Tag: adobe
-
CISA-Warnungen: Schwachstellen in Windows Kernel, Cleo etc.
by
in SecurityNewsDie US-Cybersicherheitsbehörde CISA hat ihren Schwachstellenkatalog um weitere Einträge ergänzt. So wird vor der Adobe ColdFusion Schwachstelle CVE-2024-20767 , der Windows Kernel-Schwachstelle CVE-2024-35250, oder vor Schwachstellen in der Cleo-Software gewarnt. Die Schwachstellen werden bekanntermaßen ausgenutzt. Mir ist die Warnung kürzlich … First seen on borncity.com Jump to article: www.borncity.com/blog/2024/12/20/cisa-warn-vor-windows-kernel-schwachstellen-cve-2024-20767-cve-2024-35250/
-
Acrobat outbounds and Foxit usefree PDF reader vulnerabilities found
by
in SecurityNewsCisco Talos’ Vulnerability Research team recently disclosed three out-of-bounds read vulnerabilities in Adobe Acrobat Reader, and two use-after-free vulnerabilities in Foxit Reader. These vulnerabilities exist in Adobe Acrobat Reader and Foxit Reader, two of the most popular and feature-rich PDF readers on the market. The vulnerabilities First seen on blog.talosintelligence.com Jump to article: blog.talosintelligence.com/acrobat-out-of-bounds-and-foxit-use-after-free-pdf-reader-vulnerabilities-found/
-
CISA Warns of Exploited Adobe ColdFusion, Windows Vulnerabilities
by
in SecurityNewsCISA has warned organizations that two vulnerabilities affecting Adobe ColdFusion and Windows have been exploited in the wild. The post CISA Warns of Exploited Adobe ColdFusion, Windows Vulnerabilities appeared first on SecurityWeek. First seen on securityweek.com Jump to article: www.securityweek.com/cisa-warns-of-exploited-adobe-coldfusion-windows-vulnerabilities/
-
U.S. CISA adds Microsoft Windows Kernel-Mode Driver and Adobe ColdFusion flaws to its Known Exploited Vulnerabilities catalog
by
in SecurityNews
Tags: access, adobe, cisa, control, cybersecurity, exploit, flaw, infrastructure, kev, microsoft, vulnerability, windowsU.S. Cybersecurity and Infrastructure Security Agency (CISA) adds Microsoft Windows Kernel-Mode Driver and Adobe ColdFusion flaws to its Known Exploited Vulnerabilities catalog. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) added the Microsoft Windows Kernel-Mode Driver Untrusted Pointer Dereference (CVE-2024-35250) and Adobe ColdFusion Improper Access Control (CVE-2024-20767) vulnerabilities to its Known Exploited Vulnerabilities (KEV) catalog. The…
-
CISA Warns of Adobe Windows Kernel Driver Vulnerabilities Exploited in Attacks
by
in SecurityNews
Tags: access, adobe, attack, cisa, control, cve, cyber, cybersecurity, exploit, infrastructure, kev, malicious, risk, vulnerability, windowsThe Cybersecurity and Infrastructure Security Agency (CISA) has issued a critical alert, adding two significant vulnerabilities to its Known Exploited Vulnerabilities Catalog. These vulnerabilities, actively exploited by malicious actors, underscore the growing risks facing organizations. Adobe ColdFusion Access Control Weakness (CVE-2024-20767) One of the newly added vulnerabilities, CVE-2024-20767, affects Adobe ColdFusion due to improper access…
-
CISA and FBI Raise Alerts on Exploited Flaws and Expanding HiatusRAT Campaign
by
in SecurityNews
Tags: access, adobe, cisa, control, cve, cybersecurity, exploit, flaw, infrastructure, kev, vulnerabilityThe U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Monday added two security flaws to its Known Exploited Vulnerabilities (KEV) catalog, citing evidence of active exploitation in the wild.The list of flaws is below -CVE-2024-20767 (CVSS score: 7.4) – Adobe ColdFusion contains an improper access control vulnerability that could allow an attacker to access or…
-
Microsoft closes 2024 with extensive security update
by
in SecurityNewsAdobe, too. First seen on cyberscoop.com Jump to article: cyberscoop.com/microsoft-patch-tuesday-december-2024/
-
Adobe Patches Over 160 Vulnerabilities Across 16 Products
by
in SecurityNewsAdobe has patched over 160 vulnerabilities across over a dozen products, including Reader, Illustrator, Photoshop and Connect. The post Adobe Patches Over 160 Vulnerabilities Across 16 Products appeared first on SecurityWeek. First seen on securityweek.com Jump to article: www.securityweek.com/adobe-patches-over-160-vulnerabilities-across-16-products/
-
SAP fixed critical SSRF flaw in NetWeaver’s Adobe Document Services
by
in SecurityNewsSAP has issued patches for 16 vulnerabilities, including a critical SSRF flaw in NetWeaver’s Adobe Document Services. SAP addressed 16 vulnerabilities as part of its December 2024 Security Patch Day. The company released nine new and four updated security notes. The most severe of these vulnerabilities is a critical issue, tracked as CVE-2024-47578 (CVSS score…
-
Critical SAP Vulnerabilities Let Attackers Upload Malicious PDF Files
by
in SecurityNewsSAP has issued Security Note 3536965 to address multiple high-severity vulnerabilities in the Adobe Document Services of SAP NetWeaver AS for JAVA. These vulnerabilities, identified as CVE-2024-47578, CVE-2024-47579, and CVE-2024-47580, allow attackers to manipulate or upload malicious PDF files, potentially compromising internal systems and exposing sensitive data. Details of the Vulnerabilities CVE-2024-47578: Server-Side Request Forgery (SSRF) This flaw allows attackers with administrative privileges to send specially crafted…
-
Patchday Adobe: Schadcode-Attacken auf After Effects & Co. möglich
by
in SecurityNewsVerschiedene Anwendungen von Adobe sind verwundbar. Sicherheitsupdates schließen mehrere Lücken. First seen on heise.de Jump to article: www.heise.de/news/Patchday-Adobe-Schadcode-Attacken-auf-After-Effects-Co-moeglich-10029714.html
-
Patch Tuesday: Critical Flaws in Adobe Commerce, Photoshop, InDesign, Illustrator
by
in SecurityNewsAdobe patches critical-severity bugs in multiple products, including the Adobe Commerce and Magento Open Source platforms. The post Patch Tuesday: Critical Flaws in Adobe Commerce, Photoshop, InDesign, Illustrator appeared first on SecurityWeek. First seen on securityweek.com Jump to article: www.securityweek.com/patch-tuesday-critical-flaws-in-adobe-commerce-photoshop-indesign-illustrator/
-
Infostealer SYS01 – Malvertising-Kampagne zielt auf Facebook, Office 365 und Adobe
by
in SecurityNewsFirst seen on security-insider.de Jump to article: www.security-insider.de/-malware-sys01-bedroht-nutzerkonten-malvertising-kampagne-a-fc49b3a71bf60ce9b54c463aa49ac482/
-
Adobe-Patchday: Neun Produkte mit Sicherheitslücken
by
in SecurityNews
Tags: adobeFirst seen on heise.de Jump to article: www.heise.de/news/Adobe-Patchday-Neun-Produkte-mit-Sicherheitsluecken-9974474.html
-
Unlocking Proactive Compliance with Adobe’s Common Controls Framework
by
in SecurityNewsTechSpective Podcast Episode 141 I had the pleasure of speaking with Devansh Sharma, Senior Security and Compliance Product Owner at Adobe, about a ga… First seen on securityboulevard.com Jump to article: securityboulevard.com/2024/10/unlocking-proactive-compliance-with-adobes-common-controls-framework/
-
Adobe Security Alert: Update Software Now to Protect Against Exploits
by
in SecurityNewsAdobe announced a series of important security updates aimed at addressing several vulnerabilities across its product suite. These vulnerabilities cou… First seen on thecyberexpress.com Jump to article: thecyberexpress.com/adobe-security-update/
-
Alert: Adobe Commerce and Magento Stores Under Attack from CosmicSting Exploit
by
in SecurityNewsCybersecurity researchers have disclosed that 5% of all Adobe Commerce and Magento stores have been hacked by malicious actors by exploiting a securit… First seen on thehackernews.com Jump to article: thehackernews.com/2024/10/alert-adobe-commerce-and-magento-stores.html
-
CosmicSting-Attacke auf Adobe Commerce – Tausende Online-Shops mit Adobe Commerce gehackt
by
in SecurityNews
Tags: adobeFirst seen on security-insider.de Jump to article: www.security-insider.de/sicherheitsluecke-adobe-commerce-cosmicsting-angriffe-a-9abddaace30c0bb9430f24ef256467b8/
-
Thousands of Adobe Commerce e-stores hacked by exploiting the CosmicSting bug
by
in SecurityNewsOver 4,000 unpatched Adobe Commerce and Magento stores have been compromised by exploiting critical vulnerability CVE-2024-34102. Sansec researchers r… First seen on securityaffairs.com Jump to article: securityaffairs.com/169316/cyber-crime/4000-unpatched-adobe-commerce-and-magento-stores-hacked.html
-
CosmicSting Attacks Hit Adobe Commerce, Magento Stores
by
in SecurityNewsFirst seen on scworld.com Jump to article: www.scworld.com/brief/cosmicsting-attacks-hit-adobe-commerce-magento-stores
-
Widespread CosmicSting attacks hit Adobe Commerce, Magento stores
by
in SecurityNewsFirst seen on scworld.com Jump to article: www.scworld.com/brief/widespread-cosmicsting-attacks-hit-adobe-commerce-magento-stores
-
Over 4,000 Adobe Commerce, Magento shops hacked in CosmicSting attacks
by
in SecurityNewsFirst seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/over-4-000-adobe-commerce-magento-shops-hacked-in-cosmicsting-attacks/
-
Adobe fixed Acrobat bug, neglected to mention whole zero-day exploit thing
by
in SecurityNewsFirst seen on theregister.com Jump to article: www.theregister.com/2024/09/12/adobe_acrobat_0day/
-
Mass Retail Hacks Affect Adobe Commerce and Magento Stores
by
in SecurityNews4,387 Online Merchants Compromised, Including Cisco and National Geographic Stores. Thousands of online stores running Adobe Commerce and Magento soft… First seen on govinfosecurity.com Jump to article: www.govinfosecurity.com/mass-retail-hacks-affect-adobe-commerce-magento-stores-a-26449
-
Adobe-Patchday: Kritische Lücken in mehreren Produkten
by
in SecurityNews
Tags: adobeFirst seen on heise.de Jump to article: www.heise.de/news/Adobe-Patchday-Kritische-Luecken-in-mehreren-Produkten-9864254.html
-
Windows MSHTML Zero-Day Vulnerability Exploited In The Wild
by
in SecurityNewsAdobe released eight security updates in September 2024, addressing 28 vulnerabilities in various products, as ColdFusion received a critical patch to… First seen on gbhackers.com Jump to article: gbhackers.com/windows-mshtml-zero-day-exploit/
-
In Other News: Possible Adobe Reader Zero-Day, Hijacking Mobi TLD, WhatsApp View Once Exploit
by
in SecurityNewsNoteworthy stories that might have slipped under the radar: a possible Adobe Reader zero-day, researchers mistakenly hijack .mobi TLD, and an exploite… First seen on securityweek.com Jump to article: www.securityweek.com/in-other-news-possible-adobe-reader-zero-day-hijacking-mobi-tld-whatsapp-view-once-exploit/
-
Adobe completes fix for Reader bug with known PoC exploit (CVE-2024-41869)
by
in SecurityNewsAmong the security updates released by Adobe on Tuesday are those for various versions of Adobe Acrobat and Reader, which fix two critical flaws that … First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2024/09/12/cve-2024-41869/
-
Adobe Patch Tuesday security updates fixed multiple critical issues in the company’s products
by
in SecurityNewsAdobe addressed tens of vulnerabilities, including critical issues that could allow attackers to execute arbitrary code on Windows and macOS. Adobe Pa… First seen on securityaffairs.com Jump to article: securityaffairs.com/168313/security/adobe-patch-tuesday-sept-2024.html
-
Adobe fixes Acrobat Reader zero-day with public PoC exploit
by
in SecurityNewsA cybersecurity researcher is urging users to upgrade Adobe Acrobat Reader after a fix was released yesterday for a remote code execution zero-day wit… First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/adobe-fixes-acrobat-reader-zero-day-with-public-poc-exploit/