Survey Evidences Leaders Lack Confidence in Cyber-Risk Management
As ransomware attacks increase, executives are uncertain about their organization’s ability to ward off cyber-attacks Read More
NCSC Report Reveals Phishing Lures Increasingly Disguised as Vaccine Appointments
In the fifth edition of its Active Cyber Defence report, the NCSC evidenced how convincing vaccine lures have successfully stolen personal and financial data. Read...
What does it mean for cybersecurity to “align with the business”?
It is a common refrain among senior folks in enterprise cybersecurity: “We have to learn to align with the business.” Unfortunately, it seems like we...
ZDI-22-798: (Pwn2Own) Mozilla Firefox Improper Input Validation Sandbox Escape Vulnerability
This vulnerability allows local attackers to escape the sandbox on affected installations of Mozilla Firefox. An attacker must first obtain the ability to execute low-privileged...
ZDI-22-799: (Pwn2Own) Mozilla Firefox Top-Level Await Prototype Pollution Remote Code Execution Vulnerability
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Mozilla Firefox. User interaction is required to exploit this vulnerability in that...
ZDI-22-800: Trend Micro Internet Security Out-Of-Bounds Read Information Disclosure Vulnerability
This vulnerability allows local attackers to disclose sensitive information on affected installations of Trend Micro Internet Security. An attacker must first obtain the ability to...
ZDI-22-801: Trend Micro Internet Security Exposed Dangerous Method Information Disclosure Vulnerability
This vulnerability allows local attackers to disclose sensitive information on affected installations of Trend Micro Internet Security. An attacker must first obtain the ability to...
ZDI-22-802: Cisco RV340 JSON RPC set-snmp Stack-based Buffer Overflow Remote Code Execution Vulnerability
This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of Cisco RV340 routers. Although authentication is required to exploit this vulnerability, the...
ZDI-22-803: Cisco RV340 JSON RPC set-snmp Stack-based Buffer Overflow Remote Code Execution Vulnerability
This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of Cisco RV340 routers. Although authentication is required to exploit this vulnerability, the...
ZDI-22-804: KeySight N6841A RF Sensor Deserialization of Untrusted Data Remote Code Execution Vulnerability
This vulnerability allows remote attackers to execute arbitrary code on affected installations of KeySight N6841A RF Sensor. Authentication is not required to exploit this vulnerability....