Tag: adobe
-
Threat Actors Abuse Trust in Cloud Collaboration Platforms
by
in SecurityNewsThreat actors are exploiting cloud platforms like Adobe and Dropbox to evade email gateways and steal credentials First seen on infosecurity-magazine.com Jump to article: www.infosecurity-magazine.com/news/threat-actors-abuse-cloud-platforms/
-
Adobe Patches Critical Deserialization Vulnerability, but Exploits Persist
by
in SecurityNewsThe vulnerability was being exploited in the wild, targeting two versions of Adobe ColdFusion. First seen on darkreading.com Jump to article: www.darkreading.com/vulnerabilities-threats/adobe-patches-critical-deserialization-vulnerability-but-exploits-persist
-
Adobe Acrobat Vulnerabilities Enable Remote Code Execution
by
in SecurityNewsA recent disclosure by Cisco Talos’ Vulnerability Discovery & Research team highlighted several vulnerability issues in Adobe Acrobat. All of these vulnerabilities have been addressed by their respective vendors, aligning with Cisco’s third-party vulnerability disclosure policy. For detection of these vulnerabilities, users can utilize the latest Snort rule sets available from Snort.org and refer to…
-
Malicious Adobe, DocuSign OAuth apps target Microsoft 365 accounts
by
in SecurityNewsCybercriminals are promoting malicious Microsoft OAuth apps that masquerade as Adobe and DocuSign apps to deliver malware and steal Microsoft 365 accounts credentials. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/malicious-adobe-docusign-oauth-apps-target-microsoft-365-accounts/
-
Miniaudio and Adobe Acrobat Reader vulnerabilities
by
in SecurityNewsCisco Talos’ Vulnerability Discovery & Research team recently disclosed a Miniaudio and three Adobe vulnerabilities. The vulnerabilities mentioned in this blog post have been patched by their respective vendors, all in adherence to Cisco’s third-party vulnerability disclosure policy. For Snort coverage First seen on blog.talosintelligence.com Jump to article: blog.talosintelligence.com/miniaudio-and-adobe-acrobat-reader-vulnerabilities/
-
Patch Tuesday: Critical Code-Execution Bugs in Acrobat and Reader
by
in SecurityNewsAdobe documents 35 security flaws in a wide range of products, including code-execution issues in the Acrobat and Reader applications. The post Patch Tuesday: Critical Code-Execution Bugs in Acrobat and Reader appeared first on SecurityWeek. First seen on securityweek.com Jump to article: www.securityweek.com/patch-tuesday-critical-code-execution-bugs-in-acrobat-and-reader/
-
Aktive Ausnutzung! – Kritische Sicherheitslücke in Adobe Coldfusion
by
in SecurityNewsFirst seen on security-insider.de Jump to article: www.security-insider.de/adobe-coldfusion-hotfixes-gegen-cyberangriffe-a-6214544a080b2fca8984780aad794703/
-
Critical deserialization bugs in Adobe, Oracle software actively exploited, warns CISA
by
in SecurityNewsOracle Agile PLM flaw open to N-days: The other vulnerability, fixed in January 2024, is a high severity (CVSS 8.8/10) flaw in the export component of the Oracle’s PLM software, and stems from the improper handling of serialized data. It’s tracked as CVE-2024-20953. Successful exploitation could enable a low-privileged attacker with network access via HTTP…
-
U.S. CISA adds Adobe ColdFusion and Oracle Agile PLM flaws to its Known Exploited Vulnerabilities catalog
by
in SecurityNewsU.S. Cybersecurity and Infrastructure Security Agency (CISA) adds Adobe ColdFusion and Oracle Agile Product Lifecycle Management (PLM)vulnerabilities to its Known Exploited Vulnerabilities catalog. The U.S. Cybersecurity and Infrastructure Security Agency (CISA)added SonicWall SonicOS and Palo Alto PAN-OS vulnerabilities to its Known Exploited Vulnerabilities (KEV) catalog. The two vulnerabilities are: CVE-2017-3066(CVSS score of 9.8) is a…
-
CISA KEV Catalog Updated with Adobe ColdFusion and Oracle Agile PLM Vulnerabilities
by
in SecurityNewsThe U.S. Cybersecurity and Infrastructure Security Agency (CISA) has recently updated its Known Exploited Vulnerabilities (KEV) catalog by adding two significant security flaws one affecting Adobe ColdFusion and the other impacting Oracle Agile Product Lifecycle Management (PLM). CVE-2017-3066 in… First seen on sensorstechforum.com Jump to article: sensorstechforum.com/cisa-kev-catalog-adobe-coldfusion-oracle-vulnerabilities/
-
CISA Warns of Actively Exploited Adobe ColdFusion and Oracle Agile PLM Vulnerabilities
by
in SecurityNewsThe Cybersecurity and Infrastructure Security Agency (CISA) has recently updated its Known Exploited Vulnerabilities (KEV) Catalog by adding two critical vulnerabilities, both actively being exploited in the wild. These vulnerabilities, related to Adobe ColdFusion and Oracle Agile Product Lifecycle Management (PLM), have been identified as security risks to federal agencies and organizations worldwide. First seen…
-
Two Actively Exploited Security Flaws in Adobe and Oracle Products Flagged by CISA
by
in SecurityNewsThe U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added two security flaws impacting Adobe ColdFusion and Oracle Agile Product Lifecycle Management (PLM) to its Known Exploited Vulnerabilities (KEV) catalog, based on evidence of active exploitation.The vulnerabilities in question are listed below -CVE-2017-3066 (CVSS score: 9.8) – A deserialization vulnerability impacting First seen on thehackernews.com…
-
Microsoft, McAfee und Adobe: 200.000 Phishing-Mails entdeckt
Sicherheitsforscher von Check Point Software Technologies Ltd. haben eine massive Phishing-Kampagne aufgedeckt, bei der Cyber-Kriminelle auf ausgeklügelte URL-Manipulation setzen. Insgesamt wurden 200.000 betrügerische E-Mails entdeckt, die sich weltweit verbreiten. First seen on it-daily.net Jump to article: www.it-daily.net/it-sicherheit/cybercrime/microsoft-mcafee-und-adobe-200-000-phishing-mails-entdeckt
-
Gefahr durch Phishing-Mails, die Microsoft, McAfee und Adobe nachahmen
Die Sicherheitsforscher von Check Point Software Technologies haben 200 000 Phishing-E-Mails entdeckt, die URL-Informationen zur Verschleierung von Phishing-Links missbrauchten. Der Betrug wurde erstmals am 21. Januar 2025 beobachtet und ist nach wie vor im Gange, wobei das tägliche Bedrohungsvolumen abnimmt. Geografisch betrachtet wurden 75 Prozent der E-Mails in den USA verbreitet, 17 Prozent in der…
-
Fake ‘Adobe Drive X’ App Sneaks Through Microsoft Login to Steal Credentials
by
in SecurityNewsCofense’s Phishing Defense Center (PDC) has uncovered a phishing campaign that uses a legitimate Microsoft login page to First seen on securityonline.info Jump to article: securityonline.info/fake-adobe-drive-x-app-sneaks-through-microsoft-login-to-steal-credentials/
-
Adobe-Updates: Commerce und reichlich Software von Schwachstellen betroffen
by
in SecurityNewsAktualisierungen für Adobe-Software schließen teils kritische Lücken. Nutzer von Illustrator, InDesign und Co. sollten zügig handeln. First seen on tarnkappe.info Jump to article: tarnkappe.info/artikel/it-sicherheit/adobe-updates-commerce-und-reichlich-software-von-schwachstellen-betroffen-310067.html
-
Adobe-Patchday: Schadcode-Sicherheitslücken gefährden Illustrator & Co.
by
in SecurityNewsAngreifer können an mehreren Sicherheitslücken in Anwendungen von Adobe ansetzen, um Computer zu kompromittieren. First seen on heise.de Jump to article: www.heise.de/news/Adobe-Patchday-Schadcode-Sicherheitsluecken-gefaehrden-Illustrator-Co-10279209.html
-
Adobe Plugs 45 Software Security Holes, Warns of Code Execution Risks
by
in SecurityNewsPatch Tuesday: Adobe patches 45 vulnerabilities across multiple products and warns of remote code execution exploitation risks. The post Adobe Plugs 45 Software Security Holes, Warns of Code Execution Risks appeared first on SecurityWeek. First seen on securityweek.com Jump to article: www.securityweek.com/adobe-plugs-45-software-security-holes-warn-of-code-execution-risks/
-
Adobe Plugs 45 Software Security Holes, Warn of Code Execution Risks
by
in SecurityNewsPatch Tuesday: Adobe patches 45 vulnerabilities across multiple products and warn of remote code execution exploitation risks. The post Adobe Plugs 45 Software Security Holes, Warn of Code Execution Risks appeared first on SecurityWeek. First seen on securityweek.com Jump to article: www.securityweek.com/adobe-plugs-45-software-security-holes-warn-of-code-execution-risks/
-
Adobe-Patchday: Gefährliche Sicherheitslücken in Photoshop & Co. geschlossen
by
in SecurityNewsAngreifer können Adobe-Anwendungen attackieren, um Computer zu kompromittieren. Sicherheitsupdates schaffen Abhilfe. First seen on heise.de Jump to article: www.heise.de/news/Adobe-Patchday-Schadcode-Attacken-auf-Photoshop-Co-moeglich-10243019.html
-
Critical Code Execution Flaws in Photoshop
by
in SecurityNewsPatch Tuesday: Adobe ships patches for more than a dozen security defects in a wide range of software products. The post Adobe: Critical Code Execution Flaws in Photoshop appeared first on SecurityWeek. First seen on securityweek.com Jump to article: www.securityweek.com/adobe-critical-code-execution-flaws-in-photoshop/
-
Adobe Warns of ColdFusion Vulnerability Allows Attackers Read arbitrary files
by
in SecurityNewsAdobe has issued a critical security update for ColdFusion versions 2023 and 2021 to address a major vulnerability that could lead to an arbitrary file system read. The identified vulnerability, CVE-2024-53961, has a known proof-of-concept exploit, making the updates crucial for users. This release underscores Adobe’s commitment to ensuring the security and integrity of its…
-
Adobe ColdFusion Any File Read Vulnerability (CVE-2024-53961)
by
in SecurityNewsOverview Recently, NSFOCUS CERT detected that Adobe issued a security announcement and fixed any file read vulnerability in Adobe ColdFusion (CVE-2024-53961). Due to improper restrictions on pathnames in Adobe ColdFusion, unauthenticated attackers can bypass the application’s restrictions to read files or directories outside of the restricted directory. As a result, sensitive information may be disclosed…The…
-
MSSP Market Update: Adobe Issues Emergency Security Update
by
in SecurityNewsFirst seen on scworld.com Jump to article: www.scworld.com/news/mssp-market-update-adobe-issues-emergency-security-update
-
Adobe is aware that ColdFusion bug CVE-2024-53961 has a known PoC exploit code
by
in SecurityNewsAdobe released out-of-band security updates to address a critical ColdFusion vulnerability, experts warn of a PoC exploit code available for it. Adobe released out-of-band security updates to address a critical vulnerability, tracked as CVE-2024-53961 (CVSS score 7.4), in ColdFusion. Experts warn of the availability of a proof-of-concept (PoC) exploit code for this vulnerability. The vulnerability is an…
-
Adobe Patches ColdFusion Flaw at High Risk of Exploitation
by
in SecurityNewsAdobe has released patches for a high-severity ColdFusion vulnerability for which proof-of-concept (PoC) code exists. The post Adobe Patches ColdFusion Flaw at High Risk of Exploitation appeared first on SecurityWeek. First seen on securityweek.com Jump to article: www.securityweek.com/adobe-patches-coldfusion-flaw-at-high-risk-of-exploitation/
-
FYSA Adobe Cold Fusion Path Traversal Vulnerability
by
in SecurityNewsSummary Adobe has released a security bulletin (APSB24-107) addressing an arbitrary file system read vulnerability in ColdFusion, a web application server. The vulnerability, identified as CVE-2024-53961, can be exploited to read arbitrary files on the system, potentially leading to unauthorized… First seen on securityintelligence.com Jump to article: securityintelligence.com/news/fysa-adobe-cold-fusion-path-traversal-vulnerability/