CISA Expands Vulnerabilities Catalog With Old, Exploited Flaws

The Cybersecurity and Infrastructure Security Agency (CISA) has added six known flaws to its Known Exploited Vulnerabilities Catalog on September 15, 2022. “These types of vulnerabilities are a frequent attack vector for malicious cyber actors and pose a significant risk to the federal enterprise,” the Agency wrote. The six issues include three that affect the

Vulnerability in WordPress BackupBuddy Plugin Exploited By Hackers

Hackers have attempted to exploit a zero–day flaw in a WordPress plugin called BackupBuddy five million times, sometimes successfully. The news comes from WordPress security–focused company Wordfence, which published an advisory about the flaw earlier this week. “This vulnerability could allow an attacker to view the contents of any file on your server that can

Apple Releases Update for iOS 12 to Patch Exploited Vulnerability

Apple has released an iOS 12 update for older iPhone and iPad devices, patching a vulnerability that was reportedly exploited by threat actors. According to a document published by the company on Wednesday, August 31, the flaw would allow the processing of maliciously crafted web content, which in turn led to arbitrary code execution. “Apple

How an email attack exploited Microsoft’s multi-factor authentication

Mitiga says that MFA, even if improperly configured, is no panacea for preventing attackers from abusing compromised credentials. Image: Getty Images/iStockphoto/Balefire9 Must-read security coverage Multi-factor authentication (MFA) is often cited as one of the best security methods available to secure sensitive accounts and credentials. Even if the password is leaked or stolen, the hackers can’t

Zimbra RCE Vulnerability Exploited Without Admin Privileges

A remote-code-execution (RCE) vulnerability affecting Zimbra Collaboration Suite (ZCS) email servers was exploited without valid administrative credentials, unlike previously believed. The finding come from security researchers at Volexity, who detailed them in an advisory published on Wednesday. While the RCE issue (tracked CVE-2022-27925) was patched by Zimbra in March 2022, in July and early August 2022 Volexity investigated

Surge in CVEs as Microsoft Fixes Exploited Zero Day Bugs

Microsoft addressed 121 vulnerabilities in the August 2022 Patch Tuesday update round, including two zero-day bugs. One of the zero-days, CVE-2022-34713, has been dubbed “DogWalk” and is a remote code execution bug in the Microsoft Windows Support Diagnostic Tool (MSDT) which has already been observed in attacks in the wild. “This is a user targeted