Tag: flaw
-
Week in review: Veeam Service Provider Console flaws fixed, Patch Tuesday forecast
by
in SecurityNewsHere’s an overview of some of last week’s most interesting news, articles, interviews and videos: Veeam plugs serious holes in Service Provider Console (CVE-2024-42448, … First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2024/12/08/week-in-review-veeam-service-provider-console-flaws-fixed-patch-tuesday-forecast/
-
Micropatchers share 1-instruction fix for NTLM hash leak flaw in Windows 7+
Microsoft’s OS sure loves throwing your creds at remote systems First seen on theregister.com Jump to article: www.theregister.com/2024/12/06/opatch_zeroday_microsoft/
-
Spyware Campaign Targets Sino Minority Groups via WeChat
by
in SecurityNewsPossible Chinese-state sponsored Exploit Kit Using Browser Flaws to Deploy Spyware. A possible Chinese-state threat group is targeting vulnerabilities in messaging apps to deliver spyware in cross-platform devices used by members of ethnic minorities targeted for repression by Beijing. Trend Micro dubs the group Earth Minotaur. First seen on govinfosecurity.com Jump to article: www.govinfosecurity.com/spyware-campaign-targets-sino-minority-groups-via-wechat-a-26998
-
Exploit published for critical Progress WhatsUp Gold flaw
by
in SecurityNewsFirst seen on scworld.com Jump to article: www.scworld.com/brief/exploit-published-for-critical-progress-whatsup-gold-flaw
-
Researchers Uncover Flaws in Popular Open-Source Machine Learning Frameworks
by
in SecurityNewsCybersecurity researchers have disclosed multiple security flaws impacting open-source machine learning (ML) tools and frameworks such as MLflow, H2O, PyTorch, and MLeap that could pave the way for code execution.The vulnerabilities, discovered by JFrog, are part of a broader collection of 22 security shortcomings the supply chain security company first disclosed last month.Unlike the first…
-
SonicWall Patches 6 Vulnerabilities in Secure Access Gateway
by
in SecurityNewsSonicWall has released patches for multiple high-severity flaws in the SMA100 SSL-VPN secure access gateway. The post SonicWall Patches 6 Vulnerabilities in Secure Access Gateway appeared first on SecurityWeek. First seen on securityweek.com Jump to article: www.securityweek.com/sonicwall-patches-6-vulnerabilities-in-secure-access-gateway/
-
Hundred of CISCO switches impacted by bootloader flaw
by
in SecurityNewsA bootloader vulnerability in Cisco NX-OS affects 100+ switches, allowing attackers to bypass image signature checks. Cisco released security patches for a vulnerability, tracked as CVE-2024-20397 (CVSS score of 5.2), in the NX-OS software’s bootloader that could be exploited by attackers to bypass image signature verification. >>A vulnerability in the bootloader of Cisco NX-OS Software could…
-
Windows NTLM Zero-Day Vulnerability Exposes User Credentials
by
in SecurityNewsA critical zero-day vulnerability affecting all modern Windows Workstation and Server versions has been discovered. The flaw enables attackers to steal NTLM credentials with minimal user interaction, posing a significant security risk. It impacts systems from Windows 7 and Server 2008 R2 to the latest Windows 11 (v24H2) and Server 2022. The vulnerability allows attackers…
-
Mitel MiCollab zero-day flaw gets proof-of-concept exploit
by
in SecurityNewsResearchers have uncovered an arbitrary file read zero-day in the Mitel MiCollab collaboration platform, allowing attackers to access files on a server’s filesystem. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/mitel-micollab-zero-day-flaw-gets-proof-of-concept-exploit/
-
Veeam Urges Immediate Update to Patch Severe Vulnerabilities
by
in SecurityNewsVeeam has released patches for critical VSPC flaws, requiring immediate attention from affected service providers First seen on infosecurity-magazine.com Jump to article: www.infosecurity-magazine.com/news/veeam-urges-update-patch/
-
CISA Warns of Zyxel Firewalls, CyberPanel, North Grid, ProjectSend Flaws Exploited in Wild
by
in SecurityNews
Tags: cisa, cve, cyber, cybersecurity, exploit, firewall, flaw, Hardware, infrastructure, mitigation, software, vulnerability, zyxelThe Cybersecurity and Infrastructure Security Agency (CISA) has issued warnings about several vulnerabilities being actively exploited in the wild. The vulnerabilities affect popular software and hardware products, including Zyxel firewalls, CyberPanel, North Grid, and ProjectSend. Organizations using these products are urged to apply mitigations immediately or discontinue usage if fixes are unavailable. CVE-2024-51378: CyberPanel Incorrect…
-
CISA Warns of Active Exploitation of Flaws in Zyxel, ProjectSend, and CyberPanel
by
in SecurityNewsThe U.S. Cybersecurity and Infrastructure Security Agency (CISA) added multiple security flaws affecting products from Zyxel, North Grid Proself, ProjectSend, and CyberPanel to its Known Exploited Vulnerabilities (KEV) catalog, citing evidence of active exploitation in the wild.The list of vulnerabilities is as follows -CVE-2024-51378 (CVSS score: 10.0) – An incorrect default permissions First seen on…
-
European law enforcement breaks high-end encryption app used by suspects
by
in SecurityNews
Tags: awareness, backdoor, ciso, communications, computing, crime, crimes, cryptography, data, defense, encryption, endpoint, exploit, flaw, group, hacker, infrastructure, international, jobs, law, malware, monitoring, service, technology, threat, tool, vulnerabilityA group of European law enforcement agencies were able to crack a high-level encryption app that a group of suspects created to avoid law enforcement monitoring, according to a statement issued Tuesday by Europol. Europol, understandably, did not provide any specifics about how they broke the app, but encryption experts said that the most likely method…
-
Veeam addressed critical Service Provider Console (VSPC) bug
by
in SecurityNewsVeeam addressed a critical vulnerability in Service Provider Console (VSPC) that could allow remote attackers to execute arbitrary code. Veeam released security updates for a critical vulnerability, tracked as CVE-2024-42448 (CVSS score of 9.9) impacting Service Provider Console. Successful exploitation of the flaw can potentially lead to remote code execution on vulnerable installs. Veeam Service…
-
Japan warns of IO-Data zero-day router flaws exploited in attacks
by
in SecurityNewsJapan’s CERT is warning that hackers are exploiting zero-day vulnerabilities in I-O Data router devices to modify device settings, execute commands, or even turn off the firewall. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/japan-warns-of-io-data-zero-day-router-flaws-exploited-in-attacks/
-
MobSF XSS Vulnerability Let Attackers Inject Malicious Scripts
by
in SecurityNewsA critical vulnerability has been identified in the Mobile Security Framework (MobSF) that allows attackers to inject malicious scripts into the system. This vulnerability, CVE-2024-53999 is a Stored Cross-Site Scripting (XSS) flaw found in the >>Diff or Compare
-
Talent overlooked: embracing neurodiversity in cybersecurity
by
in SecurityNewsIn cybersecurity, diverse perspectives help in addressing complex, emerging threats. Increasingly, there’s a push to recognize that neurodiversity brings significant value to cybersecurity. However, neurodiverse people frequently face systemic barriers that hinder their success in the field.Neurodiversity refers to the way some people’s brains work differently to the neurotypical brain. This includes autism, ADHD (attention…
-
Veeam Issues Patch for Critical RCE Vulnerability in Service Provider Console
by
in SecurityNewsVeeam has released security updates to address a critical flaw impacting Service Provider Console (VSPC) that could pave the way for remote code execution on susceptible instances.The vulnerability, tracked as CVE-2024-42448, carries a CVSS score of 9.9 out of a maximum of 10.0. The company noted that the bug was identified during internal testing.”From the…
-
The ASA flaw CVE-2014-2120 is being actively exploited in the wild
by
in SecurityNewsCisco warns customers that a decade-old ASA vulnerability, tracked as CVE-2014-2120, is being actively exploited in the wild. Cisco warns that the decade-old ASA vulnerability CVE-2014-2120 is being actively exploited in attacks in the wild, and urges customers to review the updated advisory. The vulnerability resides in the WebVPN login page of Cisco Adaptive Security…
-
16 Zero-Days Uncovered in Fuji Electric Monitoring Software
by
in SecurityNewsFlaws in Fuji’s Tellus and V-Server Software Pose Risks to Critical Infrastructure. Security researchers have uncovered 16 zero-day vulnerabilities in Japanese equipment manufacturer Fuji Electric’s Tellus and V-Server remote monitoring software that enable attackers to execute malicious code in devices commonly used by utilities and other critical infrastructure providers. First seen on govinfosecurity.com Jump to…
-
CyberRatings report exposes critical flaws in cloud-native firewalls
by
in SecurityNewsFirst seen on scworld.com Jump to article: www.scworld.com/brief/cyberratings-report-exposes-critical-flaws-in-cloud-native-firewalls
-
Exploit released for critical WhatsUp Gold RCE flaw, patch now
by
in SecurityNewsA proof-of-concept (PoC) exploit for a critical-severity remote code execution flaw in Progress WhatsUp Gold has been published, making it critical to install the latest security updates as soon as possible. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/exploit-released-for-critical-whatsup-gold-rce-flaw-patch-now/
-
Cisco Warns of Exploitation of Decade-Old ASA WebVPN Vulnerability
by
in SecurityNewsCisco on Monday updated an advisory to warn customers of active exploitation of a decade-old security flaw impacting its Adaptive Security Appliance (ASA).The vulnerability, tracked as CVE-2014-2120 (CVSS score: 4.3), concerns a case of insufficient input validation in ASA’s WebVPN login page that could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS)…