Researchers at firmware security company Binarly have identified nearly two dozen vulnerabilities in UEFI firmware code used by the world’s largest device makers.
Two Dozen UEFI Vulnerabilities Impact Millions of Devices From Major Vendors
Critical Flaw Impacts WordPress Plugin With 1 Million Installations
Over one million WordPress websites might have been impacted by a critical vulnerability in the Essential Addons for Elementor plugin.
Essential Addons for Elementor provides WordPress site admins with more than 80 elements and extensions to help them easily design WordPress pages and posts.
CISA Adds Recent iOS, SonicWall Vulnerabilities to ‘Must Patch’ List
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) this week announced the addition of eight more vulnerabilities to the list of security flaws known to be exploited in malicious attacks.
North Korean Hackers Abuse Windows Update Client in Attacks on Defense Industry
The North Korean threat group Lazarus was observed abusing the Windows Update client for the execution of malicious code during a campaign this month, Malwarebytes reports.
SureMDM Vulnerabilities Exposed Companies to Supply Chain Attacks
A series of vulnerabilities in 42Gears’ SureMDM device management products could have resulted in a supply chain compromise against any organization using the platform.
CISA’s ‘Must Patch’ List Puts Spotlight on Vulnerability Management Processes
The U.S. Cybersecurity and Infrastructure Security Agency’s catalog of known exploited vulnerabilities can be useful not only for helping organizations patch high-risk vulnerabilities in their systems, but also to help them build or improve vulnerability management processes.
Vulnerabilities in Swiss E-Voting System Earn Researchers Big Bounties
Zerodium Offering $400,000 for Microsoft Outlook Zero-Day Exploits
The exploit acquisition firm Zerodium this week showed increased interest in buying zero-day exploits targeting the popular email clients Microsoft Outlook and Mozilla Thunderbird.
Xerox Quietly Patched Device-Bricking Flaw Affecting Some Printers
Xerox patched a device-bricking vulnerability in certain printer models more than a year and a half ago, but said nothing until this week, when information on the bug became public.
Outlook Security Feature Bypass Allowed Sending Malicious Links
A Trustwave researcher has discovered a new technique to completely bypass a security feature of Microsoft Outlook and deliver a malicious link to the recipient.
The new technique, Trustwave SpiderLabs lead threat architect Reegun Richard Jayapaul explains, is a variation of a vulnerability that was initially addressed in February 2020.
