Category: Vulnerabilities

FBI: APTs Actively Exploiting Fortinet VPN Security Holes

Three security vulnerabilities in the Fortinet SSL VPN are being used to gain a foothold within networks before moving laterally and carrying out recon. UPDATE The FBI and the Cybersecurity and Infrastructure Security Agency are warning that advanced persistent threat (APT) nation-state actors are actively exploiting known security vulnerabilities in the Fortinet FortiOS cybersecurity operating

Read More

Apple Mail Zero-Click Security Vulnerability Allows Email Snooping

The researcher is offering details on CVE-2020-9922, which can be triggered just by sending a target an email with two .ZIP files attached. A zero-click security vulnerability in Apple’s macOS Mail would allow a cyberattacker to add or modify any arbitrary file inside Mail’s sandbox environment, leading to a range of attack types. According to

Read More

Critical Cloud Bug in VMWare Carbon Black Allows Takeover

CVE-2021-21982 affects a platform designed to secure private clouds, and the virtual servers and workloads that they contain. A critical security vulnerability in the VMware Carbon Black Cloud Workload appliance would allow privilege escalation and the ability to take over the administrative rights for the solution. The bug (CVE-2021-21982) ranks 9.1 out of 10 on

Read More

Hackers Exploit Fortinet Flaw in Sophisticated Cring Ransomware Attacks

Industrial enterprises in Europe are target of campaign, which forced a shutdown of industrial processes in at least one of its victims’ networks, according to researchers. Threat actors are exploiting a Fortinet vulnerability flagged by the feds last week that delivers a new ransomware strain, dubbed Cring, that is targeting industrial enterprises across Europe. Researchers

Read More