-
![Honda power equipments]()
Honda’s Power Equipment eCommerce Platform Compromised Through Vulnerable API
In a significant revelation, Honda’s power equipment, marine, and lawn & garden dealer eCommerce platform has been compromised due to a vulnerable password reset API. The hacker managed to access all data on the platform, including customer orders, dealer websites, dealer users/accounts, dealer emails, and customer emails. The hacker also potentially gained access to the…
-
![]()
Cisco Releases Security Updates for Critical Vulnerabilities in Expressway Series and TelePresence VCS
Cisco has released critical software updates to address multiple vulnerabilities discovered in the Cisco Expressway Series and Cisco TelePresence Video Communication Server (VCS). According to the advisory published by Cisco on June 7, 2023, these vulnerabilities could allow an authenticated attacker with Administrator-level read-only credentials to escalate their privileges to Administrator with read-write credentials on…
-
![VMWare Building]()
Three Severe Vulnerabilities in VMware’s Aria Operations for Networks
If you’re using VMware’s Aria Operations for Networks, you need to be aware of three critical vulnerabilities that have been recently discovered. These vulnerabilities, if exploited, can lead to remote code execution and information disclosure, posing a significant risk to your network’s security. Let’s break down each of these vulnerabilities and understand what steps you…
-
![]()
Google Patches Actively Exploited Chrome Flaw
Google has issued security updates on Monday to address a high-severity vulnerability in its Chrome web browser that is currently being exploited in the wild. Identified as CVE-2023-3079, the flaw has been characterized as a type confusion bug in the V8 JavaScript engine. The bug was reported by Clement Lecigne from Google’s Threat Analysis Group…
-
![Password Safe]()
Password Manager KeePass Patches Vulnerability in Recent Update
Over the weekend, KeePass, an open-source password manager, patched a vulnerability allowing potential attackers to extract the cleartext master password from a memory dump. This critical update came several weeks ahead of schedule, according to an official statement from KeePass. The flaw, tracked as CVE-2023-32784, impacted KeePass 2.x versions. It was connected to a custom-developed…
-
![]()
Gigabyte Rolls Out BIOS Updates to Remove Backdoor from Motherboards
Gigabyte, the Taiwanese computer components manufacturer, has released BIOS updates for a number of its motherboards to remove a backdoor that could have been used to gain unauthorized access to the devices. The backdoor was discovered by security researchers at Eclypsium, who found that it was present in the firmware of Gigabyte motherboards dating back…
-
![]()
Critical SQL Injection Vulnerability Uncovered in MOVEit Transfer
Progress Software Corporation has recently disclosed a critical vulnerability in its MOVEit Transfer web application, urging users to take immediate action to mitigate the risk. The vulnerability, officially designated as CVE-2023-34362, is an SQL Injection vulnerability that could potentially lead to escalated privileges and unauthorized access. It affects versions prior to 2021.0.6 (13.0.6), 2021.1.4 (13.1.4),…
-
![]()
Barracuda Networks Patches Zero-day Vulnerability In Email Security Gateway Appliance
Barracuda Networks has discovered and patched a significant vulnerability in its Email Security Gateway appliance (ESG) this week. The cyber defense company acknowledged the existence of this vulnerability, coded CVE-2023-2868, on May 19, 2023. The security issue was located within a module that screens the attachments of incoming emails on ESG appliances. The flaw has…
-
![]()
Apple Releases Urgent Patches to Address Newly Discovered Zero-Day Vulnerabilities
May 18, 2023 – Apple has released iOS 16.5 and iPadOS 16.5, introducing several important security improvements and addressing vulnerabilities that could potentially compromise user data and device integrity. The update is available for iPhone 8 and later models, iPad Pro (all models), iPad Air 3rd generation and later, iPad 5th generation and later, as…
-
![]()
Brightly Software Security Breach Exposes Personal Data of Nearly 3 Million Users
Brightly Software, an education technology company, announced today that an unauthorized third party accessed account information for nearly 3 million of its SchoolDude application users in a data breach discovered on April 28. According to a statement by the Cary, N.C.-based company, an investigation found that user data such as names, email addresses, phone numbers,…
