Tag: cve
-
How to manage the rising tide of CVEs
by
in SecurityNews
Tags: cveFirst seen on cybersecuritydive.com Jump to article: www.cybersecuritydive.com/news/cyber-security-vulnerability-management-CVE/726710/
-
Kritische Schwachstelle CVE-2024-40766 – CVSS 9.3 Firewalls von Sonicwall in Gefahr
by
in SecurityNewsFirst seen on security-insider.de Jump to article: www.security-insider.de/sonicwall-firewalls-angriffe-schutzmassnahmen-cve-2024-40766-a-fb6be1e1993f9f52f8ca402442ac8faf/
-
Ivanti Cloud Service Appliance flaw is being actively exploited in the wild
Ivanti warned that recently patched flaw CVE-2024-8190 in Cloud Service Appliance (CSA) is being actively exploited in the wild. Ivanti warned that a … First seen on securityaffairs.com Jump to article: securityaffairs.com/168388/hacking/ivanti-csa-cve-2024-8190.html
-
CVE-2024-8190: Investigating CISA KEV Ivanti Cloud Service Appliance Command Injection Vulnerability
by
in SecurityNewsOn September 10, 2024, Ivanti released a security advisory for a command injection vulnerability for it’s Cloud Service Appliance (CSA) product. Initi… First seen on securityboulevard.com Jump to article: securityboulevard.com/2024/09/cve-2024-8190-investigating-cisa-kev-ivanti-cloud-service-appliance-command-injection-vulnerability/
-
Ivanti CSA Vulnerability Exploited in Attacks Days After DIsclosure
by
in SecurityNewsThe Ivanti Cloud Service Appliance vulnerability CVE-2024-8190 has been exploited in the wild, with attacks starting just days after disclosure. The p… First seen on securityweek.com Jump to article: www.securityweek.com/ivanti-csa-vulnerability-exploited-in-attacks-days-after-disclosure/
-
SonicWall firewall CVE exploits linked to ransomware attacks
by
in SecurityNewsFirst seen on cybersecuritydive.com Jump to article: www.cybersecuritydive.com/news/sonicwall-firewall-exploits/726579/
-
CVE-2024-28986 SolarWinds Web Help Desk Security Vulnerability August 2024
by
in SecurityNewsA critical vulnerability (CVE-2024-28986) in SolarWinds Web Help Desk puts systems at risk of exploitation, requiring immediate attention. Affected Pl… First seen on securityboulevard.com Jump to article: securityboulevard.com/2024/09/cve-2024-28986-solarwinds-web-help-desk-security-vulnerability-august-2024/
-
Hackers Exploiting Apache OFBiz RCE Vulnerability in the Wild
by
in SecurityNewsA critical vulnerability in the Apache OFBiz framework has been actively exploited by hackers. The flaw designated CVE-2024-45195, allows for unauthen… First seen on gbhackers.com Jump to article: gbhackers.com/apache-ofbiz-rce-vulnerability/
-
Beware Of Weaponized Excel Document That Delivers Fileless Remcos RAT
A recent advanced malware campaign leverages a phishing attack to deliver a seemingly benign Excel file that exploits CVE-2017-0199. By exploiting thi… First seen on gbhackers.com Jump to article: gbhackers.com/weaponized-excel-fileless-remcos-rat/
-
CVE-2024-29847 Deep Dive: Ivanti Endpoint Manager AgentPortal Deserialization of Untrusted Data Remote Code Execution Vulnerability
by
in SecurityNewsIntroduction Ivanti Endpoint Manager (EPM) is an enterprise endpoint management solution that allows for centralized management of devices within an o… First seen on securityboulevard.com Jump to article: securityboulevard.com/2024/09/cve-2024-29847-deep-dive-ivanti-endpoint-manager-agentportal-deserialization-of-untrusted-data-remote-code-execution-vulnerability/
-
Feds warn of broad Russia-linked CVE exploits targeting critical infrastructure
by
in SecurityNewsAttackers operating under the direction of Russia’s military intelligence service are targeting governments, finance, transportation, energy and healt… First seen on cybersecuritydive.com Jump to article: www.cybersecuritydive.com/news/russia-targets-global-critical-infrastructure/726327/
-
Hackers Exploiting Progress WhatsUp RCE Vulnerability In The Wild
by
in SecurityNewsRCE attacks on WhatsUp Gold exploited the Active Monitor PowerShell Script to execute malicious code, as the vulnerabilities CVE-2024-6670 and CVE-202… First seen on gbhackers.com Jump to article: gbhackers.com/whatsup-rce-vulnerability-exploit/
-
Schwachstelle CVE-2024-39717 wird ausgenutzt – Gefährliche Datei-Uploads bedrohen Versa Director
by
in SecurityNewsFirst seen on security-insider.de Jump to article: www.security-insider.de/versa-networks-schwachstelle-versa-director-a-c4c369ac554adaf5970fc00f91561125/
-
Siemens Industrial Edge Management Vulnerable to Authorization Bypass Attacks
by
in SecurityNewsSiemens ProductCERT has disclosed a critical vulnerability in its Industrial Edge Management systems. The vulnerability, identified as CVE-2024-45032,… First seen on gbhackers.com Jump to article: gbhackers.com/siemens-vulnerable-bypass-attacks/
-
Imperva Protects Against Critical Apache OFBiz Vulnerability (CVE-2024-45195)
by
in SecurityNewsRecently, a critical vulnerability in the widely used Apache OFBiz framework was disclosed, designated CVE-2024-45195. This vulnerability allows for u… First seen on securityboulevard.com Jump to article: securityboulevard.com/2024/09/imperva-protects-against-critical-apache-ofbiz-vulnerability-cve-2024-45195/
-
Microsoft fixes 4 exploited zero-days and a code defect that nixed earlier security fixes
September 2024 Patch Tuesday is here and Microsoft has delivered 79 fixes, including those for a handful of zero-days (CVE-2024-38217, CVE-2024-38226,… First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2024/09/10/cve-2024-38217-cve-2024-43491/
-
CISA confirms that SonicWall vulnerability is getting exploited (CVE-2024-40766)
by
in SecurityNewsThe US Cybersecurity and Infrastructure Security Agency (CISA) has added CVE-2024-40766 a recently fixed improper access control vulnerability affecti… First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2024/09/10/cve-2024-40766-exploited/
-
Don’t Delay: Patch LoadMaster Now to Avoid Exploitation
by
in SecurityNewsA security vulnerability, identified as CVE-2024-7591, has been disclosed affecting all versions of LoadMaster and the LoadMaster Multi-Tenant (MT) hy… First seen on thecyberexpress.com Jump to article: thecyberexpress.com/loadmaster-vulnerability-cve-2024-7591/
-
Multiple malware families delivered exploiting GeoServer GeoTools flaw CVE-2024-36401
Multiple threat actors actively exploited the recently disclosed OSGeo GeoServer GeoTools flaw CVE-2024-36401 in malware-based campaigns. Researchers … First seen on securityaffairs.com Jump to article: securityaffairs.com/168197/malware/geoserver-geotools-flaw-cve-2024-36401-malware.html
-
Veeam Backup Replication RCE flaw may soon be leveraged by ransomware gangs (CVE-2024-40711)
by
in SecurityNewsCVE-2024-40711, a critical vulnerability affecting Veeam Backup Replication (VBR), could soon be exploited by attackers to steal enterprise data. Disc… First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2024/09/09/cve-2024-40711-exploited/
-
2024 seeing more CVEs than ever before, but few are weaponised
by
in SecurityNewsThe number of disclosed CVEs soared by 30% in the first seven-and-a-half months of the year, but a tiny fraction of these have been exploited by threa… First seen on computerweekly.com Jump to article: www.computerweekly.com/news/366600424/2024-seeing-more-CVEs-than-ever-before-but-few-are-weaponised
-
Veeam warnt vor kritischer RCE-Schwachstelle CVE-2024-4071 in Backup Replication
by
in SecurityNewsDer Softwarehersteller Veeam warnt vor kritischer RCE-Schwachstelle in Backup & Replication. Blog-Leser j. hatte gestern im Diskussionsbereich auf… First seen on borncity.com Jump to article: www.borncity.com/blog/2024/09/06/veeam-warnt-vor-kritischer-rce-schwachstelle-cve-2024-4071-in-backup-replication/
-
Critical SonicWall Vulnerability Possibly Exploited in Ransomware Attacks
by
in SecurityNewsA recently patched SonicWall vulnerability tracked as CVE-2024-40766 may have been exploited in ransomware attacks. The post Critical SonicWall Vulner… First seen on securityweek.com Jump to article: www.securityweek.com/critical-sonicwall-vulnerability-possibly-exploited-in-ransomware-attacks/
-
Recent SonicWall Firewall Vulnerability Potentially Exploited in the Wild
by
in SecurityNewsSonicWall is warning customers that the recently patched critical vulnerability CVE-2024-40766 may be exploited in the wild. The post Recent SonicWall… First seen on securityweek.com Jump to article: www.securityweek.com/recent-sonicwall-firewall-vulnerability-potentially-exploited-in-the-wild/
-
SonicWall Access Control Vulnerability Exploited in the Wild
by
in SecurityNewsSonicWall has issued an urgent advisory regarding a critical vulnerability in its SonicOS management access and SSLVPN. The flaw, identified as CVE-20… First seen on gbhackers.com Jump to article: gbhackers.com/sonicwall-access-control-vulnerability/
-
SonicWall SSLVPN access control flaw is now exploited in attacks
SonicWall is warning that a recently fixed access control flaw tracked as CVE-2024-40766 in SonicOS is now potentially exploited in attacks, urging ad… First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/sonicwall-sslvpn-access-control-flaw-is-now-exploited-in-attacks/
-
Apache Makes Another Attempt at Patching Exploited RCE in OFBiz
by
in SecurityNewsThe latest Apache OFBiz update patches CVE-2024-45195, a bypass of a recently disclosed remote code execution bug exploited in attacks. The post Apach… First seen on securityweek.com Jump to article: www.securityweek.com/apache-makes-another-attempt-at-patching-exploited-rce-in-ofbiz/
-
SonicWall warns that SonicOS bug exploited in attacks
by
in SecurityNewsRecently fixed access control SonicOS vulnerability, tracked as CVE-2024-40766, is potentially exploited in attacks in the wild, SonicWall warns. Soni… First seen on securityaffairs.com Jump to article: securityaffairs.com/168112/hacking/sonicwall-sonicos-bug-exploited.html
-
Schwachstelle CVE-2024-37079 – So nutzen Hacker VMware vCenter für gefährliche Angriffe
by
in SecurityNewsFirst seen on security-insider.de Jump to article: www.security-insider.de/vmware-vcenter-schwachstelle-cve-2024-37079-patch-a-c2f3b8a9e2742bb828d4de7cd9e2a454/
-
Google fixed actively exploited Android flaw CVE-2024-32896
by
in SecurityNewsGoogle addressed a security vulnerability in its Android operating system that is actively exploited in attacks in the wild. Google addressed a high-s… First seen on securityaffairs.com Jump to article: securityaffairs.com/168047/mobile-2/google-fixed-actively-exploited-android-flaw-cve-2024-32896.html