[HackerNews] VMware Issues Patches to Fix New Flaws Affecting Multiple Products

VMware on Wednesday shipped security updates to address vulnerabilities in multiple products that could be potentially exploited by an attacker to take control of an affected system.
The six security weaknesses (from CVE-2021-22022 through CVE-2021-22027, CVSS scores: 4.4 – 8.6) affect VMware vRealize Operations (prior to version 8.5.0), VMware Cloud Foundation (versions 3.x and 4.x), and

Source: Read More (The Hacker News)

You might be interested in …

[SANS ISC] CVE-2019-9670: Zimbra Collaboration Suite XXE vulnerability, (Sat, Jun 26th)

All posts, Sans-ISC

This XML External Entity injection (XXE) vulnerability disclosed in March 2019 is still actively scanned for a vulnerable mailboxd component in Synacor Zimbra Collaboration Suite 8.7.x before 8.7.11p10. This exploit attempts to read the Zimbra configuration file that contains an LDAP password for the zimbra account. Sample Log 20210625-144918: 192.168.25.9:443-45.146.165.123:41062 data POST /Autodiscover/Autodiscover.xml HTTP/1.1 Host: […]

Read More

[SecurityWeek] OT Systems Increasingly Targeted by Unsophisticated Hackers: Mandiant

All posts, Security Week

Unsophisticated threat actors — in many cases motivated by financial gain — have increasingly targeted internet-exposed operational technology (OT) systems, according to research conducted by Mandiant, FireEye’s threat intelligence and incident response unit. read more Source: Read More (SecurityWeek RSS Feed)

Read More

[ThreatPost] Canopy Parental Control App Wide Open to Unpatched XSS Bugs

All posts, ThreatPost

The possible cyberattacks include disabling monitoring, location-tracking of children and malicious redirects of parent-console users. Source: Read More (Threatpost)

Read More

Leave a Reply

Your email address will not be published.

This site uses Akismet to reduce spam. Learn how your comment data is processed.