Tag: flaw
-
5 Modern Computer Safety Tips You Should Know About
by
in SecurityNewsProtecting your computer in the hyper-connected world of today goes beyond merely preventing bothersome viruses. Smarter, quicker, and far more invasive than ever before are modern dangers. Cybercriminals no longer depend on simple strategies; they leverage flaws, fool unsuspecting consumers,… First seen on securityboulevard.com Jump to article: securityboulevard.com/2024/12/5-modern-computer-safety-tips-you-should-know-about/
-
Over 25,000 SonicWall VPN Firewalls exposed to critical flaws
by
in SecurityNewsOver 25,000 publicly accessible SonicWall SSLVPN devices are vulnerable to critical severity flaws, with 20,000 using a SonicOS/OSX firmware version that the vendor no longer supports. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/over-25-000-sonicwall-vpn-firewalls-exposed-to-critical-flaws/
-
U.S. CISA adds Microsoft Windows Kernel-Mode Driver and Adobe ColdFusion flaws to its Known Exploited Vulnerabilities catalog
by
in SecurityNews
Tags: access, adobe, cisa, control, cybersecurity, exploit, flaw, infrastructure, kev, microsoft, vulnerability, windowsU.S. Cybersecurity and Infrastructure Security Agency (CISA) adds Microsoft Windows Kernel-Mode Driver and Adobe ColdFusion flaws to its Known Exploited Vulnerabilities catalog. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) added the Microsoft Windows Kernel-Mode Driver Untrusted Pointer Dereference (CVE-2024-35250) and Adobe ColdFusion Improper Access Control (CVE-2024-20767) vulnerabilities to its Known Exploited Vulnerabilities (KEV) catalog. The…
-
CISA and FBI Raise Alerts on Exploited Flaws and Expanding HiatusRAT Campaign
by
in SecurityNews
Tags: access, adobe, cisa, control, cve, cybersecurity, exploit, flaw, infrastructure, kev, vulnerabilityThe U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Monday added two security flaws to its Known Exploited Vulnerabilities (KEV) catalog, citing evidence of active exploitation in the wild.The list of flaws is below -CVE-2024-20767 (CVSS score: 7.4) – Adobe ColdFusion contains an improper access control vulnerability that could allow an attacker to access or…
-
Security community raises concern as Cleo file-transfer CVE delayed
by
in SecurityNewsAfter the company urged users to patch a critical flaw, researchers are asking about the lack of a CVE and additional guidance. First seen on cybersecuritydive.com Jump to article: www.cybersecuritydive.com/news/security-cleo-file-transfer-cve-delayed/735517/
-
âš¡ THN Weekly Recap: Top Cybersecurity Threats, Tools and Tips
by
in SecurityNewsThis past week has been packed with unsettling developments in the world of cybersecurity. From silent but serious attacks on popular business tools to unexpected flaws lurking in everyday devices, there’s a lot that might have flown under your radar. Attackers are adapting old tricks, uncovering new ones, and targeting systems both large and small.Meanwhile,…
-
Multiple flaws in Volkswagen Group’s infotainment unit allow for vehicle compromise
by
in SecurityNewsResearchers discovered multiple flaws in the infotainment systems of Volkswagen Group vehicles that could allow to track them in real-time. A team of security researchers from cybersecurity firm PCAutomotive discovered multiple vulnerabilities in the infotainment units used in some vehicles of the Volkswagen Group. Remote attackers can exploit the flaws to achieve certain controls and…
-
Immediate patching of actively exploited Cleo flaw urged
by
in SecurityNewsFirst seen on scworld.com Jump to article: www.scworld.com/brief/immediate-patching-of-actively-exploited-cleo-flaw-urged
-
U.S. CISA adds Cleo Harmony, VLTrader, and LexiCom flaw to its Known Exploited Vulnerabilities catalog
by
in SecurityNewsU.S. Cybersecurity and Infrastructure Security Agency (CISA) adds Cleo Harmony, VLTrader, and LexiCom flaw to its Known Exploited Vulnerabilities catalog. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) added the vulnerability CVE-2024-50623 (CVSS score 8.8), which impacts multiple Cleo products to its Known Exploited Vulnerabilities (KEV) catalog. >>Cleo has identified an unrestricted file upload and download vulnerability (CVE-2024-50623)…
-
Critical OpenWrt Vulnerability Exposes Devices to Malicious Firmware Injection
by
in SecurityNewsA security flaw has been disclosed in OpenWrt’s Attended Sysupgrade (ASU) feature that, if successfully exploited, could have been abused to distribute malicious firmware packages.The vulnerability, tracked as CVE-2024-54143, carries a CVSS score of 9.3 out of a maximum of 10, indicating critical severity. Flatt Security researcher RyotaK has been credited with discovering and reporting…
-
Hackers Possibly Stole Personal Data From Bitcoin ATM Operator Byte Federal
Byte Federal says the personal information of 58,000 was compromised after a GitLab flaw allowed attackers to access a server. The post Hackers Possibly Stole Personal Data From Bitcoin ATM Operator Byte Federal appeared first on SecurityWeek. First seen on securityweek.com Jump to article: www.securityweek.com/hackers-possibly-stole-personal-data-from-bitcoin-atm-operator-byte-federal/
-
Cleo patches file transfer zero-day flaw under attack
by
in SecurityNewsCleo published a patch for its Harmony, VLTrader and LexiCom managed file transfer products, which addresses a ‘critical vulnerability’ that’s separate from CVE-2024-50623. First seen on techtarget.com Jump to article: www.techtarget.com/searchsecurity/news/366617274/Cleo-patches-file-transfer-zero-day-flaw-under-attack
-
Several Splunk, Atlassian flaws addressed
by
in SecurityNews
Tags: flawFirst seen on scworld.com Jump to article: www.scworld.com/brief/several-splunk-atlassian-flaws-addressed
-
New Malware Framework Targets Cleo File Systems
by
in SecurityNewsPossible Long-Term Attack by Unknown Hackers Thwarted. Hackers exploiting flaws in Cleo Communications software instances had intimate knowledge of their internals and deployed a previously unknown family of malware, security researchers from Huntress said Thursday. Cleo published a patch Wednesday evening. First seen on govinfosecurity.com Jump to article: www.govinfosecurity.com/new-malware-framework-targets-cleo-file-systems-a-27045
-
NY Health Group Fined $550K in Unpatched Vulnerability Hack
by
in SecurityNewsAG Says HealthAlliance Tried But Failed to Fix Zero-Day Flaw That Led to Exploit. New York State has levied a $550,000 fine against a healthcare group that tried – but failed – to patch a critical zero-day vulnerability in a Citrix NetScaler appliance used for telemedicine. Hackers exploited the flaw, stealing 196 gigabytes of data…
-
Security researchers find deep flaws in CVSS vulnerability scoring system
by
in SecurityNewsThe industrywide method for assessing the severity of vulnerabilities in software and hardware needs to be revised because it provides potential misleading severity assessment, delegates at Black Hat Europe were told Thursday.The Common Vulnerability Scoring System (CVSS) makes use of various metrics to quantify vulnerability severity. A presentation at Black Hat by cybersecurity experts from…
-
Microsoft Windows ‘Best Fit’ character conversion ‘ripe for exploitation’
by
in SecurityNews
Tags: api, application-security, attack, cve, exploit, flaw, injection, malicious, microsoft, mitigation, office, programming, software, switch, technology, tool, vulnerability, windowsSecurity researchers have outlined a novel attack vector that exploits the “Best Fit” character conversion technology built into Windows.The technology comes into play in string conversions, particularly when characters cannot be directly represented in a target character set.However, application security experts Orange Tsai and Splitline Huang from Taiwanese firm DEVCORE used a presentation at Black…
-
Hackers Exploiting Cleo Software Zero-Day
by
in SecurityNewsAttackers Target Managed File Transfer Software Vulnerabilities. File transfer software made by Cleo Communications is under active attack and a patch meant to stymie hackers doesn’t fix the flaw, say security researchers from Huntress. Hackers exploit an arbitrary file-write vulnerability along with a feature that automatically executes files. First seen on govinfosecurity.com Jump to article:…
-
2024 Recap: 8 Notable and Dangerous Chrome Vulnerabilities
by
in SecurityNewsWith a market share of 66.68%, Google Chrome remains a prime target for cyberattacks. In 2024, this widely used browser faced numerous critical Chrome vulnerabilities that put businesses and individuals at risk and led to significant damage. Attackers exploited these flaws to bypass security measures, steal sensitive information, and deploy malicious payloads. Security managers are……
-
Cleo patches critical zero-day exploited in data theft attacks
Cleo has released security updates for a zero-day flaw in its LexiCom, VLTransfer, and Harmony software, currently exploited in data theft attacks. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/cleo-patches-critical-zero-day-exploited-in-data-theft-attacks/
-
Bitcoin ATM firm Byte Federal hacked via GitLab flaw, 58K users exposed
by
in SecurityNewsUS Bitcoin ATM operator Byte Federal has disclosed a data breach that exposed the data of 58,000 customers after its systems were breached using a GitLab vulnerability. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/bitcoin-atm-firm-byte-federal-hacked-via-gitlab-flaw-58k-users-exposed/
-
Chinese Hacker Pwns 81K Sophos Devices With Zero-Day Bug
The US State Department has offered a $10 million reward for Guan Tianfeng, who has been accused of developing and testing a critical SQL injection flaw with a CVSS score of 9.8 used in Sophos attacks. First seen on darkreading.com Jump to article: www.darkreading.com/cyberattacks-data-breaches/chinese-hacker-pwns-81k-sophos-devices-with-zero-day-bug
-
Researchers find security flaws in Skoda cars that may let hackers remotely track them
by
in SecurityNewsSecurity researchers have discovered multiple vulnerabilities in the infotainment units used in some Skoda cars that could allow malicious actors to remotely trigger certain controls and track the cars’ location in real time. PCAutomotive, a cybersecurity firm specializing in the automotive sector, unveiled 12 new security vulnerabilities impacting the latest model of the Skoda Superb…
-
Cleo Patches Exploited Flaw as Security Firms Detail Malware Pushed in Attacks
by
in SecurityNewsCleo has released patches for the exploited vulnerability and security firms have detailed the malware delivered in attacks. The post Cleo Patches Exploited Flaw as Security Firms Detail Malware Pushed in Attacks appeared first on SecurityWeek. First seen on securityweek.com Jump to article: www.securityweek.com/cleo-patches-exploited-flaw-as-security-firms-detail-malware-pushed-in-attacks/
-
WordPress Hunk Companion Plugin Flaw Exploited to Silently Install Vulnerable Plugins
by
in SecurityNewsMalicious actors are exploiting a critical vulnerability in the Hunk Companion plugin for WordPress to install other vulnerable plugins that could open the door to a variety of attacks.The flaw, tracked as CVE-2024-11972 (CVSS score: 9.8), affects all versions of the plugin prior to 1.9.0. The plugin has over 10,000 active installations.”This flaw poses a…
-
Splunk RCE Vulnerability Let Attackers Execute Remote Code
by
in SecurityNewsSplunk, the data analysis and monitoring platform, is grappling with a Remote Code Execution (RCE) vulnerability. This flaw, identified as CVE-2024-53247, affects several versions of Splunk Enterprise and the Splunk Secure Gateway app on the Splunk Cloud Platform. The vulnerability is rated with a CVSSv3.1 score of 8.8, indicating a high severity level that poses…