CVE-2022-30190: Zero Click Zero Day in Microsoft Support Diagnostic Tool Exploited in the Wild
Microsoft confirms remote code execution vulnerability in Microsoft Windows Support Diagnostic Tool that has been exploited in the wild since at least April....
Twitter Crypto Scams: Bored Ape Yacht Club, Azuki and Other Projects Impersonated to Steal NFTs, Digital Currencies
Scammers are using verified and unverified accounts to impersonate notable NFT projects like Bored Ape Yacht Club and others, tagging Twitter users to drive them to phishing websites....
CVE-2022-22972: VMware Patches Additional Workspace ONE Access Vulnerabilities (VMSA-2022-0014)
Organizations and government agencies are strongly advised to patch two newly disclosed vulnerabilities in VMware products, following warnings from VMware and the Cybersecurity and Infrastructure Security Agency....
Microsoft’s May 2022 Patch Tuesday Addresses 73 CVEs (CVE-2022-26925)
Microsoft addresses 73 CVEs in its May 2022 Patch Tuesday release, including two zero-day vulnerabilities, one of which was exploited in the wild....
CVE-2022-1388: Authentication Bypass in F5 BIG-IP
CVE-2022-1388: Authentication Bypass in F5 BIG-IP F5 patched an authentication bypass in its BIG-IP product family that could lead to arbitrary command execution. This vulnerability is actively being exploited. Update May 10: The Identifying Affected Systems section now reflect...
Hot Patches for Log4Shell Introduced Multiple Vulnerabilities in Amazon Web Services
Hot Patches for Log4Shell Introduced Multiple Vulnerabilities in Amazon Web Services Amazon Web Services has addressed vulnerabilities introduced by the hot patches released in response to the Log4Shell vulnerability in December. Background On April 19, researchers with Palo Alto’s Unit...
Oracle April 2022 Critical Patch Update Addresses 221 CVEs
Oracle addresses 221 CVEs in its second quarterly update of 2022 with 520 patches, including 27 critical updates....
Microsoft’s April 2022 Patch Tuesday Addresses 117 CVEs (CVE-2022-24521)
Microsoft’s April 2022 Patch Tuesday Addresses 117 CVEs (CVE-2022-24521) Microsoft addresses 117 CVEs in its April 2022 Patch Tuesday release, including two zero-day vulnerabilities, one of which was exploited in the wild and reported to Microsoft by the National Security Agency. 9Criti...
VMware Patches Multiple Vulnerabilities in Workspace ONE, Identity and Lifecycle Manager and vRealize (VMSA-2022-0011)
VMware cautions organizations to patch or mitigate several serious vulnerabilities across multiple products....
Spring4Shell (CVE-2022-22965) FAQ: Spring Framework Remote Code Execution Vulnerability
A list of frequently asked questions related to Spring4Shell (CVE-2022-22965)....
CVE-2022-22948: VMware vCenter Server Sensitive Information Disclosure Vulnerability
Researchers disclose a moderate severity vulnerability in VMware vCenter Server that can be used in an exploit chain with other vCenter Server flaws to take over servers....
Cr8escape: How Tenable Can Help (CVE-2022-0811)
CrowdStrike discloses container escape vulnerability affecting CRI-O for Kubernetes. Here’s how Tenable.cs can help you detect vulnerable pods. Background On March 15, CrowdStrike published technical details and a proof-of-concept for CVE-2022-0811, a vulnerability they have named cr8escape, i...