Log in to see all content. Some content is hidden to the public.
Can't find what you're looking for? Help us improve the search functionality by reporting the expected results.
1509 Results
Zero-Day Flaw in WPGateway is Being Actively Exploited in the Wild
A zero-day flaw in the latest version of a WordPress premium plugin known as WPGateway is being actively exploited in the wild. Exploitation of some of this vulnerability could allow a remote attacker to take control of an affected website. For a complete description of the vulnerabilities and affected systems go to Over 280,000 WordPress Sites Attacked. IT Security
Microsoft Releases September 2022 Security Updates to Address Multiple Vulnerabilities Including Ones That are Being Exploited in the Wild
Microsoft has released updates to address multiple vulnerabilities in Microsoft software including ones which were ranked as “critical” and are already being exploited in the wild. An attacker could exploit these vulnerabilities to take control of an affected system. For a complete description of the vulnerabilities and affected systems go to Microsoft September 2022 Security Update Guide.
Apple Releases Security Updates for Multiple Products
Apple has released security updates to address vulnerabilities in multiple Apple products. An attacker could exploit some of these vulnerabilities to take control of an affected device. For a complete description of the vulnerabilities and affected systems go to Apple Security Updates. IT Security
Medium and High Vulnerabilities in Multiple Cisco Products
Cisco has released security updates to address Medium and High vulnerabilities in multiple Cisco products. A remote attacker could exploit this vulnerability to take control of an affected system. For a complete description of the vulnerabilities and affected systems go to Cisco Security Advisories and Alerts. IT Security
Vulnerability in OWASP ModSecurity Core Rule Set
Mandiant has released a vulnerability report to address a vulnerability in OWASP ModSecurity Core Rule Set 3.2.0. Attackers can use the comment characters and variable assignments in the SQL syntax to bypass Modsecurity WAF protection and implement SQL injection attacks on Web applications. For a complete description of the vulnerabilities and affected systems go to CVE-2020-22669 Detail.
High Vulnerability in vm2 Impacting Red Hat ACM
Mandiant reported a security update for a High vulnerability in vm2. A threat actor can bypass the sandbox protections to gain remote code execution rights on the host running the sandbox. For a complete description of the vulnerabilities and affected systems go to Bug 2124794 (CVE-2022-36067) - CVE-2022-36067 vm2: Sandbox Escape in vm2. IT Security
High Vulnerability in the HP Pre-Installed Support Assistant Tool
HP has released security updates to address a High vulnerability in the HP Pre-Installed Support Assistant Tool. It is possible for an attacker to exploit the DLL hijacking vulnerability and elevate privileges when Fusion launches the HP Performance Tune-up.
Weaponized Vulnerability in Open Web Analytics (OWA)
H-ISAC reported that a Weaponized Vulnerability in Open Web Analytics (OWA). An attacker could exploit this vulnerability to escalate privileges. For a complete description of the vulnerabilities and affected systems go to CVE-2022-24637 Detail. IT Security Read more about IT Security service offerings.
Vulnerabilities in Cisco Small Business RV Series Routers will not be patched (End of Life)
Cisco has released a security advisory to announce that they will not patch vulnerabilities in older versions of their Cisco Small Business RV Series Routers. These vulnerabilities could allow an unauthenticated, remote attacker to execute arbitrary code or cause a denial of service (DoS) condition on an affected device.
Vulnerabilities in Contec Health CMS8000 CONTEC ICU CCU Vital Signs Patient Monitor
Cisa released an Advisory to address vulnerabilities in Contec Health CMS8000 CONTEC ICU CCU Vital Signs Patient Monitor. Successful exploitation of these vulnerabilities could allow a threat actor to cause a denial-of-service condition, modify firmware with physical access to the device, access a root shell, or employ hard-coded credentials to make configuration changes.