Cisco has patched multiple critical security vulnerabilities impacting its RV Series routers that could be weaponized to elevate privileges and execute arbitrary code on affected systems, while also warning of the existence of proof-of-concept (PoC) exploit code targeting some of these bugs. Three of the 15 flaws, tracked as CVE-2022-20699, CVE-2022-20700, and CVE-2022-20707, carry the highest CVSS rating of 10.0, and affect its Small Business RV160, RV260, RV340, and RV345 Series routers. Additionally, the flaws could be exploited to bypass authentication and authorization protections, retrieve and run unsigned software, and even...
flaws
An exploration of zero-click attack surface for the popular video conferencing solution Zoom has yielded two previously undisclosed security vulnerabilities that could be exploited to crash the service, execute malicious code, and even leak arbitrary areas of its memory. Natalie Silvanovich of Google Project Zero, who discovered and reported the two flaws last year, said the issues impact both Zoom clients and Multimedia Router (MMR) servers, which transmit audio and video content between clients in on-premise deployments. The weaknesses have since been addressed by Zoom as part of updates shipped on November 24, 2021. The goal of...
This is umm interesting – a chained attack could ‘shut down a company’s entire international network’ Silver Peak’s Unity Orchestrator, a centralized SD-WAN management platform, contained three security vulnerabilities that, chained together, could result in pre-authenticated remote code authentication (RCE). Users have been urged to upgrade their systems after Silver Peak patched the authentication bypass, file delete path traversal, and arbitrary SQL query execution flaws. Combining these flaws, security researchers from Realmode Labs found that attackers could run arbitrary code by finding a file being run by the web server and...
HTTP Host header attacks – What are they? Lets discuss how misconfigurations and flawed business logic can expose websites to a variety of attacks via the HTTP Host header. We’ll outline the high-level methodology for identifying Host header vulnerabilities and demonstrate how you can exploit them. Finally, we’ll provide some general guidance on how you can protect your own websites against these kinds of attacks. What is the HTTP Host header? The HTTP Host header is a mandatory request header as of HTTP/1.1. It specifies the domain name that...
Checking for security flaws in your applications is essential as threats become more potent and prevalent What Is AppSec? Application security is the process of making apps more secure by finding, fixing, and enhancing the security of apps. Much of this happens during the development phase, but it includes tools and methods to protect apps once they are deployed. This is becoming more important as hackers increasingly target applications with their attacks. AppSec is getting a lot of attention. Hundreds of tools are available to secure various elements of...
English
Afrikaans
Albanian
Amharic
Arabic
Armenian
Azerbaijani
Basque
Belarusian
Bengali
Bosnian
Bulgarian
Catalan
Cebuano
Chichewa
Chinese (Simplified)
Chinese (Traditional)
Corsican
Croatian
Czech
Danish
Dutch
Esperanto
Estonian
Filipino
Finnish
French
Frisian
Galician
Georgian
German
Greek
Gujarati
Haitian Creole
Hausa
Hawaiian
Hebrew
Hindi
Hmong
Hungarian
Icelandic
Igbo
Indonesian
Irish
Italian
Japanese
Javanese
Kannada
Kazakh
Khmer
Korean
Kurdish (Kurmanji)
Kyrgyz
Lao
Latin
Latvian
Lithuanian
Luxembourgish
Macedonian
Malagasy
Malay
Malayalam
Maltese
Maori
Marathi
Mongolian
Myanmar (Burmese)
Nepali
Norwegian
Pashto
Persian
Polish
Portuguese
Punjabi
Romanian
Russian
Samoan
Scottish Gaelic
Serbian
Sesotho
Shona
Sindhi
Sinhala
Slovak
Slovenian
Somali
Spanish
Sudanese
Swahili
Swedish
Tajik
Tamil
Telugu
Thai
Turkish
Ukrainian
Urdu
Uzbek
Vietnamese
Welsh
Xhosa
Yiddish
Yoruba
Zulu