Tag: cve
-
How we improved vulnerability prioritization with machine learning
by
in SecurityNewsIt’s easy to find vulnerabilities. It’s harder to prioritize and fix them. So far in 2024, there has been an average of over 110 CVEs disclosed per d… First seen on securityboulevard.com Jump to article: securityboulevard.com/2024/08/how-we-improved-vulnerability-prioritization-with-machine-learning/
-
SolarWinds Web Help Desk CVE scores a 9.8
by
in SecurityNewsSolarWinds urged customers to patch the vulnerability that could allow an attacker to run commands on a host machine, while;CISA added the CVE to its … First seen on cybersecuritydive.com Jump to article: www.cybersecuritydive.com/news/solarwinds-web-help-desk-patch/724482/
-
Nachbetrachtung: Windows und die TCPSchwachstelle CVE-2024-38063
by
in SecurityNewsNoch eine kleine Nachlese vom August 2023 Patchday (Blog-Leser haben angeregt, das mal in einem separaten Beitrag aufzubereiten). Zum 13. August 2024 … First seen on borncity.com Jump to article: www.borncity.com/blog/2024/08/16/nachbetrachtung-windows-und-die-tcp-ip-schwachstelle-cve-2024-38063/
-
0-day in Windows driver exploited by North Korean hackers to deliver rootkit (CVE-2024-38193)
by
in SecurityNewsCVE-2024-38193, an actively exploited zero-day that Microsoft patched earlier this month, has been leveraged by North Korean hackers to install a root… First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2024/08/20/0-day-in-windows-driver-exploited-by-north-korean-hackers-to-deliver-rootkit-cve-2024-38193/
-
Experts warn of exploit attempt for Ivanti vTM bug
by
in SecurityNewsResearchers at the Shadowserver Foundation observed an exploit attempt based on the public PoC for Ivanti vTM bug CVE-2024-7593. Researchers at the Sh… First seen on securityaffairs.com Jump to article: securityaffairs.com/167250/hacking/exploit-attempt-ivanti-vtm-bug.html
-
Microsoft Zero-Day CVE-2024-38193 was exploited by North Korea-linked Lazarus APT
by
in SecurityNewsMicrosoft addressed a zero-day vulnerability actively exploited by the North-Korea-linked Lazarus APT group. Microsoft has addressed a zero-day vulner… First seen on securityaffairs.com Jump to article: securityaffairs.com/167246/apt/microsoft-zero-day-cve-2024-38193-lazarus.html
-
Windows Zero-Day Attack Linked to North Korea’s Lazarus APT
by
in SecurityNewsThe vulnerability, tracked as CVE-2024-38193 and marked as ‘actively exploited’ by Microsoft, allows SYSTEM privileges on the latest Windows operating… First seen on securityweek.com Jump to article: www.securityweek.com/windows-zero-day-attack-linked-to-north-koreas-lazarus-apt/
-
Unauthenticated RCE in WordPress Plugin Exposes 100,000 WordPress Sites
by
in SecurityNewsA critical vulnerability has been discovered in the GiveWP plugin, a popular WordPress donation and fundraising platform. This vulnerability, CVE-2024… First seen on gbhackers.com Jump to article: gbhackers.com/unauthenticated-rce-in-wordpress-plugin/
-
Linux Kernal Vulnerability Let Attackers Bypass CPU Gain Read/Write Access
by
in SecurityNewsResearchers have uncovered a critical vulnerability within the Linux kernel’sdmam_free_coherent()function. This flaw, identified as CVE-2024-43856, st… First seen on gbhackers.com Jump to article: gbhackers.com/linux-kernal-vulnerability/
-
In Other News: 400 CNAs, Crash Reports, Schlatter Cyberattack
by
in SecurityNewsNoteworthy stories that might have slipped under the radar: there are 400 CVE Numbering Authorities, crash reports can be a valuable source of informa… First seen on securityweek.com Jump to article: www.securityweek.com/in-other-news-400-cnas-crash-reports-schlatter-cyberattack/
-
CVE-2024-7646: Ingress-NGINX Annotation Validation Bypass A Deep Dive
by
in SecurityNews
Tags: cveFirst seen on securityboulevard.com Jump to article: securityboulevard.com/2024/08/cve-2024-7646-ingress-nginx-annotation-validation-bypass-a-deep-dive/
-
Microsoft Windows CVE triggers blue screen of death, researchers find
by
in SecurityNewsFirst seen on cybersecuritydive.com Jump to article: www.cybersecuritydive.com/news/vulnerability-microsoft-windows-blue-screen/724085/
-
Copy2Pwn Zero-Day Exploited to Bypass Windows Protections
by
in SecurityNewsZDI details a zero-day named Copy2Pwn and tracked as CVE-2024-38213, which cybercriminals exploited to bypass MotW protections in Windows. The post Co… First seen on securityweek.com Jump to article: www.securityweek.com/copy2pwn-zero-day-exploited-to-bypass-windows-protections/
-
CVE-2024-21412 Used in DarkGate Malware Campaigns
A DarkGate malware campaign observed in mid-January 2024 has highlighted the exploitation of a recently patched security flaw in Microsoft Windows as … First seen on sensorstechforum.com Jump to article: sensorstechforum.com/cve-2024-21412-darkgate-malware/
-
GhostScript-Schwachstelle CVE-2024-29510 wird angegriffen
by
in SecurityNewsNoch ein Nachtrag in Sachen Sicherheit. Anfang Juli 2024 gab es in der openwall-Mailing-Liste Hinweise zu Schwachstellen im GhostScript-Interpreter (v… First seen on borncity.com Jump to article: www.borncity.com/blog/2024/08/12/ghostscript-schwachstelle-cve-2024-29510-wird-angegriffen/
-
Warnung vor Microsoft Office Spoofing-Schwachstelle CVE-2024-38200
by
in SecurityNewsMicrosoft hat zum 8. August 2024 (mit Update vom 10. August 2024) eine Warnung von einer ungepatchten Spoofing-Schwachstelle CVE-2024-38200 veröffentl… First seen on borncity.com Jump to article: www.borncity.com/blog/2024/08/12/warnung-vor-microsoft-office-spoofing-schwachstelle-cve-2024-38200/
-
CVE-2024-38063: An In-Depth Look at the Critical Remote Code Execution Vulnerability
by
in SecurityNewsIn a recent security advisory, Microsoft disclosed a high-severity vulnerability identified as CVE-2024-38063. This critical Remote Code Execution (RC… First seen on securityboulevard.com Jump to article: securityboulevard.com/2024/08/cve-2024-38063-an-in-depth-look-at-the-critical-remote-code-execution-vulnerability/
-
A Deep Dive Into CVE-2023-2163: How Google Found And Fixed An eBPF Linux Kernel Vulnerability
by
in SecurityNewsFirst seen on packetstormsecurity.com Jump to article: packetstormsecurity.com/news/view/36196/A-Deep-Dive-Into-CVE-2023-2163-How-Google-Found-And-Fixed-An-eBPF-Linux-Kernel-Vulnerability.html
-
PostgreSQL Vulnerability Allows Hackers To Execute Arbitrary SQL Functions
by
in SecurityNewsA critical vulnerability identified as CVE-2024-7348 has been discovered in PostgreSQL, enabling attackers to execute arbitrary SQL functions. This vu… First seen on gbhackers.com Jump to article: gbhackers.com/postgresql-vulnerability-hackers-execute-arbitrary-sql-functions/
-
Hackers Exploiting WinRAR Flaw To Attacks Windows Linux(ESXi) Machines
Head Mare, a hacktivist group targeting Russia and Belarus, leverages phishing campaigns distributing WinRAR archives to exploit CVE-2023-38831 for in… First seen on gbhackers.com Jump to article: gbhackers.com/hackers-exploiting-winrar-flaw-2/
-
Windows Server durch PoC-Exploit für CVE-2024-38077 gefährdet
by
in SecurityNewsNochmals ein Nachgang zum Juli 2024-Patchday, bei dem Microsoft die Schwachstelle CVE-2024-38077 in Windows Server geschlossen hat. Es handelt sich um… First seen on borncity.com Jump to article: www.borncity.com/blog/2024/08/09/windows-server-durch-poc-exploit-fr-cve-2024-38077-gefhrdet/
-
Rockwell PLC Security Bypass Threatens Manufacturing Processes
by
in SecurityNewsA security vulnerability in Rockwell Automation’s ControlLogix 1756 programmable logic controllers, tracked as CVE-2024-6242, could allow tampering wi… First seen on darkreading.com Jump to article: www.darkreading.com/ics-ot-security/rockwell-plc-security-bypass-threatens-manufacturing-processes
-
Critical OpenSSH Vulnerability in FreeBSD Allows Remote Root Access
by
in SecurityNewsA newly discovered OpenSSH vulnerability in FreeBSD systems has been reported. This critical flaw, identified as CVE-2024-7589, could allow attackers … First seen on thecyberexpress.com Jump to article: thecyberexpress.com/openssh-vulnerability-in-freebsd/
-
CVE-2024-38856: Pre-Auth RCE Vulnerability in Apache OFBiz
by
in SecurityNewsIntroductionOn August 5, 2024, researchers at SonicWall discovered a zero-day security flaw in Apache OFBiz tracked as CVE-2024-38856. The vulnerabili… First seen on securityboulevard.com Jump to article: securityboulevard.com/2024/08/cve-2024-38856-pre-auth-rce-vulnerability-in-apache-ofbiz/
-
Critical 1Password flaws may allow hackers to snatch your passwords (CVE-2024-42219, CVE-2024-42218)
by
in SecurityNewsTwo vulnerabilities (CVE-2024-42219, CVE-2024-42218) affecting the macOS version of the popular 1Password password manager could allow malware to stea… First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2024/08/09/cve-2024-42219-cve-2024-42218/
-
Critical Apache OfBiz Vulnerability Allows Preauth RCE
by
in SecurityNewsThe enterprise resource planning platform bug CVE-2024-38856 has a vulnerability-severity score of 9.8 out of 10 on the CVSS scale and offers a wide a… First seen on darkreading.com Jump to article: www.darkreading.com/application-security/critical-apache-ofbiz-vulnerability-allows-preauth-rce
-
Updates schützen vor Cyberattacken – Kritische Schwachstelle CVE-2023-45249 in Acronis Cyber Infrastructure
by
in SecurityNewsFirst seen on security-insider.de Jump to article: www.security-insider.de/kritische-schwachstelle-acronis-cyber-infrastructure-update-a-868a4c1f152e0a578c7597c9efb880c1/
-
CVEs Surge 30% in 2024, Only 0.91% Weaponized
by
in SecurityNews
Tags: cveFirst seen on infosecurity-magazine.com Jump to article: www.infosecurity-magazine.com/news/cves-surge-30-2024/
-
Google warns of an actively exploited Android kernel flaw
by
in SecurityNewsGoogle addressed an actively exploited high-severity vulnerability, tracked as CVE-2024-36971, impacting the Android kernel. Google fixed a high-sever… First seen on securityaffairs.com Jump to article: securityaffairs.com/166656/breaking-news/google-actively-exploited-android-kernel-flaw.html