ALERT — New 21Nails Exim Bugs Expose Millions of Email Servers to Hacking

ALERT — New 21Nails Exim Bugs Expose Millions of Email Servers to Hacking

The maintainers of Exim have released patches to remediate as many as 21 security vulnerabilities in its software that could enable unauthenticated attackers to achieve complete remote code execution and gain root privileges. Collectively named ’21Nails,’ the flaws include 11 vulnerabilities that require local access to the server and 10 other weaknesses that could be…

Hundreds of Millions of Dell Computers Potentially …

Hundreds of Millions of Dell Computers Potentially …

Hardware maker has issued an update to fix multiple critical privilege escalation vulnerabilities that have gone undetected since 2009. Hundreds of millions of Dell laptops, notebooks, and tablets are at risk of compromise from a set of five high-severity flaws that have been undetected since at least 2009. The flaws allow an attacker who already has…

ALERT — New 21Nails Exim Bugs Expose Millions of Email Servers to Hacking

ALERT — New 21Nails Exim Bugs Expose Millions of Email Servers to Hacking

The maintainers of Exim have released patches to remediate as many as 21 security vulnerabilities in its software that could enable unauthenticated attackers to achieve complete remote code execution and gain root privileges. Collectively named ’21Nails,’ the flaws include 11 vulnerabilities that require local access to the server and 10 other weaknesses that could be…

Vulnerability Management: Essential Components

Vulnerability Management: Essential Components

Fraud Management & Cybercrime , Fraud Risk Management , Governance & Risk Management Steve Yurich, CISO of Penn National Insurance, on the Need for Frequent Scanning Suparna Goswami (gsuparna) • May 3, 2021     Steve Yurich, CISO at Penn National Insurance Effective vulnerability management requires more frequent scanning of infrastructure, says Steve…

PoC exploit released for Microsoft Exchange bug dicovered by NSA

PoC exploit released for Microsoft Exchange bug dicovered by NSA

Technical documentation and proof-of-concept exploit (PoC) code is available for a high-severity vulnerability in Microsoft Exchange Server that could let remote attackers execute code on unpatched machines. The flaw is for one of the four that the National Security Agency (NSA) reported to Microsoft and received a fix in April. Despite being the least severe…

War with China a ‘high likelihood’: top ADF soldier

War with China a ‘high likelihood’: top ADF soldier

In the past week the Australian government’s language on China has hardened. Defence Minister Peter Dutton has said a war over Taiwan could not be discounted, that Australia was “already under attack” in the cyber domain and that he wants to have a “more frank discussion with the public” about China’s intentions. Mr Dutton said…

Critical Patch Out for Month-Old Pulse Secure VPN 0-Day Under Attack

Critical Patch Out for Month-Old Pulse Secure VPN 0-Day Under Attack

Critical Patch Out for Month-Old Pulse Secure VPN 0-Day Under Attack | IT Security News 4. May 2021 Ivanti, the company behind Pulse Secure VPN appliances, has released a security patch to remediate a critical security vulnerability that was found being actively exploited in the wild by at least two different threat actors.Tracked as CVE-2021-22893 (CVSS score…

DOD expands bug bounty program to public networks, systems — FCW

DOD expands bug bounty program to public networks, systems — FCW

Defense DOD expands bug bounty program to public networks, systems By Lauren C. Williams May 04, 2021   White hat hackers will get even more opportunities to poke around the Defense Department for vulnerabilities now that it has expanded its bug bounty program to include all of its publicly available information systems. The…