Security
Headlines
HeadlinesLatestCVEs

Tag

#rce

380K Kubernetes API Servers Exposed to Public Internet

More than 380,000 of the 450,000-plus servers hosting the open-source container-orchestration engine for managing cloud deployments allow some form of access.

Threatpost
#vulnerability#apache#java#kubernetes#rce#log4j#auth
Pwn2Own 2022 – Windows 11, MS Teams and Firefox Pwned on Day 1

By Waqas Other than Windows 11, Microsoft Teams and Mozilla Firefox, Oracle Virtualbox, Ubuntu Desktop, and Safari browser were also… This is a post from HackRead.com Read the original post: Pwn2Own 2022 – Windows 11, MS Teams and Firefox Pwned on Day 1

CVE-2022-28927: Subconverter v0.7.2 unauthorized RCE

A remote code execution (RCE) vulnerability in Subconverter v0.7.2 allows attackers to execute arbitrary code via crafted config and url parameters.

Rogue cloud users could sabotage fellow off-prem tenants via critical Flux flaw

Mischief-makers could ‘disrupt the availability, integrity and confidentiality’ of other tenants

VMWare vulnerabilities are actively being exploited, CISA warns

CISA has issued severe warnings about disclosed vulnerabilities in VMWare products that are actively being exploited, probably by APT threat actors. The post VMWare vulnerabilities are actively being exploited, CISA warns appeared first on Malwarebytes Labs.

VMware Releases Patches for New Vulnerabilities Affecting Multiple Products

VMware has issued patches to contain two security flaws impacting Workspace ONE Access, Identity Manager, and vRealize Automation that could be exploited to backdoor enterprise networks. The first of the two flaws, tracked as CVE-2022-22972 (CVSS score: 9.8), concerns an authentication bypass that could enable an actor with network access to the UI to gain administrative access without prior

CISA to Federal Agencies: Patch VMware Products Now or Take Them Offline

Last month attackers quickly reverse-engineered VMware patches to launch RCE attacks. CISA warns it's going to happen again.

CVE-2022-22784: Security Bulletin

The Zoom Client for Meetings (for Android, iOS, Linux, MacOS, and Windows) before version 5.10.0 failed to properly parse XML stanzas in XMPP messages. This can allow a malicious user to break out of the current XMPP message context and create a new message context to have the receiving users client perform a variety of actions.This issue could be used in a more sophisticated attack to forge XMPP messages from the server.

DevSecOps and cybersecurity skills are top priorities for enterprise IT – report

Transparency and inter-team collaboration key amid escalating threats and compliance requirements