Tag: cve
-
Apache Makes Another Attempt at Patching Exploited RCE in OFBiz
by
in SecurityNewsThe latest Apache OFBiz update patches CVE-2024-45195, a bypass of a recently disclosed remote code execution bug exploited in attacks. The post Apach… First seen on securityweek.com Jump to article: www.securityweek.com/apache-makes-another-attempt-at-patching-exploited-rce-in-ofbiz/
-
SonicWall warns that SonicOS bug exploited in attacks
by
in SecurityNewsRecently fixed access control SonicOS vulnerability, tracked as CVE-2024-40766, is potentially exploited in attacks in the wild, SonicWall warns. Soni… First seen on securityaffairs.com Jump to article: securityaffairs.com/168112/hacking/sonicwall-sonicos-bug-exploited.html
-
Schwachstelle CVE-2024-37079 – So nutzen Hacker VMware vCenter für gefährliche Angriffe
by
in SecurityNewsFirst seen on security-insider.de Jump to article: www.security-insider.de/vmware-vcenter-schwachstelle-cve-2024-37079-patch-a-c2f3b8a9e2742bb828d4de7cd9e2a454/
-
Google fixed actively exploited Android flaw CVE-2024-32896
by
in SecurityNewsGoogle addressed a security vulnerability in its Android operating system that is actively exploited in attacks in the wild. Google addressed a high-s… First seen on securityaffairs.com Jump to article: securityaffairs.com/168047/mobile-2/google-fixed-actively-exploited-android-flaw-cve-2024-32896.html
-
Attackers Exploit Critical Atlassian Confluence Flaw for Cryptojacking
by
in SecurityNewsNovel attack vectors leverage the CVE-2023-22527 RCE flaw discovered in January, which is still under active attack, to turn targeted cloud environmen… First seen on darkreading.com Jump to article: www.darkreading.com/threat-intelligence/attackers-exploit-critical-atlassian-confluence-flaw-for-cryptojacking
-
Google Warns of CVE-2024-7965 Chrome Security Flaw Under Active Exploitation
Google has revealed that a security flaw that was patched as part of a software update rolled out last week to its Chrome browser has come under activ… First seen on thehackernews.com Jump to article: thehackernews.com/2024/08/google-warns-of-cve-2024-7965-chrome.html
-
China’s Volt Typhoon Exploits Zero-Day in Versa’s SD-WAN Director Servers
by
in SecurityNewsSo far, the threat actor has compromised at least five organizations using CVE-2024-39717; CISA has added bug to its Known Exploited Vulnerability dat… First seen on darkreading.com Jump to article: www.darkreading.com/cyberattacks-data-breaches/china-s-volt-typhoon-actively-exploiting-now-patched-0-day-in-versa-director-servers
-
Google backports fix for Pixel EoP flaw to other Android devices
by
in SecurityNewsGoogle has released the September 2024 Android security updates to fix 34 vulnerabilities, including CVE-2024-32896, an actively exploited elevation o… First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/google-backports-fix-for-pixel-eop-flaw-to-other-android-devices/
-
Google Patches Actively Exploited Android 0-day Privilege Escalation Vulnerability
by
in SecurityNewsGoogle has released a patch addressing a critical zero-day vulnerability that has been actively exploited. This vulnerability, CVE-2024-32896, is a pr… First seen on gbhackers.com Jump to article: gbhackers.com/google-patchesandroid-0-day-vulnerability/
-
CVE-2024-7971: North Korean APT Citrine Sleet Exploits Chromium Zero-Day
by
in SecurityNewsIn a recent cybersecurity report, Microsoft Threat Intelligence has revealed that a North Korean threat actor, believed to be Citrine Sleet, has been … First seen on securityonline.info Jump to article: securityonline.info/cve-2024-7971-north-korean-apt-citrine-sleet-exploits-chromium-zero-day/
-
Patch Now: Second SolarWinds Critical Bug in Web Help Desk
by
in SecurityNewsThe disclosure of CVE-2024-28987 means that, in two weeks, there have been two critical bugs and corresponding patches for SolarWinds’ less-often-disc… First seen on darkreading.com Jump to article: www.darkreading.com/remote-workforce/patch-now-second-solarwinds-critical-bug-in-web-help-desk
-
Microsoft Says North Korean Cryptocurrency Thieves Behind Chrome Zero-Day
by
in SecurityNewsRedmond’s threat intel team said exploitation of CVE-2024-7971 can be attributed to a North Korean APT targeting the cryptocurrency sector for financi… First seen on securityweek.com Jump to article: www.securityweek.com/microsoft-says-north-korean-cryptocurrency-thieves-behind-chrome-zero-day/
-
North Korea-linked APT Citrine Sleet exploit Chrome zero-day to deliver FudModule rootkit
by
in SecurityNewsNorth Korea-linked APT exploited the recently patched Google Chrome zero-day CVE-2024-7971 to deploy the FudModule rootkit. North Korea-linked group C… First seen on securityaffairs.com Jump to article: securityaffairs.com/167848/breaking-news/north-korea-linked-apt-exploited-chrome-zero-day-cve-2024-7971.html
-
Huntress is Now a CVE Numbering Authority
by
in SecurityNews
Tags: cveFirst seen on scmagazine.com Jump to article: www.scmagazine.com/native/huntress-is-now-a-cve-numbering-authority
-
Top 5 CVEs and Vulnerabilities of August 2024: Key Threats and How to Respond
by
in SecurityNewsAugust has seen some of the most eye-opening vulnerabilities surface, catching the attention of security experts across the globe. These aren’t just n… First seen on securityboulevard.com Jump to article: securityboulevard.com/2024/09/top-5-cves-and-vulnerabilities-of-august-2024-key-threats-and-how-to-respond/
-
BlackByte Ransomware Group Exploits VMware CVE-2024-37085 Flaw, Shifts Tactics
by
in SecurityNewsThe BlackByte ransomware group has re-emerged with an unsettling surge in activity and a refined set of tactics, techniques, and procedures (TTPs) tha… First seen on securityonline.info Jump to article: securityonline.info/blackbyte-ransomware-group-exploits-vmware-cve-2024-37085-flaw-shifts-tactics/
-
Huntress is now a CVE Numbering Authority. But What Does That Mean?
by
in SecurityNews
Tags: cveFirst seen on scmagazine.com Jump to article: www.scmagazine.com/native/huntress-is-now-a-cve-numbering-authority-but-what-does-that-mean
-
BlackByte Ransomware group targets recently patched VMware ESXi flaw CVE-2024-37085
by
in SecurityNewsBlackByte ransomware operators are exploiting a recently patched VMware ESXi hypervisors vulnerability in recent attacks. Cisco Talos observed the Bla… First seen on securityaffairs.com Jump to article: securityaffairs.com/167695/malware/blackbyte-ransomware-vmware-esxi-flaw.html
-
Critical Apache OFBiz Vulnerability CVE-2024-38856 Identified and Actively Exploited
by
in SecurityNewsThe U.S. Cybersecurity and Infrastructure Security Agency (CISA) has flagged a security vulnerability affecting Apache OFBiz, the open-source enterpri… First seen on thecyberexpress.com Jump to article: thecyberexpress.com/cisa-flags-cve-2024-38856-vulnerability/
-
Recent Critical Vulnerabilities: August 2024 CVE Roundup
by
in SecurityNewsProtecting Organizations with Up-to-Date CVE Awareness Reports from the National Institute of Standards and Technology (NIST) through its National Vu… First seen on securityboulevard.com Jump to article: securityboulevard.com/2024/08/recent-critical-vulnerabilities-august-2024-cve-roundup/
-
China’s Volt Typhoon Exploits 0-day in Versa’s SD-WAN Director Servers
by
in SecurityNewsSo far, the threat actor has compromised at least five organizations using CVE-2024-39717; CISA has added bug to its Known Exploited Vulnerability dat… First seen on darkreading.com Jump to article: www.darkreading.com/cyberattacks-data-breaches/china-s-volt-typhoon-actively-exploiting-now-patched-0-day-in-versa-director-servers
-
0-day-Schwachstelle CVE-2024-38193 wurde durch Lazarus angegriffen
by
in SecurityNewsZum 13. August 2024 hat Microsoft die 0-day-Schwachstelle CVE-2024-38193 im Treiber afd.sys mit einem Sicherheitsupdate geschlossen. Dort hieß es vage… First seen on borncity.com Jump to article: www.borncity.com/blog/2024/08/20/windows-0-day-schwachstelle-cve-2024-38193-wurde-durch-lazarus-angegriffen/
-
Critical Chrome Zero-Day Vulnerability (CVE-2024-7965) Requires Immediate User Action
by
in SecurityNewsGoogle recently addressed a critical zero-day vulnerability in its Chrome browser, identified as CVE-2024-7965. This high-severity flaw, affecting ver… First seen on thecyberexpress.com Jump to article: thecyberexpress.com/google-fixes-chrome-zero-day-vulnerability/
-
Progress Kemp LoadMaster (Load-Balancer) wegen CVE-2024-7591 aktualisieren
by
in SecurityNews
Tags: cveKurzer Hinweis für Administratoren, die den Load-Balancer LoadMaster von Progress Kemp verwenden. Der Anbieter hat im August 2024 eine Warnung vor ein… First seen on borncity.com Jump to article: www.borncity.com/blog/2024/08/20/progress-kemp-loadmaster-load-balancer-aktualisieren/
-
New Chrome zero-day actively exploited, patch quickly! (CVE-2024-7971)
by
in SecurityNewsA new Chrome zero-day vulnerability (CVE-2024-7971) exploited by attackers in the wild has been fixed by Google. About CVE-2024-7971 CVE-2024-7971 is … First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2024/08/22/cve-2024-7971/
-
Unseen Msupedge Malware Exploits PHP Flaw CVE-2024-4577 in Taiwanese University Cyberattack
by
in SecurityNewsA new and sophisticated backdoor, dubbed Backdoor.Msupedge, has been identified in a recent cyberattack targeting a university in Taiwan. Symantec’s s… First seen on securityonline.info Jump to article: securityonline.info/unseen-msupedge-malware-exploits-php-flaw-cve-2024-4577-in-taiwanese-university-cyberattack/
-
CVE-2024-38178 Vulnerability within Microsoft Edge
by
in SecurityNewsHigh threat level vulnerability CVE-2024-38178 discovered on Microsoft Edge browser : OFFICIAL CVE-2024-38178 PATCHING INFORMATION : A recent discover… First seen on securityboulevard.com Jump to article: securityboulevard.com/2024/08/cve-2024-38178-vulnerability-within-microsoft-edge/
-
Lazarus Group Exploits Microsoft Zero-Days CVE-2024-38193, Patch Urgently
by
in SecurityNewsLast week, Microsoft addressed multiple high-severity security vulnerabilities in its security updates, some of which have already been exploited by h… First seen on securityonline.info Jump to article: securityonline.info/lazarus-group-exploits-microsoft-zero-days-cve-2024-38193-patch-urgently/
-
How we improved vulnerability prioritization with machine learning
by
in SecurityNewsIt’s easy to find vulnerabilities. It’s harder to prioritize and fix them. So far in 2024, there has been an average of over 110 CVEs disclosed per d… First seen on securityboulevard.com Jump to article: securityboulevard.com/2024/08/how-we-improved-vulnerability-prioritization-with-machine-learning/