Tag: vulnerability
-
Android’s December 2024 Security Update Patches 14 Vulnerabilities
by
in SecurityNewsGoogle has released patches for 14 high-severity vulnerabilities as part of Android’s December 2024 security update. The post Android’s December 2024 Security Update Patches 14 Vulnerabilities appeared first on SecurityWeek. First seen on securityweek.com Jump to article: www.securityweek.com/androids-december-2024-security-update-patches-14-vulnerabilities/
-
PoC exploit for critical WhatsUp Gold RCE vulnerability released (CVE-2024-8785)
by
in SecurityNewsResearchers have published a proof-of-concept (PoC) exploit for CVE-2024-8785, a critical remote code execution vulnerability affecting Progress WhatsUp Gold, a popular … First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2024/12/04/poc-exploit-cve-2024-8785-whatsup-gold/
-
Google Chrome Security Update, Patch for High-severity Vulnerability
by
in SecurityNewsGoogle has released a significant security update for its Chrome browser, aiming to address several vulnerabilities and enhance user safety. The Stable channel has been updated to version 131.0.6778.108/.109 for Windows, and Mac, and version 131.0.6778.108 for Linux. These updates will be gradually rolled out to users over the coming days and weeks. According to…
-
Palo Alto Networks skizziert Konvergenz von Cybersicherheit und KI
by
in SecurityNewsDie rasche Integration von KI treibt Innovationen voran, birgt jedoch auch Risiken: Kriminelle suchen nach Möglichkeiten, Schwachstellen auszunutzen. First seen on infopoint-security.de Jump to article: www.infopoint-security.de/palo-alto-networks-skizziert-konvergenz-von-cybersicherheit-und-ki/a39113/
-
U.S. CISA adds ProjectSend, North Grid Proself, and Zyxel firewalls bugs to its Known Exploited Vulnerabilities catalog
by
in SecurityNewsU.S. Cybersecurity and Infrastructure Security Agency (CISA) adds ProjectSend, North Grid Proself, and Zyxel firewalls bugs to its Known Exploited Vulnerabilities catalog. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) added the following vulnerabilities to its Known Exploited Vulnerabilities (KEV) catalog: Proself versions before Ver5.62, Ver1.65, and Ver1.08 are vulnerable to XXE attacks, allowing unauthenticated attackers…
-
Progress WhatsUp Gold RCE Vulnerability PoC Exploit Released
by
in SecurityNewsA registry overwrite remote code execution (RCE) vulnerability has been identified in NmAPI.exe, part of the WhatsUp Gold network monitoring software. This vulnerability, present in versions before 24.0.1, allows an unauthenticated remote attacker to execute arbitrary code on affected systems, posing significant security risks. Vulnerability Details The vulnerability lies within NmAPI.exe, a Windows Communication Foundation…
-
Talent overlooked: embracing neurodiversity in cybersecurity
by
in SecurityNewsIn cybersecurity, diverse perspectives help in addressing complex, emerging threats. Increasingly, there’s a push to recognize that neurodiversity brings significant value to cybersecurity. However, neurodiverse people frequently face systemic barriers that hinder their success in the field.Neurodiversity refers to the way some people’s brains work differently to the neurotypical brain. This includes autism, ADHD (attention…
-
MobSF XSS Vulnerability Let Attackers Inject Malicious Scripts
by
in SecurityNewsA critical vulnerability has been identified in the Mobile Security Framework (MobSF) that allows attackers to inject malicious scripts into the system. This vulnerability, CVE-2024-53999 is a Stored Cross-Site Scripting (XSS) flaw found in the >>Diff or Compare
-
Veeam Issues Patch for Critical RCE Vulnerability in Service Provider Console
by
in SecurityNewsVeeam has released security updates to address a critical flaw impacting Service Provider Console (VSPC) that could pave the way for remote code execution on susceptible instances.The vulnerability, tracked as CVE-2024-42448, carries a CVSS score of 9.9 out of a maximum of 10.0. The company noted that the bug was identified during internal testing.”From the…
-
BlackBerry Highlights Rising Software Supply Chain Risks in Malaysia
by
in SecurityNews
Tags: access, ai, attack, breach, ceo, ciso, communications, compliance, cyber, cyberattack, cybersecurity, data, detection, espionage, finance, framework, government, infrastructure, intelligence, international, Internet, iot, malware, mobile, monitoring, phishing, ransomware, regulation, resilience, risk, skills, software, strategy, supply-chain, threat, tool, training, vulnerabilityIn 2024, BlackBerry unveiled new proprietary research, underscoring the vulnerability of software supply chains in Malaysia and around the world.According to the study, 79% of Malaysian organizations reported cyberattacks or vulnerabilities in their software supply chains during the past 12 months, slightly exceeding the global average of 76%. Alarmingly, 81% of respondents revealed they had…
-
The ASA flaw CVE-2014-2120 is being actively exploited in the wild
by
in SecurityNewsCisco warns customers that a decade-old ASA vulnerability, tracked as CVE-2014-2120, is being actively exploited in the wild. Cisco warns that the decade-old ASA vulnerability CVE-2014-2120 is being actively exploited in attacks in the wild, and urges customers to review the updated advisory. The vulnerability resides in the WebVPN login page of Cisco Adaptive Security…
-
16 Zero-Days Uncovered in Fuji Electric Monitoring Software
by
in SecurityNewsFlaws in Fuji’s Tellus and V-Server Software Pose Risks to Critical Infrastructure. Security researchers have uncovered 16 zero-day vulnerabilities in Japanese equipment manufacturer Fuji Electric’s Tellus and V-Server remote monitoring software that enable attackers to execute malicious code in devices commonly used by utilities and other critical infrastructure providers. First seen on govinfosecurity.com Jump to…
-
Decade-Old Cisco Vulnerability Under Active Exploit
by
in SecurityNewsCisco encourages users to update to an unaffected version of its Adaptive Security Appliance (ASA) software since there are no workarounds for the 2014 vulnerability. First seen on darkreading.com Jump to article: www.darkreading.com/vulnerabilities-threats/decade-old-cisco-vulnerability-exploit
-
Veeam warns of critical RCE bug in Service Provider Console
by
in SecurityNewsVeeam released security updates today to address two Service Provider Console (VSPC) vulnerabilities, including a critical remote code execution (RCE) discovered during internal testing. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/veeam-warns-of-critical-rce-bug-in-service-provider-console/
-
Data Vigilante Leaks 772K Employee Records from Top Firms and 12.3M-Row Database
by
in SecurityNewsA massive data leak linked to the MOVEit vulnerability has exposed millions of employee records from major companies. Learn about the impact of this leak, the role of the “data vigilante” Nam3L3ss. First seen on hackread.com Jump to article: hackread.com/data-vigilante-leaks-772k-employee-record-database/
-
Veeam plugs serious holes in Service Provider Console (CVE-2024-42448, CVE-2024-42449)
by
in SecurityNewsVeeam has fixed two vulnerabilities in Veeam Service Provider Console (VSPC), one of which (CVE-2024-42448) may allow remote attackers to achieve code exection on the VSPC … First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2024/12/03/vspc-vulnerabilities-cve-2024-42448-cve-2024-42449/
-
Ransomware’s Grip on Healthcare
by
in SecurityNewsUntil C-level executives fully understand potential threats and implement effective mitigation strategies, healthcare organizations will remain vulnerable and at risk of disruption. First seen on darkreading.com Jump to article: www.darkreading.com/cyberattacks-data-breaches/ransomware-grip-healthcare
-
Cisco Warns of Exploitation of Decade-Old ASA WebVPN Vulnerability
by
in SecurityNewsCisco on Monday updated an advisory to warn customers of active exploitation of a decade-old security flaw impacting its Adaptive Security Appliance (ASA).The vulnerability, tracked as CVE-2014-2120 (CVSS score: 4.3), concerns a case of insufficient input validation in ASA’s WebVPN login page that could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS)…
-
SmokeLoader picks up ancient MS Office bugs to pack fresh credential stealer
by
in SecurityNewsThreat actors are using a well-known modular malware loader, SmokeLoader, to exploit known Microsoft Office vulnerabilities and steal sensitive browser credentials.The loader which runs a framework to deploy multiple malware modules, was observed by Fortinet’s FortiGuard Labs in attacks targeting manufacturing, healthcare, and IT companies in Taiwan.”SmokeLoader, known for its ability to deliver other malicious…
-
The Decentralized SaaS Adoption Trend: Why This Poses a Risk to Organizations and Identities
by
in SecurityNewsWhen departments independently adopt SaaS applications, the security team often loses visibility and control, making these environments highly vulnerable to attacks. First seen on securityboulevard.com Jump to article: securityboulevard.com/2024/12/the-decentralized-saas-adoption-trend-why-this-poses-a-risk-to-organizations-and-identities/
-
EU enacts new laws to strengthen cybersecurity defenses and coordination
by
in SecurityNews
Tags: ai, compliance, cyber, cybersecurity, data, defense, framework, healthcare, infrastructure, law, network, penetration-testing, privacy, regulation, risk, service, soc, technology, threat, vulnerabilityThe European Union has enacted two new laws to bolster its cybersecurity defenses and coordination mechanisms. The measures, part of the cybersecurity legislative package, include the Cyber Solidarity Act and amendments to the Cybersecurity Act (CSA).These steps aim to improve the EU’s ability to detect, prepare for, and respond to cyber threats while fostering uniformity…
-
Cisco Warns of Attacks Exploiting Decade-Old ASA Vulnerability
by
in SecurityNewsCisco has updated an advisory for CVE-2014-2120 to warn customers that the vulnerability has been exploited in the wild. The post Cisco Warns of Attacks Exploiting Decade-Old ASA Vulnerability appeared first on SecurityWeek. First seen on securityweek.com Jump to article: www.securityweek.com/cisco-warns-of-attacks-exploiting-decade-old-asa-vulnerability/
-
Salesforce Applications Vulnerability Could Allow Full Account Takeover
by
in SecurityNewsA critical vulnerability has been discovered in Salesforce applications that could potentially allow a full account takeover. The vulnerability, uncovered during a penetration testing exercise, hinges on misconfigurations within Salesforce Communities, particularly exploiting the Salesforce Lightning component framework. The implications of this vulnerability are severe, affecting both data security and privacy. Attackers could gain access…
-
CERT-In Alerts Multiple Vulnerabilities in Drupal Expose Systems
by
in SecurityNewsThe Indian Computer Emergency Response Team (CERT-In) issued a Vulnerability Note CIVN-2024-0353 highlighting several critical vulnerabilities within the widely used content management system (CMS), Drupal. The Drupal vulnerabilities, spanning versions from 7 to 11, have been First seen on thecyberexpress.com Jump to article: thecyberexpress.com/cert-in-alerts-drupal-vulnerabilities/
-
BootKitty Linux UEFI bootkit spotted exploiting LogoFAIL flaws
by
in SecurityNewsThe ‘Bootkitty’ Linux UEFI bootkit exploits the LogoFAIL flaws (CVE-2023-40238) to target systems using vulnerable firmware. Cybersecurity researchers from ESET recently discovered the first UEFI bootkit designed to target Linux systems, called by its authors Bootkitty. The bootkit allows attackers to disable the kernel’s signature verification feature and to preload two as yet unknown ELF…
-
Upwind Raises $100M to Thwart Cloud Security Vulnerabilities
by
in SecurityNewsFirm Focuses on Runtime Context, AI Enhancements to Counter Evolving Cloud Threats. With $100 million in Series A funding, Upwind plans to strengthen its runtime and AI-powered cloud security platform. CEO Amiram Shachar outlines the company’s investments in engineering, customer engagement and scaling solutions to address vulnerabilities like misconfigurations and insecure APIs. First seen on…