Unpatched
-
Blog
Old ServiceNow vulnerabilities could cause havoc for unpatched customers
Hackers are having another go at exploiting ServiceNow vulnerabilities first revealed a year ago, researchers at threat intelligence firm GreyNoise have warned. The three vulnerabilities – CVE-2024-4879 (Critical), CVE-2024-5217 (Critical) and CVE-2024-5178 (Medium) – were first discovered by researchers at Assetnote in May last year. ServiceNow deployed a patch immediately at the time, and later disclosed the issues in July…
Read More » -
Blog
Unpatched Edimax IP camera flaw actively exploited in botnet attacks
A critical command injection vulnerability impacting the Edimax IC-7100 IP camera is currently being exploited by botnet malware to compromise devices. The flaw was discovered by Akamai researchers, who confirmed to BleepingComputer that the flaw is exploited in attacks that are still ongoing. Akamai researcher Kyle Lefton told BleepingComputer that they will provide more technical details about the flaw and…
Read More » -
Blog
Exploits for unpatched Parallels Desktop flaw give root on Macs
Two different exploits for an unpatched Parallels Desktop privilege elevation vulnerability have been publicly disclosed, allowing users to gain root access on impacted Mac devices. Parallels Desktop is a virtualization software that allows Mac users to run Windows, Linux, and other operating systems alongside macOS. It is very popular among developers, businesses, and casual users who need Windows applications on…
Read More » -
Blog
Chinese hackers breach more US telecoms via unpatched Cisco routers
China’s Salt Typhoon hackers are still actively targeting telecoms worldwide and have breached more U.S. telecommunications providers via unpatched Cisco IOS XE network devices. Recorded Future’s Insikt Group threat research division states that the Chinese hacking group (tracked Salt Typhoon and RedMike) has exploited the CVE-2023-20198 privilege escalation and CVE-2023-20273 Web UI command injection vulnerabilities. These ongoing attacks have already…
Read More » -
Blog
Unpatched critical flaws impact Fancy Product Designer WordPress plugin
Premium WordPress plugin Fancy Product Designer from Radykal is vulnerable to two critical severity flaws that remain unfixed in the current latest version. With more than 20,000 sales, the plugin allows customization of product designs (e.g. clothing, mugs, phone cases) on WooCommerce sites by changing colors, transforming text, or modifying the size. While examining the plugin, Patchstack’s Rafie Muhammad discovered…
Read More » -
Blog
Russia is targeting unpatched vulnerabilities – what can tech leaders do to shore up defenses?
Amid the war in Ukraine and escalating global geopolitical tensions, the threat from Russian cyber adversaries has never been greater. So much so that the UK’s National Cyber Security Centre (NCSC) has issued a warning to firms to buckle up for online attacks by Russia’s Foreign Intelligence Service (SVR). According to a joint advisory of US security agencies, the nation…
Read More » -
Blog
Unpatched Mazda Connect bugs let hackers install persistent malware
Attackers could exploit several vulnerabilities in the Mazda Connect infotainment unit, present in multiple car models including Mazda 3 (2014-2021), to execute arbitrary code with root permission. The security issues remain unpatched and some of them are command injection flaws that could be leveraged to obtain unrestricted access to vehicle networks, potentially impacting the car’s operation and safety. Vulnerability details…
Read More »