Google fixed a critical Remote Code Execution flaw in Android

Google released an Android security update that addressed tens of flaws, including a critical Android remote code execution vulnerability. Google released an Android security update that addresses 43 flaws, including a critical remote code execution vulnerability in the Android System component tracked as CVE-2021-0316. Google addressed the flaws with the release of Security patch levels … Continue reading Google fixed a critical Remote Code Execution flaw in Android

Recently disclosed CVE-2020-29583 Zyxel flaw already under opportunistic attack

Threat actors are attempting to hack Zyxel devices exploiting the recently disclosed vulnerability CVE-2020-29583, security researchers warn. The Taiwanese vendor Zyxel has recently addressed a critical vulnerability in its firmware, tracked as CVE-2020-29583, related to the presence of a hardcoded undocumented secret account. The vulnerability received a CVSS score of 7.8, it could be exploited … Continue reading Recently disclosed CVE-2020-29583 Zyxel flaw already under opportunistic attack

US-CERT Reports 17,447 Vulnerabilities Recorded in 2020

This marks the fourth year in a row that a record number of vulnerabilities has been discovered, following 17,306 in 2019. The US-CERT Vulnerability Database has confirmed 17,447 vulnerabilities were recorded in 2020, marking the fourth consecutive year with a record number of security flaws published. On Dec. 15, 2020, officials reported 4,168 high-severity vulnerabilities, … Continue reading US-CERT Reports 17,447 Vulnerabilities Recorded in 2020

Malicious or Vulnerable Docker Images Widespread, Firm Says

A dynamic analysis of the publicly available images on Docker Hub found that 51% had critical vulnerabilities and about 6,500 of the 4 million latest images could be considered malicious. More than half of the latest images available on Docker Hub have critical vulnerabilities from outdated software, while thousands of images are attack tools or … Continue reading Malicious or Vulnerable Docker Images Widespread, Firm Says

2-Factor Authentication Bypass Flaw Reported in cPanel and WHM Software

cPanel, a provider of popular administrative tools to manage web hosting, has patched a security vulnerability that could have allowed remote attackers with access to valid credentials to bypass two-factor authentication (2FA) protection on an account. The issue, tracked as "SEC-575" and discovered by researchers from Digital Defense, has been remedied by the company in … Continue reading 2-Factor Authentication Bypass Flaw Reported in cPanel and WHM Software