News • Insights • Analysis
The Cybersecurity and Infrastructure Security Agency (CISA) is releasing this Cybersecurity Advisory (CSA) to warn organizations that malicious cyber actors, likely advanced persistent threat (APT) actors, are exploiting CVE-2022-22954 and CVE-2022-22960 separately and in combination. These vulnerabilities affect certain versions Read More …
Cisco Talos recently discovered four vulnerabilities in the NVIDIA D3D10 driver for graphics cards that could allow an attacker to corrupt memory and write arbitrary memory on the card. NVIDIA graphics drivers are software for NVIDIA Graphics GPU cards that Read More …
CISA has added two new vulnerabilities to its Known Exploited Vulnerabilities Catalog, based on evidence of active exploitation. These types of vulnerabilities are a frequent attack vector for malicious cyber actors and pose significant risk to the federal enterprise. Note: Read More …
Apple has released security updates to address a zero-day vulnerability that threat actors can exploit in attacks targeting Macs and Apple Watch devices. Zero-days are security flaws that the software vendor is unaware of and hasn’t yet patched. In some Read More …
Microsoft patched 74 security flaws in its May Patch Tuesday batch of updates. That’s seven critical bugs, 66 deemed important, and one ranked low severity. At least one of the vulnerabilities disclosed is under active attack with public exploit code, Read More …
Security researchers are warning F5 BIG-IP admins to immediately install the latest security updates after creating exploits for a recently disclosed critical CVE-2022-1388 remote code execution vulnerability. Last week, F5 disclosed a new critical remote code execution in BIG-IP networking Read More …
Cisco has released patches for a trio of bugs that hit its Enterprise NFV Infrastructure Software, and could result in escaping from virtual machines, running commands as root, and leaking system data. Leading the way with a CVSS score of Read More …
F5 has released security advisories on vulnerabilities affecting multiple products, including various versions of BIG-IP. Included in the release is an advisory for CVE-2022-1388, which allows undisclosed requests to bypass the iControl REST authentication in BIG-IP. An attacker could exploit Read More …
CISA has added five new vulnerabilities to its Known Exploited Vulnerabilities Catalog, based on evidence of active exploitation. These types of vulnerabilities are a frequent attack vector for malicious cyber actors and pose significant risk to the federal enterprise. Note: Read More …
Hardware and software makers are scrambling to determine if their wares suffer from a critical vulnerability recently discovered in third-party code libraries used by hundreds of vendors, including Netgear, Linksys, Axis, and the Gentoo embedded Linux distribution. The flaw makes Read More …
