The number of Chrome vulnerabilities exploited in malicious attacks has been increasing over the past years and Google believes several factors have contributed to this trend 14 Chrome Zero-Day Vulnerabilities Exploited in Attacks in 2021. The number of Chrome vulnerabilities exploited in the wild reached 14 in 2021, up from eight in 2020 and two in 2019. Chrome is targeted far more often than Firefox, Safari and Internet Explorer, according to data from Google’s Project Zero research unit, which tracks exploitation of zero-days. One reason for the increasing number of zero-day attacks...
On Friday March 3, the Cybersecurity and Infrastructure Security Agency (CISA) added a whopping number of 95 new known exploited vulnerabilities to its Known Exploited Vulnerabilities Catalog. This catalog provides Federal Civilian Executive Branch (FCEB) agencies with a list of vulnerabilities that are known to be exploited in the wild and gives the agencies a due date by when the vulnerability needs to be patched in their organization. But even if your organization isn’t a FCEB agency that needs to follow the Binding Operation Directive 22-01, the CISA list can...
A newly disclosed security flaw in the Linux kernel could be leveraged by a local adversary to gain elevated privileges on vulnerable systems to execute arbitrary code, escape containers, or induce a kernel panic. Linux Bug in Netfilter Leads To Root Tracked as CVE-2022-25636 (CVSS score: 7.8), the vulnerability impacts Linux kernel versions 5.4 through 5.6.10 and is a result of a heap out-of-bounds write in the netfilter subcomponent in the kernel. The issue was discovered by Nick Gregory, a research scientist at Capsule8. “This flaw allows a local attacker with a user account...
Researchers have disclosed a new technique that could be used to circumvent existing hardware mitigations in modern processors from Intel, AMD, and Arm, and stage speculative execution attacks such as Spectre to leak sensitive information from host memory. Attacks like Spectre are designed to break the isolation between different applications by taking advantage of an optimization technique called speculative execution in CPU hardware implementations to trick programs into accessing arbitrary locations in memory and thus leak their secrets. While chipmakers have incorporated both software and hardware defenses, including Retpoline as well as safeguards like Enhanced Indirect Branch Restricted...
China’s network equipment manufacturer TP-Link Router is also a German antivirus software company Avira “We are developing a security service in partnership with Avira”. However, there is a report posted on Reddit on the overseas bulletin board that “TP-Link routers are sending a large amount of traffic to Avira’s server even if related services are turned off.” It has become a hot topic. Privacy Concerns, Violation of GDPR. I recently enabled a DNS gateway to be able to see requests from my router, and network devices. Was surprised to...
Moodle SQL Injection Vulnerability A security vulnerability in e-learning platform Moodle could allow an attacker to take over a database and potentially obtain sensitive information, researchers have warned Moodle is an open source educational resource that enables institutions to create online learning materials for students. Researchers have found that the website is vulnerable to a second order SQL injection flaw, which could enable an attacker to potentially take control of a database server. Teachers are able to create custom badges for their pupils, which they can earn through completing tasks such as courses...
A successful attempt would require the local user to be able to insert their code in the system root path undetected by the OS or other security applications where it could potentially be executed during application startup or reboot. If successful, the local user’s code would execute with the elevated privileges of the application. Go to Cybersecurity Knowledge Base Got to Cybersecurity News Go to Homepage Go to Cybersecurity Academy Stay informed of the latest Cybersecurity trends, threats and developments. Sign up for RiSec Weekly Cybersecurity Newsletter Today Remember,...
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) this week added 95 more security flaws to its Known Exploited Vulnerabilities Catalog, taking the total number of actively exploited vulnerabilities to 478. “These types of vulnerabilities are a frequent attack vector for malicious cyber actors and pose significant risk to the federal enterprise,” the agency said in an advisory published on March 3, 2022. Of the 95 newly added bugs, 38 relate to Cisco vulnerabilities, 27 for Microsoft, 16 for Adobe, seven impact Oracle, and one each corresponding to Apache Tomcat, ChakraCore, Exim,...
Mozilla has published Firefox 97.0.2, an “out-of-band” update that closes two bugs that are officially listed as critical. Firefox Vulnerability March 2022 Mozilla reports that both of these holes are already actively being exploited, making them so-called zero-day bugs, which means, in simple terms, that the crooks got there first: We have had reports of attacks in the wild abusing [these] flaw[s]. Access to information about the bugs is still restricted to Mozilla insiders, presumably to make it harder for attackers to get at the technical details of how to exploit...
We use cookies on our website to give you the most relevant experience by remembering your preferences and repeat visits. By clicking “Accept”, you consent to the use of the cookies. Cookie & Privacy Policy
This website uses cookies to improve your experience while you navigate through the website. Out of these, the cookies that are categorized as necessary are stored on your browser as they are essential for the working of basic functionalities of the website. We also use third-party cookies that help us analyze and understand how you use this website. These cookies will be stored in your browser only with your consent. You also have the option to opt-out of these cookies. But opting out of some of these cookies may affect your browsing experience.
Necessary cookies are absolutely essential for the website to function properly. This category only includes cookies that ensures basic functionalities and security features of the website. These cookies do not store any personal information.
Any cookies that may not be particularly necessary for the website to function and is used specifically to collect user personal data via analytics, ads, other embedded contents are termed as non-necessary cookies. It is mandatory to procure user consent prior to running these cookies on your website.
English
Afrikaans
Albanian
Amharic
Arabic
Armenian
Azerbaijani
Basque
Belarusian
Bengali
Bosnian
Bulgarian
Catalan
Cebuano
Chichewa
Chinese (Simplified)
Chinese (Traditional)
Corsican
Croatian
Czech
Danish
Dutch
Esperanto
Estonian
Filipino
Finnish
French
Frisian
Galician
Georgian
German
Greek
Gujarati
Haitian Creole
Hausa
Hawaiian
Hebrew
Hindi
Hmong
Hungarian
Icelandic
Igbo
Indonesian
Irish
Italian
Japanese
Javanese
Kannada
Kazakh
Khmer
Korean
Kurdish (Kurmanji)
Kyrgyz
Lao
Latin
Latvian
Lithuanian
Luxembourgish
Macedonian
Malagasy
Malay
Malayalam
Maltese
Maori
Marathi
Mongolian
Myanmar (Burmese)
Nepali
Norwegian
Pashto
Persian
Polish
Portuguese
Punjabi
Romanian
Russian
Samoan
Scottish Gaelic
Serbian
Sesotho
Shona
Sindhi
Sinhala
Slovak
Slovenian
Somali
Spanish
Sudanese
Swahili
Swedish
Tajik
Tamil
Telugu
Thai
Turkish
Ukrainian
Urdu
Uzbek
Vietnamese
Welsh
Xhosa
Yiddish
Yoruba
Zulu