Vulnerabilities Archives - Page 2 of 12 - ThreatsHub Cybersecurity News

Uncovering a macOS App Sandbox escape vulnerability: A deep dive into CVE-2022-26706

July 13, 2022 TH Author Cybersecurity, macOS, Microsoft security intelligence, Vulnerabilities

Microsoft uncovered a vulnerability in macOS that could allow specially crafted codes to escape the App Sandbox and run unrestricted on the system. We shared these findings with Apple, and fix for this vulnerability, now identified as CVE-2022-26706, was included in the security updates on May 16, 2022.
The post Uncovering a macOS App Sandbox escape vulnerability: A deep dive into CVE-2022-26706 appeared first on Microsoft Security Blog. READ MORE HERE…

Networkworld

Cisco reports vulnerabilities in products including email and web manager

June 23, 2022 TH Author email security, IT Management, Security, Vulnerabilities

New vulnerabilities found in Cisco internal testing allow remote access and scripting that could lead to the loss of sensitive user data. READ MORE HERE…

Microsoft Secure

Android apps with millions of downloads exposed to high-severity vulnerabilities

May 27, 2022 TH Author Android, Cybersecurity, Microsoft, Microsoft security intelligence, Mobile, Security, Vulnerability

Microsoft uncovered high-severity vulnerabilities in a mobile framework used by multiple large mobile service providers in pre-installed Android System apps that potentially exposed users to remote or local attacks.
The post Android apps with millions of downloads exposed to high-severity vulnerabilities appeared first on Microsoft Security Blog. READ MORE HERE…

Networkworld

Microsoft security vulnerabilities drop after five-year rise

May 25, 2022 TH Author Microsoft, Vulnerabilities

While elevated privilege attacks remain a critical security concern when using Microsoft products, a new report says that the raw number of vulnerabilities is dropping. READ MORE HERE…

Networkworld

CISA issues emergency warning over two new VMware vulnerabilities

May 19, 2022 TH Author Network Security, Vulnerabilities

The U.S. Cybersecurity and Infrastructure Agency issues emergency security directive over VMware vulnerabilities CVE-2022-22972 and CVE-2022-22973, which threat actors are likely to exploit. READ MORE HERE…

Networkworld

TLS implementation flaws open Aruba and Avaya network switches to RCE attacks

May 3, 2022 TH Author Network Security, Vulnerabilities

The network switch vulnerabilities are considered critical and could allow attackers to break network segmentation, exfiltrate data, and escape captive portals. READ MORE HERE…

Microsoft Secure

Microsoft finds new elevation of privilege Linux vulnerability, Nimbuspwn

April 26, 2022 TH Author Cybersecurity, Linux, Microsoft, Microsoft Defender for Endpoint, Microsoft security intelligence, Security, Vulnerabilities

Microsoft has discovered several vulnerabilities, collectively referred to as Nimbuspwn, that could be chained together, allowing an attacker to elevate privileges to root on many Linux desktop endpoints. Leveraging Nimbuspwn as a vector for root access could allow attackers to achieve greater impact on vulnerable devices by deploying payloads and performing other malicious actions via arbitrary root code execution.
The post Microsoft finds new elevation of privilege Linux vulnerability, Nimbuspwn appeared first on Microsoft Security Blog. READ MORE HERE…

Microsoft Secure

SpringShell RCE vulnerability: Guidance for protecting against and detecting CVE-2022-22965

April 5, 2022 TH Author Cybersecurity, Microsoft security intelligence, Spring Framework, SpringShell, Vulnerabilities

Microsoft provides guidance for customers looking for protection against exploitation and ways to detect vulnerable installations on their network of the critical vulnerability CVE-2022-22965, also known as SpringShell or Spring4Shell.
The post SpringShell RCE vulnerability: Guidance for protecting against and detecting CVE-2022-22965 appeared first on Microsoft Security Blog. READ MORE HERE…

Networkworld

CISA warns of attacks against internet-connected UPS devices

March 30, 2022 TH Author Internet of Things, Vulnerabilities

Threat actors have targeted power supplies whose control interfaces are connected to the internet, and CISA says that they should be disconnected immediately. READ MORE HERE…

Networkworld

New attack bypasses hardware defenses for Spectre flaw in Intel and ARM CPUs

March 8, 2022 TH Author Vulnerabilities

Though not as easy to exploit, this proof of concept shows that some Intel and ARM processors are still vulnerable to side-channel attacks. READ MORE HERE…