Tag: cve
-
Windows spoofing flaw exploited in earlier zero-day attacks
by
in SecurityNewsMicrosoft reveals that CVE-2024-43461, which was disclosed in September’s Patch Tuesday, was previously exploited as a zero-day vulnerability in an at… First seen on techtarget.com Jump to article: www.techtarget.com/searchsecurity/news/366610775/Windows-spoofing-flaw-exploited-in-earlier-zero-day-attacks
-
Fortigate SSLVPN Vulnerability Exploited in the Wild
by
in SecurityNewsA critical vulnerability in Fortinet’s FortiGate SSLVPN appliances, CVE-2024-23113, has been actively exploited in the wild. This format string flaw v… First seen on gbhackers.com Jump to article: gbhackers.com/fortigate-sslvpn-vulnerability/
-
87,000+ Fortinet devices still open to attack, are yours among them? (CVE-2024-23113)
by
in SecurityNewsLast week, CISA added CVE-2024-23113 a critical vulnerability that allows unauthenticated remote code/command execution on unpatched Fortinet FortiGat… First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2024/10/15/cve-2024-23113/
-
Oracle Patches Over 200 Vulnerabilities With October 2024 CPU
by
in SecurityNewsOracle has released 334 new security patches to address roughly 220 unique CVEs as part of its October 2024 Critical Patch Update. The post Oracle Pat… First seen on securityweek.com Jump to article: www.securityweek.com/oracle-patches-over-200-vulnerabilities-with-october-2024-cpu/
-
Oracle October 2024 Critical Patch Update Addresses 198 CVEs
by
in SecurityNewsOracle addresses 198 CVEs in its fourth quarterly update of 2024 with 334 patches, including 35 critical updates. Background On October 15, O… First seen on securityboulevard.com Jump to article: securityboulevard.com/2024/10/oracle-october-2024-critical-patch-update-addresses-198-cves/
-
Ransomware operators exploited Veeam Backup Replication flaw CVE-2024-40711 in recent attacks
by
in SecurityNewsSophos reports ransomware operators are exploiting a critical code execution flaw in Veeam Backup & Replication. Sophos researchers warn that rans… First seen on securityaffairs.com Jump to article: securityaffairs.com/169679/cyber-crime/ransomware-groups-exploit-veeam-backup-replication-bug.html
-
iPhone ‘VoiceOver’ Feature Could Read Passwords Aloud
by
in SecurityNewsCVE-2024-44204 is one of two new Apple iOS security vulnerabilities that showcase an unexpected coming together of privacy snafus and accessibility fe… First seen on darkreading.com Jump to article: www.darkreading.com/cyber-risk/iphone-voiceover-feature-read-passwords-aloud
-
Hackers Exploiting Zero-day Flaw in Qualcomm Chips to Attack Android Users
by
in SecurityNewsHackers exploit a zero-day vulnerability found in Qualcomm chipsets, potentially affecting millions worldwide. The flaw, identified as CVE-2024-43047,… First seen on gbhackers.com Jump to article: gbhackers.com/hackers-exploiting-zero-day-flaw-in-qualcomm-chips/
-
Microsoft Patches 117 CVEs: Focus on Critical and Zero-Day Threats
by
in SecurityNewsMicrosoft has released the October 2024 Patch Tuesday, addressing a total of 117 Common Vulnerabilities and Exposures (CVEs). This month’s Microsoft P… First seen on thecyberexpress.com Jump to article: thecyberexpress.com/microsoft-patch-tuesday-2/
-
Vulnerability Prioritization the Magic 8 Ball
by
in SecurityNewsLast month marks 25 years of operation for the CVE (Common Vulnerabilities and Exposures) program, launched in September 1999. It’s difficult to imagi… First seen on securityboulevard.com Jump to article: securityboulevard.com/2024/10/vulnerability-prioritization-the-magic-8-ball/
-
CISA’s vulnerability management program spotted 250 critical CVEs in 2023
by
in SecurityNewsFirst seen on cybersecuritydive.com Jump to article: www.cybersecuritydive.com/news/cisa-vulnerability-disclosure-platform/728956/
-
Palo Alto Expedition: From N-Day to Full Compromise
by
in SecurityNewsOn July 10, 2024, Palo Alto released a security advisory for CVE-2024-5910, a vulnerability which allowed attackers to remotely reset the Expedition a… First seen on securityboulevard.com Jump to article: securityboulevard.com/2024/10/palo-alto-expedition-from-n-day-to-full-compromise/
-
Microsoft patches two zero-days exploited in the wild (CVE-2024-43573, CVE-2024-43572)
by
in SecurityNewsFor October 2024 Patch Tuesday, Microsoft has released fixes for 117 security vulnerabilities, including two under active exploitation: CVE-2024-43573… First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2024/10/08/cve-2024-43573-cve-2024-43572/
-
Ivanti fixes three CSA zero-days exploited in the wild (CVE-2024-9379, CVE-2024-9380, CVE-2024-9381)
Ivanti has patched three additional Cloud Service Appliance (CSA) zero-day flaws, which have been exploited by attackers in conjuction with a zero-day… First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2024/10/08/cve-2024-9379-cve-2024-9380-cve-2024-9381/
-
Kritik, Gründe und Folgen der CVE-Schwemme im Kernel
by
in SecurityNewsRund 55 pro Woche veröffentlichte Kernel-CVEs stellen auch die Größen der Linux-Branche vor Probleme und nötigen zu mehr Zusammenarbeit und neuen Werk… First seen on heise.de Jump to article: www.heise.de/news/Linux-Kritik-Gruende-und-Folgen-der-CVE-Schwemme-im-Kernel-9963793.html
-
5 CVEs in Microsoft’s October Update to Patch Immediately
by
in SecurityNewsFirst seen on darkreading.com Jump to article: www.darkreading.com/vulnerabilities-threats/5-cves-microsofts-october-2024-update-patch-now
-
Open-Source Scanner Released to Detect CUPS Vulnerability
by
in SecurityNewsA new open-source scanner has been released to detect a critical vulnerability in the Common Unix Printing System (CUPS), explicitly targeting CVE-202… First seen on gbhackers.com Jump to article: gbhackers.com/open-source-scanner-released-to-detect-cups-vulnerability/
-
Qualcomm Addresses DSP Vulnerability CVE-2024-43047, Urges Users to Patch Devices
by
in SecurityNewsQualcomm has released the latest security advisory for multiple vulnerabilities. Among them, a Qualcomm vulnerability, designated as CVE-2024-43047, h… First seen on thecyberexpress.com Jump to article: thecyberexpress.com/qualcomm-vulnerability-cve-2024-43047/
-
19.6K+ Public Zimbra Installations Vulnerable to Code Execution Attacks CVE-2024-45519
by
in SecurityNewsA critical vulnerability in Zimbra’s postjournal service, identified as CVE-2024-45519, has left over 19,600 public Zimbra installations exposed to re… First seen on gbhackers.com Jump to article: gbhackers.com/zimbra-installations-code-execution-attack/
-
Novel Exploit Chain Enables Windows UAC Bypass
Adversaries can exploit CVE-2024-6769 to jump from regular to admin access without triggering UAC, but Microsoft says it’s not really a vulnerability…. First seen on darkreading.com Jump to article: www.darkreading.com/vulnerabilities-threats/exploit-chain-windows-uac-bypass
-
CVE-2024-45519 – Sicherheitslücke in Zimbra wird aktiv ausgenutzt
by
in SecurityNewsFirst seen on security-insider.de Jump to article: www.security-insider.de/cyberangriffe-zimbra-sicherheitsluecke-gefaelschte-gmail-adressen-a-edd309795e6574d3fa23fd1ed4d84c16/
-
Critical Ivanti Endpoint Manager flaw exploited (CVE-2024-29824)
by
in SecurityNewsCVE-2024-29824, an unauthenticated SQL Injection vulnerability in Ivanti Endpoint Manager (EPM) appliances, is being exploited by attackers, the Cyber… First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2024/10/03/cve-2024-29824/
-
Thousands of Adobe Commerce e-stores hacked by exploiting the CosmicSting bug
by
in SecurityNewsOver 4,000 unpatched Adobe Commerce and Magento stores have been compromised by exploiting critical vulnerability CVE-2024-34102. Sansec researchers r… First seen on securityaffairs.com Jump to article: securityaffairs.com/169316/cyber-crime/4000-unpatched-adobe-commerce-and-magento-stores-hacked.html
-
Critical Zimbra Postjournal flaw CVE-2024-45519 actively exploited in the wild. Patch it now!
by
in SecurityNewsThreat actors attempt to exploit recently disclosed vulnerability CVE-2024-45519 in Synacor’s Zimbra Collaboration. Proofpoint cybersecurity researche… First seen on securityaffairs.com Jump to article: securityaffairs.com/169239/hacking/zimbra-postjournal-flaw-cve-2024-45519-exploited.html
-
A quartet of Linux CVEs draws exploit fears among open source community
by
in SecurityNewsFirst seen on cybersecuritydive.com Jump to article: www.cybersecuritydive.com/news/linux-cves-open-source/728310/
-
Remote Code Execution Vulnerability Alert of Unix CUPS Print Service (CVE-2024-47076 / CVE-2024-47175 / CVE-2024-47177)
by
in SecurityNewsOverview Recently, NSFOCUS CERT monitored the disclosure of the details of remote code execution vulnerabilities for Unix CUPS printing service on the… First seen on securityboulevard.com Jump to article: securityboulevard.com/2024/09/remote-code-execution-vulnerability-alert-of-unix-cups-print-service-cve-2024-47076-cve-2024-47175-cve-2024-47177/
-
Sophisticated Cyber Espionage: Earth Baxia Uses CVE-2024-36401 and Cobalt Strike to Infiltrate APAC
by
in SecurityNewsIn a recent report from Trend Micro, the cyber espionage group Earth Baxia has been identified targeting government organizations in Taiwan and potent… First seen on securityonline.info Jump to article: securityonline.info/sophisticated-cyber-espionage-earth-baxia-uses-cve-2024-36401-and-cobalt-strike-to-infiltrate-apac/
-
CVE-2024-43491 Windows 10 Security Vulnerability September 2024
by
in SecurityNewsCritical vulnerability (CVE-2024-43491) in the Microsoft Windows Update process allows attackers to bypass previous security patches, exposing systems… First seen on securityboulevard.com Jump to article: securityboulevard.com/2024/09/cve-2024-43491-windows-10-security-vulnerability-september-2024/
-
CISA catalog falls short on CVEs targeted by Flax Typhoon
by
in SecurityNewsFirst seen on cybersecuritydive.com Jump to article: www.cybersecuritydive.com/news/vulnerabilities-flax-typhoon-botnet/727886/
-
CVE-2024-47076, CVE-2024-47175, CVE-2024-47176, CVE-2024-47177: Frequently Asked Questions About Common UNIX Printing System (CUPS) Vulnerabilities
by
in SecurityNewsFrequently asked questions about multiple vulnerabilities in the Common UNIX Printing System (CUPS) that were disclosed as zero-days on September 26. … First seen on securityboulevard.com Jump to article: securityboulevard.com/2024/09/cve-2024-47076-cve-2024-47175-cve-2024-47176-cve-2024-47177-frequently-asked-questions-about-common-unix-printing-system-cups-vulnerabilities/