Cisco warns of critical RCE zero-days in end of life IP phones

August 8, 2024 at 05:34PM Cisco has issued a warning about critical remote code execution vulnerabilities in the web-based management interface of Small Business SPA 300 and SPA 500 series IP phones. These flaws, including buffer overflow vulnerabilities, can allow unauthenticated attackers to execute arbitrary commands. Users are urged to transition to newer, supported models … Read more

VMware fixes three zero-day bugs exploited at Pwn2Own 2024

May 14, 2024 at 10:48AM VMware addressed four security vulnerabilities, including three zero-days exploited in the Pwn2Own Vancouver 2024 hacking contest. The most severe flaw, CVE-2024-22267, allows code execution as the virtual machine’s VMX process. Two other high-severity bugs (CVE-2024-22269 and CVE-2024-22270) enable information disclosure, and the fourth vulnerability (CVE-2024-22268) creates a denial of service … Read more

CISA warns against using hacked Ivanti devices even after factory resets

February 29, 2024 at 03:40PM The U.S. Cybersecurity Agency (CISA) revealed that attackers breaching Ivanti appliances can maintain root persistence after factory resets. Four vulnerabilities allow evasion of Ivanti’s Integrity Checker Tool, with ratings from high to critical. CISA warned of compromised Ivanti devices’ significant risk and ordered federal agencies to disconnect and rebuild affected … Read more

Raspberry Robin Jumps on 1-Day Bugs to Nest Deep in Windows Networks

February 12, 2024 at 05:21PM Summary: Raspberry Robin worm rapidly incorporates one-day exploits, enhancing privilege escalation capabilities. Check Point researchers suspect its developers contract with Dark Web exploit traffickers, allowing quick integration of new exploits, making it a prevalent initial access cyber threat. The worm’s popularity and effectiveness continue to grow, posing significant risks to … Read more

Trail of Bits Spinout iVerify Tackles Mercenary Spyware Threat

December 6, 2023 at 10:48AM iVerify, emerging from Trail of Bits as a seed-stage startup, introduces a platform targeting iOS and Android zero-day threats, focusing on combating mercenary spyware. Source: SecurityWeek. Takeaways from the meeting: 1. Company Profile: iVerify is a seed-stage startup. 2. Origin: The company has been spun out of Trail of Bits. … Read more

Microsoft Warns of Critical Bugs Being Exploited in the Wild

November 14, 2023 at 03:45PM Microsoft released patches for 59 security vulnerabilities, including two zero-days being exploited in the wild. The vulnerabilities in Windows OS and components could allow attackers to gain SYSTEM privileges. Microsoft’s bulletins did not provide details on the live attacks. Adobe also released patches for 72 security bugs, including code-execution defects … Read more

Inside Denmark’s hell week as critical infrastructure orgs faced cyberattacks

November 13, 2023 at 09:41AM Denmark experienced its largest-ever online attack on critical infrastructure in May, according to a report from SektorCERT. The attack affected 22 companies, with some forced to disconnect from the power network. Unpatched vulnerabilities in Zyxel firewalls were exploited, potentially by multiple groups including Russia’s Chief Intelligence Office. The attacks were … Read more