Last week, QNAP published a security advisory to warn customers about new critical flaws in an open-source fileserver technology integrated into its network-attached storage (NAS) devices. The company has advised customers to look out for updates to address the vulnerabilities affecting some of its products. QNAP explained in its advisory that these flaws exist in…
Microsoft has released new patches to address critical security vulnerabilities affecting its Azure PostgreSQL product. Discovered by security researchers from Wiz Research, the “chain” of flaws dubbed “ExtraReplica” could be exploited to gain unauthorized cross-account database access. According to the security advisory published by the Wiz Research team, the vulnerabilities allow attackers to bypass tenant…
Atlassian has released new security patches for its Jira and Jira Service Management solutions. The latest set of updates aims to address a critical vulnerability that could let attackers to bypass authentication controls. According to Atlassian’s security advisory, the bug was first discovered by Khoadha of Viettel Cyber Security. Tracked as CVE-2022-0540 and issued a…
A team of security researchers has discovered that attackers are now exploiting the critical Spring4Shell vulnerability to spread Mirai malware on target systems. The Mirai botnet malware attacks were first detected earlier this month, and the threat actors are currently targetting vulnerable web servers in the Singapore region. According to Trend Micro’s researchers, the threat…
VMware has released patches to address several “critical” security vulnerabilities impacting its products. The company published a security advisory that encourages customers to apply all security patches and mitigations as soon as possible. VMware says that the security flaws in its enterprise software were privately reported by a security researcher at the Qihoo 360 Vulnerability…
Microsoft has published details about a critical security vulnerability dubbed “Spring4Shell” in the Spring Framework for Java. The Redmond giant recommends its Azure cloud service customers to patch the critical remote code execution (RCE) exploit immediately. Disclosed by the WMware owned Spring on March 31, the company has already deployed a hotfix to address the…
VMware has released emergency patches to address the “Spring4Shell” remote code execution exploit in the Spring Framework. The company is recommending all users to install these updates (version 5.3.18 and 5.2.20) as soon as possible. The security researchers recently discovered a new zero-day exploit in the Spring Framework called “Spring4Shell” that could lead to unauthenticated…
Sophos has released an emergency update to patch a critical security flaw in its firewall product line. The company explained in its security advisory that the vulnerability, tracked under CVE-2022-1040, when exploited could allow for remote code execution (RCE) on targeted machines. According to Sophos, this remote code execution vulnerability was first discovered by an…
HP has acknowledged that its several printer models are vulnerable to a new critical buffer overflow bug that can potentially lead to remote code execution (RCE). This latest security flaw is being tracked under CVE-2022-3942, and it was first discovered by Trend Micro’s Zero Day Initiative team. As noted in a post by Bleeping Computer,…
Here’s a look at what you need to know QNAP has issued an advisory about a new Dirty Pipe Linux vulnerability that affects a wide range of Network Attached Storage (NAS) devices. It allows attackers to overwrite data in arbitrary read-only files. The Dirty Pipe security flaw affects all NAS devices running kernel version 5.10.60….