Developers have been increasingly targeted by attackers. Compromising a single developer enables attackers to embed malicious code into a company's products. If that product is then used by other companies, the malware can spread to their systems in a supply chain attack.
A zero-day remote code execution vulnerability in Microsoft Office has come to light, and is considered very serious due to potential for code execution if a victim opens a malicious document in Word.
Microsoft 365 Defender researcher team discovered a privilege escalation vulnerability dubbed Nimbuspwn allowing an attacker to gain root privileges and deploy malicious payloads.
Qualys researchers said the 12-year-old memory corruption local privilege escalation vulnerability on polkit's Set User ID program pkexec is easily exploitable by novice attackers and affects every major Linux distribution.
A 19-year-old "security specialist" has found a vulnerability in third party software used by certain Tesla vehicles, which allows the remote control of certain functions such as the engine and the security system.
Legal action may be forthcoming for organizations that do not patch Log4j. The FTC has issued an alert that references the Equifax breach (which ended in a settlement of $700 million) as a precedent.
The best way to deal with a vulnerability is doing what you can to prevent them from happening in the first place. Oftentimes, cyber risk can be managed even through simple and basic security hygiene practices.
There are significant gaps in virtual appliance security, and many products are distributed with known, exploitable, and fixable vulnerabilities and on outdated or unsupported operating systems.
Since patching is problematic and traditional perimeter security is ineffective for Ripple20 vulnerabilities, Zero Trust security may be the right answer.
Proposed bill requires American tech companies to put encryption backdoors in their products for law enforcement access which can be potentially exploited by hackers.