Tag: vulnerability
-
Security Advisory: CVE-2024-45519
by
in SecurityNewsSummary CVE-2024-45519 is a critical security vulnerability discovered in the postjournal service of Zimbra Collaboration Suite, a popular email and c… First seen on research.kudelskisecurity.com Jump to article: research.kudelskisecurity.com/2024/10/02/security-advisory-cve-2024-45519/
-
Kubernetes Image Builder Vulnerabilities
by
in SecurityNewsSummary Recently released were two vulnerabilities, CVE-2024-9486 (CVSS 9.8) and CVE-2024-9594 (CVSS 6.3), that impact the Kubernetes Image Builder. T… First seen on research.kudelskisecurity.com Jump to article: research.kudelskisecurity.com/2024/10/17/kubernetes-image-builder-vulnerabilities/
-
Splunk Enterprise Multiple Vulnerabilities for RCE
by
in SecurityNewsSummary Splunk has disclosed several high-severity vulnerabilities in Splunk Enterprise and Splunk Cloud Platform, which allowattackers to execute rem… First seen on research.kudelskisecurity.com Jump to article: research.kudelskisecurity.com/2024/10/16/splunk-enterprise-multiple-vulnerabilities-for-rce/
-
Blind SSRF to RCE Vulnerability Exploitation
by
in SecurityNewsFirst seen on resecurity.com Jump to article: www.resecurity.com/blog/article/blind-ssrf-to-rce-vulnerability-exploitation
-
regreSSHion Vulnerability: CVE-2024-6387 in OpenSSH
by
in SecurityNewsid=introduction>Introduction OpenSSH stands as a cornerstone for secure remote administration. However, recent findings have found a vulnerability… First seen on thefinalhop.com Jump to article: www.thefinalhop.com/regresshion-vulnerability-cve-2024-6387-in-openssh/
-
Vulnerabilities in E-Commerce Solutions – Hunting on Big Apples
by
in SecurityNewsFirst seen on resecurity.com Jump to article: www.resecurity.com/blog/article/vulnerabilities-in-e-commerce-solutions-hunting-on-big-apples
-
LogoKit update The phishing kit leveraging Open Redirect Vulnerabilities
by
in SecurityNewsFirst seen on resecurity.com Jump to article: www.resecurity.com/blog/article/logokit-update-the-phishing-kit-leveraging-open-redirect-vulnerabilities
-
RomCom nutzt Firefox und WindowsDay-Schwachstellen aus
by
in SecurityNewsESET Forscher finden bisher unbekannte Sicherheitslücke in Mozilla-Produkten und eine weitere Schwachstelle in Microsoft Windows, die in einem Zero-Click-Exploit kombiniert wurde First seen on welivesecurity.com Jump to article: www.welivesecurity.com/de/eset-research/romcom-nutzt-firefox-und-windows-zero-day-schwachstellen-aus/
-
CVE-2023-48022: ShadowRay Flaw a Critical Threat to AI Infrastructure
by
in SecurityNewsThe Oligo research team recently uncovered an ongoing attack campaign, dubbed ShadowRay, targeting a vulnerability in Ray, a widely utilized open-sour… First seen on sensorstechforum.com Jump to article: sensorstechforum.com/cve-2023-48022-shadowray/
-
CVE-2024-21388 Enables Silent Installation of Malicious Extensions
by
in SecurityNewsA recently patched security vulnerability in Microsoft Edge could have allowed malicious actors to stealthily install arbitrary extensions on users’ s… First seen on sensorstechforum.com Jump to article: sensorstechforum.com/cve-2024-21388-edge-flaw/
-
CVE-2024-28085: Linux Flaw Could Leak Passwords
by
in SecurityNewsA recently identified vulnerability affecting the >>wall
-
HTTP/2 Flaw Puts Web Servers at Risk of DoS Attacks [CVE-2024-27983]
by
in SecurityNewsA new research conducted by security expert Bartek Nowotarski has unearthed a potential vulnerability in the HTTP/2 protocol. Known as the CONTINUATIO… First seen on sensorstechforum.com Jump to article: sensorstechforum.com/http2-flaw-dos-attacks-cve-2024-27983/
-
Atlassian Vulnerability Used to Deploy Linux Variant of Cerber Ransomware
by
in SecurityNewsThreat actors are exploiting critical vulnerabilities in Atlassian servers to deploy a Linux variant of Cerber ransomware. This exploitation, centered… First seen on sensorstechforum.com Jump to article: sensorstechforum.com/atlassian-vulnerability-cerber-ransomware/
-
CVE-2024-5035: Critical Flaw in TP-Link Archer C5400X Gaming Router
by
in SecurityNewsSecurity researchers identified a critical security vulnerability in the TP-Link Archer C5400X gaming router, which could easily allow remote code exe… First seen on sensorstechforum.com Jump to article: sensorstechforum.com/cve-2024-5035-tp-link-archer-c5400x/
-
Over a Million Domains Vulnerable to Sitting Ducks DNS Attack
by
in SecurityNewsA new type of DNS attack puts millions of domains at risk of malware and hijacking, a recent report finds. A joint analysis by Infoblox and Eclypsium … First seen on sensorstechforum.com Jump to article: sensorstechforum.com/sitting-ducks-attack-vulnerable-domains/
-
CVE-2024-38193 Exploited by Lazarus Group in Targeted Attacks
by
in SecurityNewsA newly patched security vulnerability in Microsoft Windows has been actively exploited by the Lazarus Group, a notorious state-sponsored hacking grou… First seen on sensorstechforum.com Jump to article: sensorstechforum.com/cve-2024-38193-lazarus-group/
-
Hackers Can Secretly Access ThinkPad Webcams by Disabling LED Indicator Light
by
in SecurityNewsIn a presentation at the POC 2024 conference, cybersecurity expert Andrey Konovalov revealed a novel method for covertly disabling the LED indicator of the ThinkPad X230’s webcam, highlighting ongoing vulnerabilities in USB-connected devices. Like many laptops, the ThinkPad X230 has a built-in webcam that connects via USB. During his presentation, Konovalov detailed his journey of…
-
Windows Server 2012: Inoffizieller 0patch-Fix für MoW 0-day-Schwachstelle
by
in SecurityNewsACROS Security hat einen Fix für eine bisher unbekannte 0-day-Schwachstelle in der Mark of the Web-Sicherheitsfunktion von Windows Server 2012 und Server 2012 R2 entwickelt. Der Fix steht Kunden über einen 0patch Micro-Patch zur Verfügung und ermöglicht die betreffenden Installationen … First seen on borncity.com Jump to article: www.borncity.com/blog/2024/11/30/windows-server-2012-inoffizieller-0patch-fix-fuer-mow-0-day-schwachstelle/
-
New Windows Server 2012 zero-day gets free, unofficial patches
by
in SecurityNewsFree unofficial security patches have been released through the 0patch platform to address a zero-day vulnerability introduced over two years ago in the Windows Mark of the Web (MotW) security mechanism. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/new-windows-server-2012-zero-day-gets-free-unofficial-patches/
-
Warning: Patch Advantech Industrial Wireless Access Points
by
in SecurityNewsResearchers Discover 20 Critical Flaws Attackers Could Exploit in a Variety of Ways. Researchers identified 20 critical vulnerabilities in a type of Advantech industrial-grade wireless access point that’s widely deployed across critical infrastructure environments. Attackers could exploit the flaws to remotely executive code and create denials of service. First seen on govinfosecurity.com Jump to article:…
-
DoS und Spoofing möglich – Kritische Schwachstellen in PHP gefährden Webseiten
by
in SecurityNewsFirst seen on security-insider.de Jump to article: www.security-insider.de/sicherheitsupdates-php-entwickler-cve-2024-1874-a-8c4147f7ee335ada0705513bdb99a408/
-
Critical ICS Vulnerabilities Discovered in Schneider Electric, mySCADA, and Automated Logic Products
by
in SecurityNewsA recent Cyble ICS vulnerabilities report sheds light on several critical vulnerabilities in industrial control systems (ICS) from major vendors including Schneider Electric, mySCADA, and Automated Logic. First seen on thecyberexpress.com Jump to article: thecyberexpress.com/ics-vulnerabilities-reported-this-week/
-
600,000+ Sensitive Records Exposed From Background Checks Service Provider
by
in SecurityNewsA publicly exposed database has left the sensitive information of hundreds of thousands of individuals vulnerable to potential misuse. Not protected by passwords or encryption, the database contained 644,869 PDF files, totaling 713.1 GB, exposing a treasure trove of personal information. The data, mostly labeled as >>background checks,
-
Popular game script spoofed to infect thousands of game developers
by
in SecurityNewsA malware loader, now named GodLoader, has been observed to be using Godot, a free and open-source game engine, as its runtime to execute malicious codes and has dropped known malware on at least 17,000 machines.Unaware users of the engine, which helps create 2D and 3D games and deploy them across various platforms including Windows,…
-
Microsoft Fixes AI, Cloud, and ERP Security Flaws; One Exploited in Active Attacks
by
in SecurityNewsMicrosoft has addressed four security flaws impacting its artificial intelligence (AI), cloud, enterprise resource planning, and Partner Center offerings, including one that it said has been exploited in the wild.The vulnerability that has been tagged with an “Exploitation Detected” assessment is CVE-2024-49035 (CVSS score: 8.7), a privilege escalation flaw in partner.microsoft[.]com.”An First seen on thehackernews.com…
-
Zyxel Firewalls Targeted by Helldown Ransomware: CVE-2024-11667 Exploited
by
in SecurityNewsZyxel Firewalls have become a key target in recent cyberattacks, with attackers exploiting a critical vulnerability to deploy the dangerous Helldown ransomware. The German CERT (CERT-Bund) has issued a warning alongside Zyxel detailing the extent of these attacks and outlining immediate steps that organizations must take to protect their network devices. First seen on thecyberexpress.com…
-
Acronis: Diese Cyber-Bedrohungen werden sich in 2025 verschärfen
by
in SecurityNewsBei der Untersuchung der diesjährigen Entwicklungen wird deutlich, dass Cyberkriminelle ihre Angriffsvektoren immer weiter verfeinern, was auf eine Kombination aus technologischen Fortschritten und einem tieferen Verständnis der Schwachstellen von Unternehmen zurückzuführen ist. First seen on infopoint-security.de Jump to article: www.infopoint-security.de/acronis-diese-cyber-bedrohungen-werden-sich-in-2025-verschaerfen/a39093/
-
Sicherheitsrisiken in Cloud-Umgebungen – Schwachstellen-Kombination macht Angriffe wahrscheinlicher
by
in SecurityNewsFirst seen on security-insider.de Jump to article: www.security-insider.de/cloud-risk-report-2024-risiken-cloud-umgebungen-a-31b29d1ebdec694b8ecf4775de1dc86c/
-
Zyxel Firewall Vulnerability Actively Exploited in Attacks
by
in SecurityNewsZyxel has announced awareness of active exploitation attempts by threat actors targeting their firewall products. This follows a detailed report by cybersecurity firm Sekoia highlighting vulnerabilities previously disclosed in Zyxel’s systems. The company has responded swiftly to these potential threats, aiming to safeguard its users through vital firmware updates and security enhancements. CVE-2024-11667: The Vulnerability…