Tag: cve
-
CVEs Surge 30% in 2024, Only 0.91% Weaponized
by
in SecurityNews
Tags: cveFirst seen on infosecurity-magazine.com Jump to article: www.infosecurity-magazine.com/news/cves-surge-30-2024/
-
Google warns of an actively exploited Android kernel flaw
by
in SecurityNewsGoogle addressed an actively exploited high-severity vulnerability, tracked as CVE-2024-36971, impacting the Android kernel. Google fixed a high-sever… First seen on securityaffairs.com Jump to article: securityaffairs.com/166656/breaking-news/google-actively-exploited-android-kernel-flaw.html
-
Check Point sheds light on Windows MSHTML zero-day flaw
by
in SecurityNewsA Check Point Software Technologies researcher who discovered CVE-2024-38112 said the Windows spoofing vulnerability may have been exploited as far ba… First seen on techtarget.com Jump to article: www.techtarget.com/searchsecurity/news/366593234/Check-Point-sheds-light-on-Windows-MSHTML-zero-day-flaw
-
Exploitable Storage and Backup Vulnerabilities: A Growing Threat to Enterprise Security
by
in SecurityNewsOn July 29, a critical vulnerability in Acronis Cyber Infrastructure (ACI), tracked as CVE-2023-45249, was highlighted by CISA as being actively explo… First seen on securityboulevard.com Jump to article: securityboulevard.com/2024/08/exploitable-storage-and-backup-vulnerabilities-a-growing-threat-to-enterprise-security/
-
Roundcube flaws allow easy email account compromise (CVE-2024-42009, CVE-2024-42008)
by
in SecurityNewsTwo cross-site scripting vulnerabilities (CVE-2024-42009, CVE-2024-42008) affecting Roundcube could be exploited by attackers to steal users’ emails a… First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2024/08/07/cve-2024-42009-cve-2024-42008/
-
Critical Apache OFBiz pre-auth RCE flaw fixed, update ASAP! (CVE-2024-38856)
by
in SecurityNewsCVE-2024-38856, an incorrect authorization vulnerability affecting all but the latest version of Apache OFBiz, may be exploited by remote, unauthentic… First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2024/08/05/cve-2024-38856/
-
Security Bypass Vulnerability Found in Rockwell Automation Logix Controllers
by
in SecurityNewsA high-severity security bypass vulnerability tracked as CVE-2024-6242 has been found and fixed in Rockwell Automation Logix controllers. The post Sec… First seen on securityweek.com Jump to article: www.securityweek.com/security-bypass-vulnerability-found-in-rockwell-automation-logix-controllers/
-
Leaked Wallpaper Vulnerability Exposes Windows Users to Privilege Escalation Attacks
by
in SecurityNewsA newly discovered vulnerability in Windows File Explorer has raised alarms within the cybersecurity community. Identified as CVE-2024-38100, this sec… First seen on gbhackers.com Jump to article: gbhackers.com/leaked-wallpaper-vulnerability-exposes-windows/
-
Hackers Actively Exploiting WordPress Plugin Arbitrary File Upload Vulnerability
by
in SecurityNewsHackers have been actively exploiting a critical vulnerability in the WordPress plugin 简数采集器 (Keydatas). The vulnerability, CVE-2024-6220, a… First seen on gbhackers.com Jump to article: gbhackers.com/exploiting-wordpress-plugin/
-
Bitdefender Flaw Let Attackers Trigger Server-Side Request Forgery Attacks
by
in SecurityNewsA recently discovered vulnerability in Bitdefender’s GravityZone Update Server has raised significant security concerns. Identified as CVE-2024-6980, … First seen on gbhackers.com Jump to article: gbhackers.com/bitdefender-flaw-let-attackers/
-
Over 20,000 internet-exposed VMware ESXi instances vulnerable to CVE-2024-37085
by
in SecurityNewsShadowserver researchers reported that over 20,000 internet-exposed VMware ESXi instances are affected by the actively exploited flaw CVE-2024-37085. … First seen on securityaffairs.com Jump to article: securityaffairs.com/166432/hacking/vmware-esxi-cve-2024-37085-vulnerable-instances.html
-
Security Bypass Vulnerability Exposed in Rockwell Automation Logix Controllers
by
in SecurityNewsA security flaw in Rockwell Automation’s Logix controllers has been highlighted. This security bypass vulnerability, identified as CVE-2024-6242, affe… First seen on thecyberexpress.com Jump to article: thecyberexpress.com/security-bypass-vulnerability-in-rockwell/
-
Critical OpenSSH vulnerability could affect millions of servers
by
in SecurityNewsExploitation against CVE-2024-6387, which Qualys nicknamed ‘regreSSHion,’ could let attackers bypass security measures and gain root access to vulnera… First seen on techtarget.com Jump to article: www.techtarget.com/searchsecurity/news/366592376/Critical-OpenSSH-vulnerability-could-affect-millions-of-servers
-
Recent Vulnerabilities in Cybersecurity: July 2024 CVE Roundup
by
in SecurityNewsRecent cybersecurity vulnerabilities reported on the National Institute of Standards and Technology (NIST)’s National Vulnerability Database pose sign… First seen on securityboulevard.com Jump to article: securityboulevard.com/2024/08/recent-vulnerabilities-in-cybersecurity-july-2024-cve-roundup/
-
CVE-2024-37085: VMware ESXi Vulnerability Exploited by Ransomware Gangs
by
in SecurityNewsMicrosoft Threat Intelligence has disclosed a vulnerability (CVE-2024-37085) in VMware ESXi hypervisors, which is being actively exploited in the wild… First seen on securityonline.info Jump to article: securityonline.info/cve-2024-37085-vmware-esxi-vulnerability-exploited-by-ransomware-gangs/
-
Ransomware gangs exploit recently patched VMware ESXi bug CVE-2024-37085
by
in SecurityNewsMicrosoft warns that ransomware gangs are exploiting the recently patched CVE-2024-37085 flaw in VMware ESXi flaw. Microsoft researchers warned that m… First seen on securityaffairs.com Jump to article: securityaffairs.com/166295/cyber-crime/ransomware-gangs-exploit-cve-2024-37085-vmware-esxi.html
-
VMware ESXi auth bypass zero-day exploited by ransomware operators (CVE-2024-37085)
by
in SecurityNewsRansomware operators have been leveraging CVE-2024-37085, an authentication bypass vulnerability affecting Active Directory domain-joined VMware ESXi … First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2024/07/30/cve-2024-37085-exploited/
-
Top CVEs of July 2024: Key Vulnerabilities and Mitigations
by
in SecurityNewsJuly 2024 has surfaced a series of significant vulnerabilities that could compromise the security of many organizations. From Bamboo Data Center flaws… First seen on securityboulevard.com Jump to article: securityboulevard.com/2024/07/top-cves-of-july-2024-key-vulnerabilities-and-mitigations/
-
March 2024 Patch Tuesday: Significant Vulnerabilities
by
in SecurityNewsMicrosoft has rolled out its latest batch of security fixes for March 2024 Patch Tuesday, addressing a total of 59 CVE-numbered vulnerabilities. The g… First seen on sensorstechforum.com Jump to article: sensorstechforum.com/march-2024-patch-tuesday/
-
Microsoft Says Ransomware Gangs Exploiting Just-Patched VMware ESXi Flaw
by
in SecurityNewsVMware did not mention in-the-wild exploitation for CVE-2024-37085 but Microsoft says ransomware gangs are abusing the just-patched flaw. The post Mic… First seen on securityweek.com Jump to article: www.securityweek.com/microsoft-says-ransomware-gangs-exploiting-just-patched-vmware-esxi-flaw/
-
Critical Acronis Cyber Infrastructure vulnerability exploited in the wild (CVE-2023-45249)
by
in SecurityNewsCVE-2023-45249, a critical vulnerability affecting older versions of Acronis Cyber Infrastructure, is being exploited by attackers. About Acronis Cybe… First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2024/07/29/cve-2023-45249/
-
Next-Gen Vulnerability Assessment: AWS Bedrock Claude in CVE Data Classification
by
in SecurityNewsFirst seen on securityboulevard.com Jump to article: securityboulevard.com/2024/07/next-gen-vulnerability-assessment-aws-bedrock-claude-in-cve-data-classification/
-
Cisco Patches the Products Impacted by RADIUS Protocol Vulnerability
by
in SecurityNewsCisco has issued patches for multiple products affected by a critical vulnerability in the RADIUS protocol. The vulnerability, identified as CVE-2024-… First seen on gbhackers.com Jump to article: gbhackers.com/cisco-patches-the-products-impacted/
-
Cisco-Patches schließen kritische Schwachstellen in SSM und SEG
by
in SecurityNewsNoch ein kleiner Nachtrag von Ende der Woche. Anbieter Cisco hat kritische Schwachstellen in Produkten geschlossen. Da gibt es die Schwachstelle CVE-2… First seen on borncity.com Jump to article: www.borncity.com/blog/2024/07/21/cisco-patches-schlieen-kritische-schwachstellen-in-ssm-und-seg/
-
Progress Software fixed critical RCE CVE-2024-6327 in the Telerik Report Server
by
in SecurityNewsProgress Software addressed a critical remote code execution vulnerability, tracked as CVE-2024-6327, in the Telerik Report Server. Telerik Report Ser… First seen on securityaffairs.com Jump to article: securityaffairs.com/166168/security/telerik-report-server-cve-2024-6327.html
-
Hackers exploit Microsoft Defender SmartScreen bug CVE-2024-21412 to deliver ACR, Lumma, and Meduza Stealers
The CVE-2024-21412 flaw in the Microsoft Defender SmartScreen has been exploited to deliver information stealers such as ACR Stealer, Lumma, and Meduz… First seen on securityaffairs.com Jump to article: securityaffairs.com/166152/security/cve-2024-21412-flaw-info-stealers.html
-
Broadcom liefert Update für CVE-2024-22280 – VMware Aria Automation und Cloud Foundation anfällig für SQL-Injections
by
in SecurityNewsFirst seen on security-insider.de Jump to article: www.security-insider.de/broadcom-vmware-sql-injection-schwachstelle-vmware-aria-updates-a-245d38ecf6d1179fcdbe0351da56ae96/
-
Docker Patches Critical AuthZ Plugin Bypass Vulnerability Dating Back to 2018
by
in SecurityNewsThe vulnerability, tagged as CVE-2024-41110 with a CVSS severity score of 10/10, was originally found and fixed in 2018. The post Docker Patches Criti… First seen on securityweek.com Jump to article: www.securityweek.com/docker-patches-critical-authz-plugin-bypass-vulnerability-dating-back-to-2018/
-
Critical Microsoft Zero-Day Vulnerability Exploited in the Wild for Over a Year
by
in SecurityNewsA severe zero-day vulnerability in Microsoft Windows, tracked as CVE-2024-38112, has been actively exploited by threat actors for at least 18 months. … First seen on securityboulevard.com Jump to article: securityboulevard.com/2024/07/critical-microsoft-zero-day-vulnerability-exploited-in-the-wild-for-over-a-year/
-
SolarWinds Serv-U vulnerability under attack
by
in SecurityNewsThe Centre for Cybersecurity Belgium observed exploitation against CVE-2024-28995, a high-severity vulnerability in SolarWind’s Serv-U file transfer p… First seen on techtarget.com Jump to article: www.techtarget.com/searchsecurity/news/366589400/SolarWinds-Serv-U-vulnerability-under-attack