Tag: cve
-
Cisco warns actively exploited CVE can lead to DoS attacks against VPN services
First seen on cybersecuritydive.com Jump to article: www.cybersecuritydive.com/news/cisco-exploited-cve-vpn/731216/
-
CVE-2024-9680 Mozilla Firefox Security Vulnerability October 2024
by
in SecurityNewsA critical vulnerability (CVE-2024-9680) in Mozilla Firefox exposes systems to remote code execution by exploiting memory handling flaws. Affected Pl… First seen on securityboulevard.com Jump to article: securityboulevard.com/2024/10/cve-2024-9680-mozilla-firefox-security-vulnerability-october-2024/
-
Google Patches Critical Chrome Vulnerability Reported by Apple
by
in SecurityNewsGoogle has patched CVE-2024-10487, a critical Chrome vulnerability, and Mozilla has patched high-severity flaws in Firefox. The post Google Patches Cr… First seen on securityweek.com Jump to article: www.securityweek.com/google-patches-critical-chrome-vulnerability-reported-by-apple/
-
Fog ransomware targets SonicWall VPNs to breach corporate networks
by
in SecurityNewsFog and Akira ransomware operators have increased their exploitation efforts of CVE-2024-40766, a critical access control flaw that allows unauthorize… First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/fog-ransomware-targets-sonicwall-vpns-to-breach-corporate-networks/
-
UNC5820 Exploits FortiManager Zero-Day Vulnerability (CVE-2024-47575)
by
in SecurityNewsFortinet and Mandiant investigated the mass exploitation of FortiManager devices via CVE-2024-47575, impacting 50+ systems across industries. Threat….. First seen on hackread.com Jump to article: hackread.com/unc5820-exploits-fortimanager-zero-day-vulnerability/
-
CVE-2024-47575 ausgenutzt in freier Wildbahn – BSI warnt vor kritischer Schwachstelle im FortiManager
by
in SecurityNewsFirst seen on security-insider.de Jump to article: www.security-insider.de/kritische-sicherheitsluecke-fgfm-daemon-fortimanager-a-1bcc6b7fff19c07fba226fba8dc451fb/
-
New Threat Group UNC5820 Targets FortiManager Zero-Day CVE-2024-47575 in Global Cyberattack
by
in SecurityNewsIn October 2024, Mandiant, in collaboration with Fortinet, uncovered the mass exploitation of FortiManager appliances across multiple industries. This… First seen on securityonline.info Jump to article: securityonline.info/new-threat-group-unc5820-targets-fortimanager-zero-day-cve-2024-47575-in-global-cyberattack/
-
MacOS Safari ‘HM Surf’ Exploit Exposes Camera, Mic, Browser Data
Microsoft researchers toyed with app permissions to uncover CVE-2024-44133, using it to access sensitive user data. Adware merchants may have as well…. First seen on darkreading.com Jump to article: www.darkreading.com/vulnerabilities-threats/macos-safari-exploit-camera-mic-browser-data
-
In Other News: CVE Turns 25, Henry Schein Data Breach, Reward for Shahid Hemmat Hackers
by
in SecurityNewsNoteworthy stories that might have slipped under the radar: CVE Program celebrates 25th anniversary, one year after ransomware attack Henry Schein say… First seen on securityweek.com Jump to article: www.securityweek.com/in-other-news-cve-turns-25-henry-schein-data-breach-reward-for-shahid-hemmat-hackers/
-
Critical Veeam CVE actively exploited in ransomware attacks
by
in SecurityNewsMultiple ransomware groups targeted the vulnerability, which has a CVSS score of 9.8, more than a month after it was disclosed and patched by the data… First seen on cybersecuritydive.com Jump to article: www.cybersecuritydive.com/news/veeam-critical-cve-exploits-ransomware/730570/
-
Fortinet FortiManager flaw exploited in zero-day attacks (CVE-2024-47575)
by
in SecurityNewsFortinet has finally made public information about CVE-2024-47575, a critical FortiManager vulnerability that attackers have exploited as a zero-day. … First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2024/10/24/cve-2024-47575/
-
Mandiant says new Fortinet flaw has been exploited since June
A new Fortinet FortiManager flaw dubbed FortiJump and tracked as CVE-2024-47575 has been exploited since June 2024 in zero-day attacks on over 50 serv… First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/mandiant-says-new-fortinet-fortimanager-flaw-has-been-exploited-since-june/
-
Red Hat NetworkManager Flaw Allows Hackers to Gain Root Access
by
in SecurityNewsA recently discovered vulnerability in Red Hat’s NetworkManager, CVE-2024-8260, has raised concerns in the cybersecurity community because it could al… First seen on gbhackers.com Jump to article: gbhackers.com/red-hat-networkmanager-flaw/
-
New Fortinet Zero-Day Exploited for Months Before Patch
A Fortinet zero-day tracked as CVE-2024-47575 and named FortiJump has been exploited since at least June 2024. The post New Fortinet Zero-Day Exploite… First seen on securityweek.com Jump to article: www.securityweek.com/new-fortinet-zero-day-exploited-for-months-before-patch-release/
-
Lazarus hackers used fake DeFi game to exploit Google Chrome zero-day
by
in SecurityNewsThe North Korean Lazarus hacking group exploited a Google Chrome zero-day tracked as CVE-2024-4947 through a fake decentralized finance (DeFi) game ta… First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/lazarus-hackers-used-fake-defi-game-to-exploit-google-chrome-zero-day/
-
VMware fixes critical vCenter Server RCE bug again! (CVE-2024-38812)
by
in SecurityNewsBroadcom has released new patches for previously fixed vulnerabilities (CVE-2024-38812, CVE-2024-38813) in vCenter Server, one of which hasn’t been fu… First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2024/10/22/cve-2024-38812-cve-2024-38813-fixed-again/
-
Fortinet warns of new critical FortiManager flaw used in zero-day attacks
by
in SecurityNewsFortinet publicly disclosed today a critical FortiManager API vulnerability, tracked as CVE-2024-47575, that was exploited in zero-day attacks to stea… First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/fortinet-warns-of-new-critical-fortimanager-flaw-used-in-zero-day-attacks/
-
New Loop DoS Attack Based on CVE-2024-2169 in UDP Protocol
by
in SecurityNewsA newly identified denial-of-service attack, named Loop DoS, is causing concerns among cybersecurity experts. This sophisticated attack targets applic… First seen on sensorstechforum.com Jump to article: sensorstechforum.com/loop-dos-attack-cve-2024-2169/
-
VMware fixes bad patch for critical vCenter Server RCE flaw
by
in SecurityNewsVMware has released another security update for CVE-2024-38812, a critical VMware vCenter Server remote code execution vulnerability that was not corr… First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/vmware-fixes-bad-patch-for-critical-vcenter-server-rce-flaw/
-
VMware failed to fully address vCenter Server RCE flaw CVE-2024-38812
by
in SecurityNewsVMware addressed a remote code execution flaw, demonstrated in a Chinese hacking contest, for the second time in two months. VMware failed to fully ad… First seen on securityaffairs.com Jump to article: securityaffairs.com/170096/security/vmware-failed-to-fix-rce-vcenter-server-cve-2024-38812.html
-
VMware HCX Platform Vulnerable to SQL Injection Attacks
by
in SecurityNewsVMware released an advisory (VMSA-2024-0021) addressing a critical vulnerability in its HCX platform. The vulnerability, CVE-2024-38814, is an authent… First seen on gbhackers.com Jump to article: gbhackers.com/vmware-hcx-platform-vulnerable/
-
Critical CVE in 4 Fortinet products actively exploited
by
in SecurityNewsCISA added the format string vulnerability to its known exploited vulnerabilities catalog last week, months after it was first disclosed by the compan… First seen on cybersecuritydive.com Jump to article: www.cybersecuritydive.com/news/critical-cve-fortinet-exploited/729736/
-
Earth Simnavaz Exploits Windows Kernel Flaw CVE-2024-30088 in Attacks on Critical Infrastructure
by
in SecurityNewsTrend Micro researchers have uncovered a series of advanced cyberattacks carried out by the threat group Earth Simnavaz, also known as APT34 or OilRig… First seen on securityonline.info Jump to article: securityonline.info/earth-simnavaz-exploits-windows-kernel-flaw-cve-2024-30088-in-attacks-on-critical-infrastructure/
-
VMware fixes high-severity SQL injection flaw CVE-2024-38814 in HCX
VMware fixes a high-severity SQL injection flaw in HCX allowing non-admin users to remotely execute code on the HCX manager. VMWare warns to address a… First seen on securityaffairs.com Jump to article: securityaffairs.com/169904/security/vmware-sql-injection-flaw-cve-2024-38814.html
-
CVE-2024-9381 Ivanti CSA Security Vulnerability October 2024
by
in SecurityNewsA critical vulnerability (CVE-2024-9381) in Ivanti’s Cloud Services Appliance allows attackers to bypass security measures and execute arbitrary code…. First seen on securityboulevard.com Jump to article: securityboulevard.com/2024/10/cve-2024-9381-ivanti-csa-security-vulnerability-october-2024/
-
Critical Veeam Vulnerability CVE-2024-40711 Exploited by Ransomware Groups
by
in SecurityNewsVeeam has addressed a severe vulnerability in its widely utilized Backup & Replication tool, CVE-2024-40711. This critical flaw has a staggering Commo… First seen on thecyberexpress.com Jump to article: thecyberexpress.com/critical-veeam-vulnerability-2/
-
VMware Patches High-Severity SQL Injection Flaw in HCX Platform
VMware patches CVE-2024-38814 and warns that attackers with non-administrator privileges can execute remote code on the HCX manager. The post VMware P… First seen on securityweek.com Jump to article: www.securityweek.com/vmware-patches-high-severity-sql-injection-flaw-in-hcx-platform/
-
3 More Ivanti Cloud Vulns Exploited in the Wild
by
in SecurityNewsThe security bugs were found susceptible to exploitation in connection to the previously disclosed, critical CVE-2024-8963 vulnerability in the securi… First seen on darkreading.com Jump to article: www.darkreading.com/cyberattacks-data-breaches/three-more-ivanti-cloud-vulns-exploited
-
Windows spoofing flaw exploited in earlier zero-day attacks
by
in SecurityNewsMicrosoft reveals that CVE-2024-43461, which was disclosed in September’s Patch Tuesday, was previously exploited as a zero-day vulnerability in an at… First seen on techtarget.com Jump to article: www.techtarget.com/searchsecurity/news/366610775/Windows-spoofing-flaw-exploited-in-earlier-zero-day-attacks