VMware discloses critical zero-day vulnerability in Workspace One

Posted by & filed under Ειδοποιήσεις.

VMware has released a workaround to address a critical zero-day in multiple VMware Workspace One components that allows attackers to execute commands on the host Linux and Windows operating systems using escalated privileges. Zero-days are publicly disclosed vulnerabilities not yet patched by the vendor. In some cases, zero-days are also actively exploited in the wild… Read more »

Critical SonicWall vulnerability affects 800K firewalls [Patch Now]

Posted by & filed under Ειδοποιήσεις.

A critical stack-based Buffer Overflow vulnerability has been discovered in SonicWall VPNs. When exploited, it allows unauthenticated remote attackers to execute arbitrary code on the impacted devices. Tracked as CVE-2020-5135, the vulnerability impacts multiple versions of SonicOS ran by hundreds of thousands of active VPNs. Craig Young of Tripwire Vulnerability and Exposure Research Team (VERT) and Nikita Abramov of Positive Technologies have been credited with discovering… Read more »

Palo Alto Networks fixes critical flaw in PAN-OS firewall software

Posted by & filed under Ειδοποιήσεις.

Palo Alto Networks has fixed a new critical vulnerability affecting multiple versions of PAN-OS, the operating system affecting its next-generation firewalls. The issue received the identification number CVE-2020-2040 and has a severity score of 9.8 out of 10 and requires no user interaction. An unauthenticated attacker can exploit it by sending a malicious request to specific interfaces…. Read more »

Researchers detail bug in wireless devices impacting critical sectors

Posted by & filed under Ειδοποιήσεις.

A vulnerability affecting components used in millions of critical connected devices in the automotive, energy, telecom, and medical sector could let hackers hijack the device or access the internal network. In some cases, the flaw is remotely exploitable over 3G. Researchers found it in the Cinterion EHS8 M2M module from Thales (formerly from Gemalto, acquired by… Read more »

Cisco fixes critical pre-auth flaws allowing router takeover

Posted by & filed under Ειδοποιήσεις.

Cisco today has released security updates to address critical remote code execution (RCE), authentication bypass, and static default credential vulnerabilities affecting multiple router and firewall devices that could lead to full device takeover. Cisco also issued a security update to patch a privilege escalation vulnerability in the Cisco Prime License Manager software. According to the… Read more »