A new zero-day vulnerability – this time targeting all Chromium-based browsers – has emerged recently, with Google issuing an emergency update to affected users. CVE-2022-1096 was acknowledged by Google on March 25th, but the company did not provide extensive details about the vulnerability. Here’s everything you need to know. What is the CVE-2022-1096 vulnerability? After… Continue reading How to fix CVE-2022-1096
Another month, another set of CVEs to address. In the past few weeks, one in particular grabbed our attention – CVE-2022-0633, targeting WordPress. This vulnerability can pose significant issues to the affected organizations, and should be fixed as soon as possible, if it hasn’t been already. Here’s everything you need to know. What is the… Continue reading How to fix CVE-2022-0633
We’re just a few weeks into 2022, and we already have a new critical vulnerability to face. On the first Patch Tuesday of the year, Microsoft released the CVE-2022-21907 security update. Without much explanation from the vendor (“HTTP Protocol Stack Remote Code Execution Vulnerability”), the vulnerability was scored with a 9.8 critical CVSS score and… Continue reading CVE-2022-21907 – what you need to know
Vulcan Cyber is on a mission to help businesses own and mitigate risk. That’s why we do our own research on the most searched CVEs to make sure our community is up to date with the industry’s latest concerns. SEO tool Ahrefs has shown us that in the last few weeks, CVE-2017-14491 and CVE-2019-0708, two… Continue reading CVE-2017-14491 and CVE-2019-0708: a blast from the past
What is the SIGRed Vulnerability (CVE-2020-1350)? SIGRed (CVE-2020-1350) is a critical, wormable RCE (remote code execution) vulnerability in the Windows DNS Server, that can be triggered by an attacker with malicious DNS response. It received a CVSS base score of 10, and according to the Check Point researchers who found this 17-year-old flaw, the likelihood of exploitation is high.
The Apache HTTP server is one of the most common HTTP server frameworks on the internet. Yesterday (October 5th 2021), Apache released a security patch that fixes a critical vulnerability in their project – CVE-2021-41773. This vulnerability was disclosed by Ash Daulton and the CPanel security team on September 29 – not long after Apache… Continue reading CVE-2021-41773: What it is and how to fix it
There’s a saying: “Everything old is new again.” That may be fine when it comes to fashion and nostalgic movies, but when it comes to “vintage” vulnerabilities, the situation can quickly become dangerous. When a vulnerability like CVE-2013-0229 or CVE-2012-5958 goes unremediated for an extended period of time, sometimes it can be forgotten entirely, or… Continue reading How to fix the returning CVE-2013-0229 & CVE-2012-5958
Last week, news broke that Blackberry had withheld information from its users about a serious security flaw – for months. In vulnerability disclosure terms, that’s big news. What is CVE-2021-22156? CVE-2021-22156 (known as BadAlloc) is a collection of integer overflow vulnerabilities affecting multiple real-time operating systems and supporting libraries. According to CISA, “exploitation of this… Continue reading Vulnerability disclosure is not a choice. It’s a responsibility.
At Vulcan Cyber, we keep ourselves front and center in the conversation on security, in part through Vulcan Remedy Cloud, the world’s largest free and curated database of reliable vulnerability solutions. To keep our finger on the pulse of security, we track in-demand and trending vulnerabilities. In July, CVE-2021-34527, the Windows Print Spooler Remote Code… Continue reading Fixing CVE-2021-34527, the Windows Print Spooler RCE Vulnerability
At Vulcan Cyber, we keep our finger on the pulse of the cyber security field and a big part of that is getting a real-time understanding of which vulnerabilities are considered most crucial for the industry at any given time. Based on Q1 2021 visitor statistics for Vulcan Remedy Cloud, SolarWinds Orion API and Windows… Continue reading SolarWinds Orion API & Windows DNS are the most visited vulnerabilities on Remedy Cloud