Vulnerabilities

Privilege escalation attacks are a severe concern to organizations, as they can lead to unauthorized access and control over sensitive systems. Mandiant's red team recently discovered zero-day vulnerabilities in the Windows Installers of Atera remote monitoring and management software. These flaws, designated as CVE-2023-26077 and CVE-2023-26078, could potentially allow attackers to execute arbitrary code with [...]

Security researchers from Armis have recently uncovered nine critical vulnerabilities in Honeywell's Experion distributed control system (DCS) products. These vulnerabilities, if exploited, could allow hackers to gain unauthorized access, remotely run code, and alter the operation of the DCS controllers. The potential impact extends beyond business disruptions, as these vulnerabilities pose a risk to critical [...]

Researchers at Cisco Talos have uncovered a critical vulnerability in the Windows operating system that allows threat actors, primarily native Chinese speakers, to forge signatures on kernel-mode drivers. By exploiting this loophole, malicious actors can load unverified drivers with expired certificates, bypassing Windows' driver signature enforcement. This article delves into the technical details of the [...]

Cisco has issued a security advisory warning about a high-severity vulnerability affecting specific data center switch models. The vulnerability, tracked as CVE-2023-20185 specifically targets the Cisco ACI Multi-Site CloudSec encryption feature on Cisco Nexus 9000 Series Fabric Switches. Attackers can exploit this flaw to tamper with encrypted traffic, potentially compromising data integrity and confidentiality. Vulnerability [...]

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has recently identified eight vulnerabilities that are actively being exploited in Samsung and D-Link devices. These vulnerabilities have been added to the Known Exploited Vulnerabilities (KEV) catalog. Despite patches being available for all these flaws for several years, threat actors continue to exploit them. In this article, [...]

As many as 200,000 WordPress websites face a critical security vulnerability in the popular Ultimate Member plugin, posing a significant risk to site owners and administrators. Tracked as CVE-2023-3460 with a CVSS score of 9.8, this flaw allows attackers to gain unauthorized administrative privileges by creating rogue user accounts. Despite attempts to patch the issue, [...]