A number of security vulnerabilities have been disclosed in 42 Gears' SureMDM device management solution that could be weaponized by attackers to perform a supply chain compromise against affected organizations.
There are three things you can be sure of in life: death, taxes – and new CVEs. For organizations that rely on CentOS 8, the inevitable has now happened, and it didn't take long.
Researchers have disclosed details of two critical security vulnerabilities (CVE-2021-45467) in Control Web Panel, an open-source Linux control panel software used for deploying web hosting environments, that could be abused as part of an exploit chain to achieve pre-authenticated remote code execution (RCE) on affected servers.
A heap overflow bug was recently discovered in the Linux kernel. The patch is available now in most major Linux distributions.
The Wiz research team has discovered a security issue in Azure App Service on Linux. This exposed the source code of client applications written in PHP, Python, Ruby or Node, which were deployed using “Local Git”.
Threat actors now exploit the critical Apache Log4j vulnerability named Log4Shell to infect vulnerable devices with the notorious Dridex banking trojan or Meterpreter.
A basic Javascript WebSocket connection can trigger a local Log4j remote code attack via a drive-by compromise. Wonderful. Truly wonderful.
