are warning.
NSA says it found new critical vulnerabilities in Microsoft Exchange Server
The news comes at a time of heightened concern over bugs in Exchange Server.
F5 releases patches for nearly two dozen vulnerabilities, some critical
It's the second time in as many years that F5 has revealed flaws that could allow remote code execution.
SolarWinds issues patches for two new critical bugs found in Orion software
One of the bugs offers a similar level of system access that the alleged Russian spies achieved.
Advertisement
Router vendor has patched some zero-days, but leaves others wide open
A researcher found 10 previously undisclosed vulnerabilities in MoFi Networks routers that could allow attackers to steal passwords and data from networks.
CISA confirms hackers are exploiting F5 flaw on federal and private networks
Two compromises have been confirmed. An investigation into other possible breaches is ongoing.
US cyber officials urge patching of bug affecting up to 40K SAP customers
The last month has been a bonfire of critical software bugs.
Zero-day flaw found in Zoom for Windows 7
A hacker who successfully exploits the Zoom vulnerability could access files on the vulnerable computer, according to ACROS Security, the Slovenian firm that highlighted the issue.
‘Ripple’ effect: Flaws found in protocols impact everything from printers to infusion pumps
The discovery highlights how obscure companies can have an outsize impact on supply chain security.
Advertisement