Tag: flaw
-
Sophos discloses critical Firewall remote code execution flaw
by
in SecurityNewsSophos has addressed three vulnerabilities in its Sophos Firewall product that could allow remote unauthenticated threat actors to perform SQL injection, remote code execution, and gain privileged SSH access to devices. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/sophos-discloses-critical-firewall-remote-code-execution-flaw/
-
Sophos fixed critical vulnerabilities in its Firewall product
by
in SecurityNewsSophos fixed three Sophos Firewall flaws that could lead to SQL injection, privileged SSH access to devices, and remote code execution. Sophos has addressed three vulnerabilities, respectively tracked as CVE-2024-12727, CVE-2024-12728, and CVE-2024-12729, in its Sophos Firewall solution. The vulnerabilities impact Sophos Firewall v21.0 GA (21.0.0) and older versions, below are the description for these…
-
Siemens Warns of a Critical Vulnerability in UMC
by
in SecurityNewsHeap Overflow Flaw Threatens Industrial Control Systems Globally. Siemens issued a security advisory for a vulnerability affecting industrial control systems in its User Management Component that could enable attackers to execute arbitrary code. The heap-based buffer overflow flaw impacts products used in manufacturing and the energy sector. First seen on govinfosecurity.com Jump to article: www.govinfosecurity.com/siemens-warns-critical-vulnerability-in-umc-a-27121
-
Critical Fortinet FortiWLM flaw addressed
by
in SecurityNewsFirst seen on scworld.com Jump to article: www.scworld.com/brief/critical-fortinet-fortiwlm-flaw-addressed
-
Researchers uncover AMD chip flaw threatening cloud data
by
in SecurityNewsFirst seen on scworld.com Jump to article: www.scworld.com/brief/researchers-uncover-amd-chip-flaw-threatening-cloud-data
-
Critical flaw in WordPress plugin exploited to install malicious software
First seen on scworld.com Jump to article: www.scworld.com/brief/critical-flaw-in-wordpress-plugin-exploited-to-install-malicious-software
-
Sophos Firewall vulnerable to critical remote code execution flaw
by
in SecurityNewsSophos has addressed three vulnerabilities in its Sophos Firewall product that could allow remote unauthenticated threat actors to perform SQL injection, remote code execution, and gain privileged SSH access to devices. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/sophos-firewall-vulnerable-to-critical-remote-code-execution-flaw/
-
U.S. CISA adds BeyondTrust software flaw to its Known Exploited Vulnerabilities catalog
by
in SecurityNews
Tags: access, cisa, cve, cybersecurity, exploit, flaw, infrastructure, injection, kev, software, vulnerabilityU.S. Cybersecurity and Infrastructure Security Agency (CISA) adds BeyondTrust Privileged Remote Access (PRA) and Remote Support (RS) Command Injection flaw to its Known Exploited Vulnerabilities catalog. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) added the BeyondTrust Privileged Remote Access (PRA) and Remote Support (RS) Command Injection flaw, tracked as CVE-2024-12356 (CVSS score of 9.8) to…
-
Siemens UMC Vulnerability Allows Arbitrary Remote Code Execution
by
in SecurityNewsA critical vulnerability has been identified in Siemens’ User Management Component (UMC), which could allow unauthenticated remote attackers to execute arbitrary code. The flaw, designated CVE-2024-49775, is a heap-based buffer overflow vulnerability. Siemens has issued Security Advisory SSA-928984 and urges customers to implement recommended fixes or mitigations to minimize the risks. Details of the Vulnerability The…
-
Foxit PDF Editor Vulnerabilities Allows Remote Code Execution
by
in SecurityNewsFoxit Software has issued critical security updates for its widely used PDF solutions, Foxit PDF Reader and Foxit PDF Editor. The updates”, Foxit PDF Reader 2024.4 and Foxit PDF Editor 2024.4/13.1.5″, were released on December 17, 2024, to counter vulnerabilities that could leave users exposed to remote code execution (RCE) attacks. Details of the Vulnerabilities The…
-
Sophos Issues Hotfixes for Critical Firewall Flaws: Update to Prevent Exploitation
by
in SecurityNewsSophos has released hotfixes to address three security flaws in Sophos Firewall products that could be exploited to achieve remote code execution and allow privileged system access under certain conditions.Of the three, two are rated Critical in severity. There is currently no evidence that the shortcomings have been exploited in the wild. The list of…
-
CISA Warns of BeyondTrust Privileged Remote Access Exploited in Wild
by
in SecurityNews
Tags: access, cisa, cyber, cybersecurity, exploit, flaw, infrastructure, malicious, risk, tool, vulnerabilityThe Cybersecurity and Infrastructure Security Agency (CISA) has sounded the alarm over a critical vulnerability impacting BeyondTrust’s Privileged Remote Access (PRA) and Remote Support (RS) products. This newly uncovered flaw tracked as CVE-2024-12356, could allow attackers to execute malicious commands, posing a severe risk to global enterprises relying on these tools for secure remote access and…
-
CISA Adds Critical Flaw in BeyondTrust Software to Exploited Vulnerabilities List
by
in SecurityNews
Tags: access, cisa, cve, cybersecurity, exploit, flaw, infrastructure, injection, kev, software, vulnerabilityThe U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Thursday added a critical security flaw impacting BeyondTrust Privileged Remote Access (PRA) and Remote Support (RS) products to the Known Exploited Vulnerabilities (KEV) catalog, citing evidence of active exploitation in the wild.The vulnerability, tracked as CVE-2024-12356 (CVSS score: 9.8), is a command injection flaw that First…
-
Fortinet warns about Critical flaw in Wireless LAN Manager FortiWLM
by
in SecurityNewsFortinet warns of a patched FortiWLM vulnerability that could allow admin access and sensitive information disclosure. Fortinet warned of a now-patched Wireless LAN Manager (FortiWLM) vulnerability, tracked as CVE-2023-34990 (CVSS score of 9.6), that could lead to admin access and sensitive information disclosure. >>A relative path traversal [CWE-23] in FortiWLM may allow a remote, unauthenticated…
-
US eyes ban on TP-Link routers amid cybersecurity concerns
by
in SecurityNews
Tags: attack, business, china, compliance, computer, corporate, country, cyber, cyberattack, cybercrime, cybersecurity, ddos, defense, espionage, exploit, flaw, government, hacking, infrastructure, intelligence, law, malicious, microsoft, network, risk, router, technology, threat, vulnerability, wifiThe US government is investigating TP-Link, a Chinese company that supplies about 65% of routers for American homes and small businesses, amid concerns about national security risks. Reports suggest these routers have vulnerabilities that cybercriminals exploit to compromise sensitive enterprise data.Investigations by the Commerce, Defense, and Justice Departments indicate that the routers may have been…
-
Bugs in a major McDonald’s India delivery system exposed sensitive customer data
by
in SecurityNewsMcDonald’s India exposed the personal information of customers and drivers due to security flaws impacting its APIs. First seen on techcrunch.com Jump to article: techcrunch.com/2024/12/19/bugs-in-a-major-mcdonalds-india-delivery-system-exposed-sensitive-customer-data/
-
Fortinet Warns of Critical FortiWLM Flaw That Could Lead to Admin Access Exploits
by
in SecurityNewsFortinet has issued an advisory for a now-patched critical security flaw impacting Wireless LAN Manager (FortiWLM) that could lead to disclosure of sensitive information.The vulnerability, tracked as CVE-2023-34990, carries a CVSS score of 9.6 out of a maximum of 10.0.”A relative path traversal [CWE-23] in FortiWLM may allow a remote unauthenticated attacker to read sensitive…
-
Chrome Security Update, Patch for Multiple Security Flaws
by
in SecurityNewsGoogle has released a new security update on the Stable channel, bringing Chrome to version 131.0.6778.204/.205 for Windows and Mac and 131.0.6778.204 for Linux. This update addresses multiple high-severity vulnerabilities, ensuring enhanced safety for users. The rollout will occur gradually over the coming days and weeks. Highlighted Security Fixes The latest Chrome release includes fixes for five vulnerabilities, of…
-
Critical Flaws Expose 25,000 SonicWall Devices to Hackers
by
in SecurityNewsMany SonicWall Firewalls Are Unsupported or Lack Patches for Known Vulnerabilities. Thousands of SonicWall network security devices remain exposed with critical security flaws, including 20,000 running outdated firmware that no longer receives vendor support. Despite patches available for some of these flaws, many organizations continue to run the outdated firmware. First seen on govinfosecurity.com Jump…
-
Vulnerabilities in Azure Data Factory Open Door to Attacks
by
in SecurityNewsAzure Data Factory’s Apache Airflow Integration Flaw Can Expose Cloud Environments. Security researchers say now-resolved vulnerabilities in a Microsoft Azure integration with the Apache Airflow workflow management platform showcase growing sophistication of attackers. Palo Alto Unit 42 researchers said the flaws could allow hackers to deploy malware and steal data. First seen on govinfosecurity.com Jump…
-
Video: Hackers Bypass TSA Security with SQL Injection
We reveal a TSA security flaw that allowed hackers to bypass protocols and access cockpits. Explore the implications of this breach and what can be done. First seen on esecurityplanet.com Jump to article: www.esecurityplanet.com/video/hackers-bypass-tsa-security-with-sql-injection/
-
BeyondTrust Issues Urgent Patch for Critical Vulnerability in PRA and RS Products
by
in SecurityNewsBeyondTrust has disclosed details of a critical security flaw in Privileged Remote Access (PRA) and Remote Support (RS) products that could potentially lead to the execution of arbitrary commands.Privileged Remote Access controls, manages, and audits privileged accounts and credentials, offering zero trust access to on-premises and cloud resources by internal, external, and third-party users. First…
-
A new ransomware regime is now targeting critical systems with weaker networks
by
in SecurityNews
Tags: access, attack, authentication, breach, control, corporate, credentials, cybercrime, data, defense, exploit, extortion, finance, flaw, fortinet, group, infrastructure, law, lockbit, malware, mfa, network, ransomware, risk, tactics, usa, vmware, vpn, vulnerability, zyxelThe year 2024’s ransomware shake-up, fueled by law enforcement crackdowns on giants like LockBit, has shifted focus to critical operations, with major attacks this year hitting targets like Halliburton, TfL, and Arkansas water plant.A Dragos study for the third quarter of 2024 highlighted a surge in activity from new groups like RansomHub, Play, and Fog,…
-
Exploitation of Recent Critical Apache Struts 2 Flaw Begins
by
in SecurityNewsResearchers warn of malicious attacks exploiting a recently patched critical vulnerability in Apache Struts 2 leading to remote code execution (RCE). The post Exploitation of Recent Critical Apache Struts 2 Flaw Begins appeared first on SecurityWeek. First seen on securityweek.com Jump to article: www.securityweek.com/exploitation-of-recent-critical-apache-struts-2-flaw-begins/
-
Patch Alert: Critical Apache Struts Flaw Found, Exploitation Attempts Detected
by
in SecurityNewsThreat actors are attempting to exploit a recently disclosed security flaw impacting Apache Struts that could pave the way for remote code execution.The issue, tracked as CVE-2024-53677, carries a CVSS score of 9.5 out of 10.0, indicating critical severity. The vulnerability shares similarities with another critical bug the project maintainers addressed in December 2023 (CVE-2023-50164,…
-
Meta Fined 251 Million Euros by Irish DPC for ‘View As’ Flaw
by
in SecurityNewsMeta Vows to Appeal. The Irish data regulator fined social media platform Meta 251 million euros over a 2018 hack that exposed sensitive data of millions of European Facebook users, including that of children. The bug was in Facebook’s View As feature permitting a user to see their own profile as it appears to others.…
-
New critical Apache Struts flaw exploited to find vulnerable servers
by
in SecurityNewsA recently patched critical Apache Struts 2 vulnerability tracked as CVE-2024-53677 is actively exploited using public proof-of-concept exploits to find vulnerable devices. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/new-critical-apache-struts-flaw-exploited-to-find-vulnerable-servers/
-
Cleo releases CVE for actively exploited flaw in file-transfer software
by
in SecurityNewsResearchers confirmed a new zero-day vulnerability is separate from a flaw originally disclosed in October. A notorious ransomware group;linked itself to the attacks. First seen on cybersecuritydive.com Jump to article: www.cybersecuritydive.com/news/cleo-exploited-flaw-file-transfer-software/735664/