/ Security News /

Google on Tuesday announced that its open source version of the Android operating system will add support for Rust programming language in a bid to prevent memory safety bugs. To that end, the company has been building parts of the Android Open Source Project (AOSP) with Rust for the past 18 months, with plans in …

/ Security News /

As many as five vulnerabilities have been uncovered in Ovarro’s TBox remote terminal units (RTUs) that, if left unpatched, could open the door for escalating attacks against critical infrastructures, like remote code execution and denial-of-service. “Successful exploitation of these vulnerabilities could result in remote code execution, which may cause a denial-of-service condition,” the U.S. Cybersecurity …

/ Security News /

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has warned of critical security shortcomings in GE’s Universal Relay (UR) family of power management devices. “Successful exploitation of these vulnerabilities could allow an attacker to access sensitive information, reboot the UR, gain privileged access, or cause a denial-of-service condition,” the agency said in an advisory published …

/ Security News /

Researchers have disclosed vulnerabilities in multiple WordPress plugins that, if successfully exploited, could allow an attacker to run arbitrary code and take over a website in certain scenarios. The flaws were uncovered in Elementor, a website builder plugin used on more than seven million sites, and WP Super Cache, a tool used to serve cached …

/ Security News /

Microsoft plugged as many as 89 security flaws as part of its monthly Patch Tuesday updates released today, including fixes for an actively exploited zero-day in Internet Explorer that could permit an attacker to run arbitrary code on target machines. Of these flaws, 14 are listed as Critical, and 75 are listed as Important in …

/ Security News /

Following Microsoft’s release of out-of-band patches to address multiple zero-day flaws in on-premises versions of Microsoft Exchange Server, the U.S. Cybersecurity and Infrastructure Security Agency (CISA) has issued an emergency directive warning of “active exploitation” of the vulnerabilities. The alert comes on the heels of Microsoft’s disclosure that China-based hackers were exploiting unknown software bugs …

/ Security News /

Microsoft has released emergency patches to address four previously undisclosed security flaws in Exchange Server that it says are being actively exploited by a new Chinese state-sponsored threat actor with the goal of perpetrating data theft. Describing the attacks as “limited and targeted,” Microsoft Threat Intelligence Center (MSTIC) said the adversary used these vulnerabilities to …

/ Security News /

Cisco has addressed a maximum severity vulnerability in its Application Centric Infrastructure (ACI) Multi-Site Orchestrator (MSO) that could allow an unauthenticated, remote attacker to bypass authentication on vulnerable devices. “An attacker could exploit this vulnerability by sending a crafted request to the affected API,” the company said in an advisory published yesterday. “A successful exploit …

/ Security News /

VMware has addressed multiple critical remote code execution (RCE) vulnerabilities in VMware ESXi and vSphere Client virtual infrastructure management platform that may allow attackers to execute arbitrary commands and take control of affected systems. “A malicious actor with network access to port 443 may exploit this issue to execute commands with unrestricted privileges on the …

/ Security News /

Cisco has rolled out fixes for multiple critical vulnerabilities in the web-based management interface of Small Business routers that could potentially allow an unauthenticated, remote attacker to execute arbitrary code as the root user on an affected device. The flaws — tracked from CVE-2021-1289 through CVE-2021-1295 (CVSS score 9.8) — impact RV160, RV160W, RV260, RV260P, …