Tag: cve
-
Schwachstellen im ZScaler Client Connector
by
in SecurityNewsNoch eine kurze Information für Leser, die den Client-Connector von ZScaler in ihrer Umgebung einsetzen. Dort sind gleich drei Schwachstellen CVE-2023… First seen on borncity.com Jump to article: www.borncity.com/blog/2024/05/28/schwachstellen-im-zscaler-client-connector/
-
New Chrome Zero-Day Vulnerability CVE-2024-4761 Under Active Exploitation
by
in SecurityNewsGoogle on Monday shipped emergency fixes to address a new zero-day flaw in the Chrome web browser that has come under active exploitation in the wild…. First seen on thehackernews.com Jump to article: thehackernews.com/2024/05/new-chrome-zero-day-vulnerability-cve.html
-
GitHub warns of SAML auth bypass flaw in Enterprise Server
by
in SecurityNewsGitHub has fixed a maximum severity (CVSS v4 score: 10.0) authentication bypass vulnerability tracked as CVE-2024-4986, which impacts GitHub Enterpris… First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/github-warns-of-saml-auth-bypass-flaw-in-enterprise-server/
-
PoC exploit for Ivanti EPMM privilege escalation flaw released (CVE 2024-22026)
by
in SecurityNewsTechnical details about and a proof-of-concept (PoC) exploit for CVE-2024-22026, a privilege escalation bug affecting Ivanti EPMM, has been released b… First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2024/05/20/cve-2024-22026-poc/
-
CISA Warns of Attacks Exploiting NextGen Healthcare Mirth Connect Flaw
by
in SecurityNewsCISA has added CVE-2023-43208, an unauthenticated remote code execution vulnerability, to its KEV catalog. The post added CVE-2023-43208, an unauthen… First seen on securityweek.com Jump to article: www.securityweek.com/cisa-warns-of-attacks-exploiting-nextgen-healthcare-mirth-connect-flaw/
-
Chrome Zero-Day Alert, Update Your Browser to Patch New Vulnerability
by
in SecurityNewsGoogle on Thursday released security updates to address a zero-day flaw in Chrome that it said has been actively exploited in the wild.Tracked as CVE-… First seen on thehackernews.com Jump to article: thehackernews.com/2024/05/chrome-zero-day-alert-update-your.html
-
Critical Git Vulnerability Let Attackers Execute Remote Code : PoC Published
by
in SecurityNewsA critical remote code execution vulnerability has been discovered in the git clone which was assigned with CVE-2024-32002 and the severity has been g… First seen on gbhackers.com Jump to article: gbhackers.com/git-flaw-remote-code-execution/
-
CVE-2023-34992: Fortinet FortiSIEM Command Injection Deep-Dive
by
in SecurityNewsIn early 2023, given some early success in auditing Fortinet appliances, I continued the effort and landed upon the Fortinet FortiSIEM. Several issues… First seen on securityboulevard.com Jump to article: securityboulevard.com/2024/05/cve-2023-34992-fortinet-fortisiem-command-injection-deep-dive/
-
Mitre breached by nation-state threat actor via Ivanti flaws
by
in SecurityNewsAn unnamed nation-state threat actor breached Mitre through two Ivanti Connect Secure zero-day vulnerabilities, CVE-2023-46805 and CVE-2024-21887, dis… First seen on techtarget.com Jump to article: www.techtarget.com/searchsecurity/news/366581853/Mitre-breached-by-nation-state-threat-actor-via-Ivanti-flaws
-
Critical Flaw in AI Python Package Can Lead to System and Data Compromise
by
in SecurityNewsA critical vulnerability tracked as CVE-2024-34359 and dubbed Llama Drama can allow hackers to target AI product developers. The post al vulnerability… First seen on securityweek.com Jump to article: www.securityweek.com/critical-flaw-in-ai-python-package-can-lead-to-system-and-data-compromise/
-
NIST Confusion Continues as Cyber Pros Complain CVE Uploads Stalled
by
in SecurityNewsSeveral software security experts have told Infosecurity that no new vulnerabilities have been added to the US National Vulnerability Database (NVD) s… First seen on infosecurity-magazine.com Jump to article: www.infosecurity-magazine.com/news/nist-cve-stop-questioned/
-
Dangerous Google Chrome Zero-Day Allows Sandbox Escape
by
in SecurityNewsExploit code is circulating for CVE-2024-4761, disclosed less than a week after a similar security vulnerability was disclosed as being used in the wi… First seen on darkreading.com Jump to article: www.darkreading.com/vulnerabilities-threats/dangerous-google-chrome-zero-day-sandbox-escape
-
Microsoft Windows DWM Zero-Day Poised for Mass Exploit
CVE-2024-30051, under active exploit, is the most concerning out of this month’s Patch Tuesday offerings, and already being abused by several QakBot a… First seen on darkreading.com Jump to article: www.darkreading.com/vulnerabilities-threats/microsoft-windows-dwm-zero-day-mass-exploit
-
May 2024 Patch Tuesday: Microsoft fixes exploited zero-days (CVE-2024-30051, CVE-2024-30040)
by
in SecurityNewsFor May 2024 Patch Tuesday, Microsoft has released fixes for 59 CVE-numbered vulnerabilities, including two zero-days (CVE-2024-30051, CVE-2024-30040)… First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2024/05/14/patch-tuesday-cve-2024-30051-cve-2024-30040/
-
Apple backports iOS zero-day patch, adds Bluetooth tracker alert
by
in SecurityNewsApple has backported the patch for CVE-2024-23296 to the iOS 16 branch and has fixed a bug (CVE-2024-27852) in MarketplaceKit that may allow malicious… First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2024/05/14/ios-bluetooth-tracker-alert/
-
Log4Shell shows no sign of fading, spotted in 30% of CVE exploits
by
in SecurityNewsOrganizations continue to run insecure protocols across their wide access networks (WAN), making it easier for cybercriminals to move across networks,… First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2024/05/14/log4j-wan-insecure-protocols/
-
Veeam Schwachstelle CVE-2024-29212 (Mai 2024)
by
in SecurityNewsKleiner Nachtrag von dieser Woche. Veeam, der Anbieter von Backup-Lösungen hat die Woche (7. Mai 2024) eine Sicherheitswarnung veröffentlicht. In älte… First seen on borncity.com Jump to article: www.borncity.com/blog/2024/05/12/veeam-schwachstelle-cve-2024-29212-mai-2024/
-
Google fixes Chrome zero-day with in-the-wild exploit (CVE-2024-4671)
by
in SecurityNewsGoogle has fixed a Chrome zero-day vulnerability (CVE-2024-4671), an exploit for which exists in the wild. About CVE-2024-4671 CVE-2024-4671 is a use … First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2024/05/10/cve-2024-4671/
-
Log4J shows no sign of fading, spotted in 30% of CVE exploits
by
in SecurityNewsOrganizations continue to run insecure protocols across their wide access networks (WAN), making it easier for cybercriminals to move across networks,… First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2024/05/14/log4j-wan-insecure-protocols/
-
Microsoft Edge Zero-Day Vulnerability Exploited in the Wild
by
in SecurityNewsA zero-day vulnerability in Microsoft Edge, which has been tagged as CVE-2024-4671, has been aggressively exploited by evil organizations, according t… First seen on gbhackers.com Jump to article: gbhackers.com/microsoft-edge-zero-day-2/
-
CISA Announces CVE Enrichment Project ‘Vulnrichment’
by
in SecurityNewsCISA’s Vulnrichment project is adding important information to CVE records to help improve vulnerability management processes. The post Vulnrichment … First seen on securityweek.com Jump to article: www.securityweek.com/cisa-announces-cve-enrichment-project-vulnrichment/
-
F5 fixes BIG-IP Next Central Manager flaws with public PoCs (CVE-2024-21793, CVE-2024-26026)
by
in SecurityNewsEclypsium researchers have published details and PoC exploits for two remotely exploitable injection vulnerabilities (CVE-2024-21793, CVE-2024-26026) … First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2024/05/09/cve-2024-21793-cve-2024-26026/
-
CISA starts CVE >>vulnrichment<< program
by
in SecurityNewsThe US Cybersecurity and Infrastructure Agency (CISA) has announced the creation of >>Vulnrichment,
-
VPN-Leak: TunnelVision über Schwachstelle CVE-2024-3661
by
in SecurityNewsSicherheitsforscher haben eine neue, als TunnelVision bezeichnete Angriffsmethode auf VPN-Verbindungen offen gelegt. Der Angriff ermöglicht es, einen … First seen on borncity.com Jump to article: www.borncity.com/blog/2024/05/07/vpn-leak-tunnelvision-ber-schwachstelle-cve-2024-3661/
-
Most Tinyproxy Instances are potentially vulnerable to flaw CVE-2023-49606
by
in SecurityNewsA critical Remote Code Execution vulnerability in the Tinyproxy service potentially impacted 50,000 Internet-Exposing hosts. Researchers from Cisco Ta… First seen on securityaffairs.com Jump to article: securityaffairs.com/162866/hacking/tinyproxy-rce.html
-
Google Chrome Zero-day Exploited in the Wild, Patch Now
by
in SecurityNewsGoogle has urgently updated its Chrome browser across all platforms after a critical vulnerability, identified as CVE-2024-4671, was found being activ… First seen on gbhackers.com Jump to article: gbhackers.com/chrome-zero-day-exploited/
-
Attackers may be using TunnelVision to snoop on users’ VPN traffic (CVE-2024-3661)
by
in SecurityNewsResearchers have brought to light a new attack method dubbed TunnelVision and uniquely identified as CVE-2024-3661 that can be used to intercept and… First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2024/05/08/tunnelvision-cve-2024-3661/
-
VPN-Leak: TunnelVision über Schwachstelle CVE-2024-3661
by
in SecurityNewsSicherheitsforscher haben eine neue, als TunnelVision bezeichnete Angriffsmethode auf VPN-Verbindungen offen gelegt. Der Angriff ermöglicht es, einen … First seen on borncity.com Jump to article: www.borncity.com/blog/2024/05/07/vpn-leak-tunnelvision-ber-schwachstelle-cve-2024-3661/
-
CrushFTP Vulnerability Exploited in Wild to Execute Remote Code
by
in SecurityNewsA critical vulnerability in CrushFTP, identified as CVE-2024-4040, has been actively exploited in the wild. It allows attackers to perform unauthentic… First seen on gbhackers.com Jump to article: gbhackers.com/crushftp-vulnerability-exploited/
-
Veeam RCE Flaws Let Hackers Gain Access To VSPC Servers
by
in SecurityNewsVeeam Service Provider console has been discovered with two critical vulnerabilities that were associated with Remote Code Execution. A CVE for these … First seen on gbhackers.com Jump to article: gbhackers.com/veeam-rce-flaws-vspc-servers/