Cyberespionage group developed backdoors tailored for VMware ESXi hypervisors
Researchers have identified a new malware family that was designed to backdoor and create persistence on VMware ESXi servers by leveraging legitimate functionality the hypervisor...
Top 10 Malware August 2022
In MS-ISAC's Top 10 Malware list for August 2022, LingyunNET, RecordBreaker, and TeamSpy first appeared, while SocGholish and Tinba returned. Read More
CVE-2022-20728 (aironet_1542d_firmware, aironet_1542i_firmware, aironet_1562d_firmware, aironet_1562e_firmware, aironet_1562i_firmware, aironet_1815i_firmware, aironet_1815m_firmware, aironet_1815t_firmware, aironet_1815w_firmware, aironet_1830_firmware, aironet_1840_firmware, aironet_1850e_firmware, aironet_1850i_firmware, aironet_2800e_firmware, aironet_2800i_firmware, aironet_3800e_firmware, aironet_3800i_firmware, aironet_3800p_firmware, aironet_4800_firmware, catalyst_9105ax_firmware, catalyst_9115ax_firmware, catalyst_9117ax_firmware, catalyst_9120ax_firmware, catalyst_9124ax_firmware, catalyst_9130ax_firmware, catalyst_iw6300_firmware)
A vulnerability in the client forwarding code of multiple Cisco Access Points (APs) could allow an unauthenticated, adjacent attacker to inject packets from the native...
CVE-2022-20662 (duo)
A vulnerability in the smart card login authentication of Cisco Duo for macOS could allow an unauthenticated attacker with physical access to bypass authentication. This...
CVE-2021-36865 (quiz_and_survey_master)
Insecure direct object references (IDOR) vulnerability in ExpressTech Quiz And Survey Master plugin <= 7.3.4 at WordPress allows attackers to change the content of the...
Multiple Vulnerabilities in Microsoft Exchange Server Could Allow for Remote Code Execution
Multiple vulnerabilities have been discovered in Microsoft Exchange Server, the most severe of which could allow for remote code execution. Microsoft Exchange Server is a...
CVE-2021-33354 (htmly)
Directory Traversal vulnerability in htmly before 2.8.1 allows remote attackers to perform arbitrary file deletions via modified file parameter. Read More
CVE-2022-1959 (applock)
AppLock version 7.9.29 allows an attacker with physical access to the device to bypass biometric authentication. This is possible because the application did not correctly...
CVE-2021-36855 (booking_ultra_pro_appointments_booking_calendar)
Cross-Site Scripting (XSS) via Cross-Site Request Forgery (CSRF) vulnerability in Booking Ultra Pro plugin <= 1.1.4 at WordPress. Read More
CVE-2021-36854 (booking_ultra_pro_appointments_booking_calendar)
Multiple Cross-Site Request Forgery (CSRF) vulnerabilities in Booking Ultra Pro plugin <= 1.1.4 at WordPress. Read More