Tag: command injection

Various Botnets Pummel Year-Old TP-Link Flaw in IoT Attacks

Cyber Security April 17, 2024

A number of botnets are pummeling a nearly year-old command-injection vulnerability in a TP-Link routers to compromise the devices for IoT-driven distributed denial of...

Cisco IOS Bugs Allow Unauthenticated, Remote DoS Attacks

Cyber Security March 28, 2024

Patch Now: Kubernetes RCE Flaw Allows Full Takeover of Windows Nodes

Cyber Security March 13, 2024

‘Lucifer’ Botnet Turns Up the Heat on Apache Hadoop Servers

Cyber Security February 21, 2024

Twin Max-Severity Bugs Open Fortinet’s SIEM to Code Execution

Cyber SecurityFebruary 6, 2024

Two critical vulnerabilities in Fortinet's FortiSIEM product have been assigned provisional CVSS scores of 10. However, details about the bugs remain scant.What is known...

Adapting Security to Protect AI/ML Systems

Cyber SecurityJanuary 10, 2024

Artificial intelligence (AI) isn't just the latest buzzword in business; it's rapidly reshaping industries and redefining business processes. Yet as companies race to integrate...

Danish Energy Attacks Portend Targeting More Critical Infrastructure

Cyber SecurityNovember 14, 2023

In May, 22 Danish energy sector organizations were compromised in an onslaught of attacks partially linked with Russia's Sandworm APT.A new report from the...

Firmware Vulnerabilities You Don’t Want in Your Product

IOTOctober 30, 2023

Firmware vulnerabilities refer to security weaknesses or flaws found in the firmware of a device. Firmware is a type of software that is...

This Week In Security: Apple’s 0-day, Microsoft’s Mess, And More

IOTJuly 14, 2023

First up, Apple issued an emergency patch, then yanked, and re-issued it. The problem was a Remote Code Execution (RCE) vulnerability in WebKit —...

Ghostscript bug could allow rogue documents to run system commands

Cyber SecurityJuly 4, 2023

by Paul Ducklin Even if you haven’t heard of the venerable Ghostscript project, you may very well have used it...

WordPress plugin lets users become admins – Patch early, patch often!

Cyber SecurityJuly 3, 2023

by Paul Ducklin If you run a WordPress site with the Ultimate Members plugin installed, make sure you’ve updated it...

S3 Ep140: So you think you know ransomware?

Cyber SecurityJune 22, 2023

by Paul Ducklin LISTEN AND LEARN Gee Whizz BASIC (probably). Think you know ransomware? Megaupload, 11 years on. ASUS warns of...

ASUS warns router customers: Patch now, or block all inbound requests

Cyber SecurityJune 20, 2023

by Paul Ducklin ASUS is a well-known maker of popular electronics products, ranging from laptops and phones to home routers...

MOVEit mayhem 3: “Disable HTTP and HTTPS traffic immediately”

Cyber SecurityJune 15, 2023

by Paul Ducklin Yet more MOVEit mayhem! “Disable HTTP and HTTPS traffic to MOVEit Transfer,” says Progress Software, and the timeframe...

MOVEit zero-day exploit used by data breach gangs: The how, the why, and what to do…

Cyber SecurityJune 5, 2023

by Paul Ducklin Last week, Progress Software Corporation, which sells software and services for user interface development, devops, file management...