Tag: cve
-
Microsoft patches two actively exploited zero-days (CVE-2024-29988, CVE-2024-26234)
by
in SecurityNewsOn this April 2024 Patch Tuesday, Microsoft has fixed a record 147 CVE-numbered vulnerabilities, including CVE-2024-29988, a vulnerability that Micros… First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2024/04/09/april-2024-patch-tuesday-cve-2024-29988/
-
Microsoft Patches Two Zero-Days Exploited for Malware Delivery
by
in SecurityNewsMicrosoft patches CVE-2024-29988 and CVE-2024-26234, two zero-day vulnerabilities exploited by threat actors to deliver malware. The post t patches CV… First seen on securityweek.com Jump to article: www.securityweek.com/microsoft-patches-two-zero-days-exploited-for-malware-delivery/
-
Apple discloses 2 iOS zero-day vulnerabilities
by
in SecurityNewsCVE-2024-23225 and CVE-2024-23296, which bypass kernel memory protections, mark the second and third zero-day vulnerabilities that Apple has disclosed… First seen on techtarget.com Jump to article: www.techtarget.com/searchsecurity/news/366572451/Apple-discloses-2-iOS-zero-day-vulnerabilities
-
More than 16,000 Ivanti VPN gateways still vulnerable to RCE CVE-2024-21894
by
in SecurityNewsExperts warn of roughly 16,500 Ivanti Connect Secure and Poly Secure gateways still vulnerable to a remote code execution (RCE) flaw. Shadowserver res… First seen on securityaffairs.com Jump to article: securityaffairs.com/161544/security/ivanti-16500-vulnerable-istances.html
-
Windows NTLM Credentials-Schwachstelle CVE-2024-21320: Fix durch 0patch
by
in SecurityNewsIn Windows gibt es eine Schwachstelle (CVE-2024-21320), die NTLM-Anmeldeinformationen über Windows-Themen offen legt. Microsoft hat zwar im Januar 202… First seen on borncity.com Jump to article: www.borncity.com/blog/2024/04/04/windows-ntlm-credentials-schwachstelle-cve-2024-21320-fix-durch-0patch/
-
Microsoft patches actively exploited security feature bypass vulnerability (CVE-2024-29988)
by
in SecurityNewsOn this April 2024 Patch Tuesday, Microsoft has fixed a record 147 CVE-numbered vulnerabilities, including CVE-2024-29988, a vulnerability that Micros… First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2024/04/09/april-2024-patch-tuesday-cve-2024-29988/
-
Exploitation Attempts Target Unpatched Flaw Affecting Many D-Link NAS Devices
by
in SecurityNewsUnpatched D-Link NAS device vulnerability CVE-2024-3273, potentially affecting many devices, is being exploited in the wild. The post d D-Link NAS dev… First seen on securityweek.com Jump to article: www.securityweek.com/exploitation-attempts-target-unpatched-flaw-affecting-many-d-link-nas-devices/
-
D-Link RCE Vulnerability That Affects 92,000 Devices Exploited in Wild
by
in SecurityNewsCybercriminals have actively exploited a critical vulnerability in D-Link Network Attached Storage (NAS) devices globally. Identified as CVE-2024-3273… First seen on gbhackers.com Jump to article: gbhackers.com/d-link-rce-vulnerability-exploited-in-wild/
-
Magento flaw exploited to deploy persistent backdoor hidden in XML
by
in SecurityNewsThreat actors are exploiting critical Magento vulnerability CVE-2024-20720 to install a persistent backdoor on e-stores. Sansec researchers observed t… First seen on securityaffairs.com Jump to article: securityaffairs.com/161534/hacking/magento-vulnerability-actively-exploited.html
-
CVE-2024-3094: RCE Vulnerability Discovered in XZ Utils
by
in SecurityNewsCVE-2024-3094 is a critical Remote Code Execution (RCE) vulnerability found in the popular open-source XZ Utils library. This vulnerability affects XZ… First seen on securityboulevard.com Jump to article: securityboulevard.com/2024/04/cve-2024-3094-rce-vulnerability-discovered-in-xz-utils/
-
WallEscape-Schwachstelle CVE-2024-28085 in Linux-Tools
by
in SecurityNewsKleiner Nachtrag von letzter Woche. Es gibt eine neue Schwachstelle, CVE-2024-28085 (WallEscape), die sich auf den wall-Befehl in util-linux auswirkt…. First seen on borncity.com Jump to article: www.borncity.com/blog/2024/03/31/wallescape-schwachstelle-cve-2024-28085-in-linux-tools/
-
Multiple Cisco Small Business Routers Vulnerable to XSS Attacks
by
in SecurityNewsCisco has alerted its customers about a critical vulnerability affecting several Small Business RV Series Routers models. This vulnerability, CVE-2024… First seen on gbhackers.com Jump to article: gbhackers.com/vulnerable-to-xss-attacks/
-
Critical Progress Flowmon Vulnerability Let Attackers Inject Malicious Code
by
in SecurityNewsA new critical vulnerability has been discovered in Progress Flowmon, assigned with CVE-2024-2389. Progress Flowmon is a Cloud Application Performance… First seen on gbhackers.com Jump to article: gbhackers.com/progress-flowmon-vulnerability/
-
Update for KernelCare Live Patches for CVE-2024-1086 in AlmaLinux 8 9
by
in SecurityNewsThe KernelCare team is working on deploying a live patch for CVE-2024-1086 for AlmaLinux 8 and AlmaLinux 9 users. As of April 3, the patches for CVE-2… First seen on securityboulevard.com Jump to article: securityboulevard.com/2024/04/update-for-kernelcare-live-patches-for-cve-2024-1086-in-almalinux-8-9/
-
CVE and NVD A Weak and Fractured Source of Vulnerability Truth
by
in SecurityNewsMITRE is unable to compile a list of all new vulnerabilities, and NIST is unable to subsequently, and consequently, provide an enriched database of al… First seen on securityweek.com Jump to article: www.securityweek.com/cve-and-nvd-a-weak-and-fractured-source-of-vulnerability-truth/
-
Microsoft Edge Bug CVE-2024-21388 erlaubte beliebiger Erweiterungen zu installieren
by
in SecurityNewsEine inzwischen gepatchte Sicherheitslücke im Microsoft Edge Webbrowser hätte dazu missbraucht werden können, beliebige Erweiterungen auf den Systemen… First seen on borncity.com Jump to article: www.borncity.com/blog/2024/03/28/microsoft-edge-bug-cve-2024-21388-erlaubte-bsartige-erweiterungen-zu-installieren/
-
Yet another reason why the xz backdoor is a sneaky b@$tard
by
in SecurityNews(We are talking about the xz/libzma backdoor identified with CVE-2024-3094) Background If you just woke up from hibernation The post talking about the… First seen on securityboulevard.com Jump to article: securityboulevard.com/2024/04/yet-another-reason-why-the-xz-backdoor-is-a-sneaky-btard/
-
CISA Warns Of Active Exploitation Of Flaws In Fortinet, Ivanti, Nice Linear
by
in SecurityNewsA recent security alert warns of three critical vulnerabilities actively exploited in the wild, of which the first is CVE-2023-48788, an SQL injection… First seen on gbhackers.com Jump to article: gbhackers.com/cisa-warns-of-active-exploitation/
-
CVE-2023-40000: LiteSpeed Plugin Flaw Exposes Millions of WordPress Sites
by
in SecurityNewsA concerning security vulnerability within a widely-used WordPress plugin, LiteSpeed Cache, has been detected. Tracked as CVE-2023-40000, this vulnera… First seen on sensorstechforum.com Jump to article: sensorstechforum.com/cve-2023-40000-litespeed-plugin-wordpress/
-
CVE-2024-1071: Ultimate Member Plugin Flaw Exposes WordPress Sites
by
in SecurityNewsThe revelation of a critical security loophole within the widely deployed WordPress plugin, Ultimate Member, has sent shockwaves through the online co… First seen on sensorstechforum.com Jump to article: sensorstechforum.com/cve-2024-1071-ultimate-member-plugin-wordpress/
-
CVE-2024-23204: Vulnerability in Apple’s Shortcuts App
by
in SecurityNewsDetails have emerged about a high-severity security flaw in Apple’s Shortcuts app. This vulnerability, tracked as CVE-2024-23204, has the potential to… First seen on sensorstechforum.com Jump to article: sensorstechforum.com/cve-2024-23204-apple-shortcuts-app/
-
Recent Fortinet FortiClient EMS Vulnerability Exploited in Attacks
by
in SecurityNewsCVE-2023-48788, a critical SQL injection vulnerability in Fortinet’s FortiClient EMS product, is being exploited in the wild. The post -48788, a criti… First seen on securityweek.com Jump to article: www.securityweek.com/recent-fortinet-forticlient-ems-vulnerability-exploited-in-attacks/
-
CVE-2023-52160: Wi-Fi Flaws Expose Android and Linux Devices
by
in SecurityNewsTwo authentication bypass vulnerabilities were uncovered in open-source Wi-Fi software utilized across Android, Linux, and ChromeOS devices. These vul… First seen on sensorstechforum.com Jump to article: sensorstechforum.com/cve-2023-52160-wi-fi-flaws/
-
Threat actors actively exploit JetBrains TeamCity flaws to deliver malware
Multiple threat actors are exploiting the recently disclosed JetBrains TeamCity flaw CVE-2024-27198 in attacks in the wild. Trend Micro researchers ar… First seen on securityaffairs.com Jump to article: securityaffairs.com/160823/breaking-news/jetbrains-teamcity-flaws-actively-exploited.html
-
Microsoft Patches Xbox Vulnerability Following Public Disclosure
by
in SecurityNewsMicrosoft patches Xbox Gaming Services vulnerability CVE-2024-28916 after initially saying it was not a security issue. The post t patches Xbox Gaming… First seen on securityweek.com Jump to article: www.securityweek.com/microsoft-patches-xbox-vulnerability-following-public-disclosure/
-
CVE-2023-48788: Fortinet FortiClientEMS SQL Injection Deep Dive
by
in SecurityNewsIntroduction In a recent PSIRT, Fortinet acknowledged CVE-2023-48788 a SQL injection in FortiClient EMS that can lead to remote code execution. Forti… First seen on securityboulevard.com Jump to article: securityboulevard.com/2024/03/cve-2023-48788-fortinet-forticlientems-sql-injection-deep-dive/
-
Aiohttp Vulnerability in Attacker Crosshairs
by
in SecurityNewsA recently patched Aiohttp vulnerability tracked as CVE-2024-23334 is being targeted by threat actors, including by a ransomware group. The post ly pa… First seen on securityweek.com Jump to article: www.securityweek.com/aiohttp-vulnerability-in-attacker-crosshairs/
-
Hackers exploit Aiohttp bug to find vulnerable networks
by
in SecurityNewsThe ransomware actor ‘ShadowSyndicate’ was observed scanning for servers vulnerable to CVE-2024-23334, a directory traversal vulnerability in the aioh… First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/hackers-exploit-aiohttp-bug-to-find-vulnerable-networks/
-
Kubernetes Vulnerability Let Attackers Take Full System Control
by
in SecurityNewsA new vulnerability, CVE-2023-5528, has been discovered with Kubernetes. This vulnerability is associated with a command injection vulnerability that … First seen on gbhackers.com Jump to article: gbhackers.com/kubernetes-vulnerability-full-system-control/
-
NIST National Vulnerability Database Disruption Sees CVE Enrichment on Hold
by
in SecurityNewsVulnerability data has stopped being added to the most widely used software vulnerability database for over a month, putting organizations at risk an… First seen on infosecurity-magazine.com Jump to article: www.infosecurity-magazine.com/news/nist-vulnerability-database/