Recent Security News
-
Critical Authentication Bypass Flaw in VMware Cloud Director Appliance
November 14, 2023 at 04:21PM VMware has released an urgent patch to fix a serious authentication bypass bug in its Cloud Director Appliance product. The vulnerability, known as CVE-2023-34060, has a severity score of 9.8 out of 10 and can be exploited by attackers with network access. The issue affects instances where the appliance has…
-
Microsoft Warns of Critical Bugs Being Exploited in the Wild
November 14, 2023 at 03:45PM Microsoft released patches for 59 security vulnerabilities, including two zero-days being exploited in the wild. The vulnerabilities in Windows OS and components could allow attackers to gain SYSTEM privileges. Microsoft’s bulletins did not provide details on the live attacks. Adobe also released patches for 72 security bugs, including code-execution defects…
-
New CacheWarp AMD CPU attack lets hackers gain root in Linux VMs
November 14, 2023 at 03:34PM CacheWarp, a new software-based fault injection attack, allows threat actors to hack into AMD SEV-protected virtual machines. The attack exploits vulnerabilities in AMD’s SEV-ES and SEV-SNP technology, designed to protect against malicious hypervisors. Malicious actors can manipulate memory writes to escalate privileges and gain remote code execution. Security researchers have…
-
Zero-Days in Edge Devices Become China’s Cyber Warfare Tactic of Choice
November 14, 2023 at 03:31PM Chinese state-sponsored actors have become adept at exploiting zero-day vulnerabilities to conduct espionage, posing a significant and persistent threat to global organizations. Recent reports indicate that these actors are increasingly targeting public-facing devices, including firewalls, hypervisors, and email security tools. The success of these attacks is facilitated by threat sharing…