Security in Color

Blogs & News

Latest in Cybersecurity News

WordPress RSS Feed Retriever by thememason.com
  • New Nagios Software Bugs Could Let Hackers Take Over IT InfrastructuresNew Nagios Software Bugs Could Let Hackers Take Over IT Infrastructures
    As many as 11 security vulnerabilities have been disclosed in Nagios network management systems, some of which could be chained to achieve pre-authenticated remote code execution with the highest privileges, as well as lead to credential theft and phishing attacks.  Industrial cybersecurity firm Claroty, which discovered the flaws, said flaws… Read more »
  • Urgent Apple iOS and macOS Updates Released to Fix Actively Exploited Zero-DaysUrgent Apple iOS and macOS Updates Released to Fix Actively Exploited Zero-Days
    Apple on Thursday released security updates to fix multiple security vulnerabilities in older versions of iOS and macOS that it says have been detected in exploits in the wild, in addition to expanding patches for a previously plugged security weakness abused by NSO Group's Pegasus surveillance tool to target iPhone users. <!--adsense--> Chief among… Read more »
  • Urgent Chrome Update Released to Patch Actively Exploited Zero-Day VulnerabilityUrgent Chrome Update Released to Patch Actively Exploited Zero-Day Vulnerability
    Google on Friday rolled out an emergency security patch to its Chrome web browser to address a security flaw that's known to have an exploit in the wild. Tracked as CVE-2021-37973, the vulnerability has been described as use after free in Portals API, a web page navigation system that enables a page to show… Read more »
  • A New APT Hacker Group Spying On Hotels and Governments WorldwideA New APT Hacker Group Spying On Hotels and Governments Worldwide
    A new advanced persistent threat (APT) has been behind a string of attacks against hotels across the world, along with governments, international organizations, engineering companies, and law firms. Slovak cybersecurity firm ESET codenamed the cyber espionage group FamousSparrow, which it said has been active since at least August 2019, with victims… Read more »
  • SonicWall Issues Patches for a New Critical Flaw in SMA 100 Series DevicesSonicWall Issues Patches for a New Critical Flaw in SMA 100 Series Devices
    Network security company SonicWall has addressed a critical security vulnerability affecting its Secure Mobile Access (SMA) 100 series appliances that can permit remote, unauthenticated attackers to gain administrator access on targeted devices remotely. Tracked as CVE-2021-20034, the arbitrary file deletion flaw is rated 9.1 out of a maximum of 10 on… Read more »
  • Google Warns of a New Way Hackers Can Make Malware Undetectable on WindowsGoogle Warns of a New Way Hackers Can Make Malware Undetectable on Windows
    Cybersecurity researchers have disclosed a novel technique adopted by a threat actor to deliberately evade detection with the help of malformed digital signatures of its malware payloads. "Attackers created malformed code signatures that are treated as valid by Windows but are not able to be decoded or checked by OpenSSL code… Read more »
  • Apple's New iCloud Private Relay Service Leaks Users' Real IP AddressesApple's New iCloud Private Relay Service Leaks Users' Real IP Addresses
    A new as-yet unpatched weakness in Apple's iCloud Private Relay feature could be circumvented to leak users' true IP addresses from iOS devices running the latest version of the operating system. Introduced as a beta with iOS 15, which was officially released this week, iCloud Private Relay aims to improve anonymity on… Read more »
  • High-Severity RCE Flaw Disclosed in Several Netgear Router ModelsHigh-Severity RCE Flaw Disclosed in Several Netgear Router Models
    Networking equipment company Netgear has released patches to remediate a high-severity remote code execution vulnerability affecting multiple routers that could be exploited by remote attackers to take control of an affected system. <!--adsense--> Traced as CVE-2021-40847 (CVSS score: 8.1), the security weakness impacts the following models - R6400v2 (fixed in firmware version… Read more »
  • Cisco Releases Patches 3 New Critical Flaws Affecting IOS XE SoftwareCisco Releases Patches 3 New Critical Flaws Affecting IOS XE Software
    Networking equipment maker Cisco Systems has rolled out patches to address three critical security vulnerabilities in its IOS XE network operating system that remote attackers could potentially abuse to execute arbitrary code with administrative privileges and trigger a denial-of-service (DoS) condition on vulnerable devices. The list of three flaws is… Read more »
  • A New Bug in Microsoft Windows Could Let Hackers Easily Install a RootkitA New Bug in Microsoft Windows Could Let Hackers Easily Install a Rootkit
    Security researchers have disclosed an unpatched weakness in Microsoft Windows Platform Binary Table (WPBT) affecting all Windows-based devices since Windows 8 that could be potentially exploited to install a rootkit and compromise the integrity of devices. "These flaws make every Windows system vulnerable to easily-crafted attacks that install fraudulent vendor-specific… Read more »
WordPress RSS Feed Retriever by thememason.com
WordPress RSS Feed Retriever by thememason.com
WordPress RSS Feed Retriever by thememason.com