Tag: vulnerability
-
Microsoft’s April 2025 bumper Patch Tuesday corrects 124 bugs
by
in SecurityNewsMicrosoft is correcting 124 vulnerabilities in its March Patch Tuesday, one of which is being actively exploited in the wild, and 11 of which are ‘critical’ First seen on computerweekly.com Jump to article: www.computerweekly.com/news/366622332/Microsofts-April-2025-bumper-Patch-Tuesday-corrects-124-bugs
-
CrushFTP Vulnerability Sees Active Exploitation Amid Disclosure Controversy
by
in SecurityNewsFirst seen on scworld.com Jump to article: www.scworld.com/brief/crushftp-vulnerability-sees-active-exploitation-amid-disclosure-controversy
-
Microsoft Warns Ransomware Actors Exploiting Windows Flaw
by
in SecurityNewsTech Giant Says Threat Actors Are Exploiting a Flaw in Widely-Targeted Windows Tool. Ransomware threat actors are exploiting a zero-day vulnerability discovered in a highly targeted Windows logging system tool in a campaign in part targeting U.S. IT and real estate sectors, Microsoft confirmed in a Tuesday blog post urging customers to apply available patches.…
-
Windows CLFS Vulnerability Could Lead to ‘Widespread Deployment and Detonation of Ransomware’
by
in SecurityNewsMicrosoft warns CVE-2025-29824 lets attackers with user access escalate privileges to deploy ransomware via a flaw in Windows CLFS. First seen on techrepublic.com Jump to article: www.techrepublic.com/article/news-microsoft-windows-common-log-file-system-vulnerability/
-
Critical Fortinet FortiSwitch flaw allows remote attackers to change admin passwords
by
in SecurityNewsFortinet addressed a critical vulnerability in its FortiSwitch devices that can be exploited to change administrator passwords remotely. Fortinet has released security updates to address a critical vulnerability, tracked as CVE-2024-48887 (CVSS score 9.8), in its FortiSwitch devices. A remote attacker can exploit the vulnerability to change administrator passwords. >>An unverified password change vulnerability [CWE-620]…
-
Exploited Windows zero-day addressed on April Patch Tuesday
by
in SecurityNewsMicrosoft delivers fixes for 121 vulnerabilities with 11 rated critical this month. Admins will have extra mitigation work to correct three flaws. First seen on techtarget.com Jump to article: www.techtarget.com/searchwindowsserver/news/366622229/Exploited-Windows-zero-day-addressed-on-April-Patch-Tuesday
-
Patch Tuesday Update April 2025
by
in SecurityNewsIn total, including third-party CVEs, in this Patch Tuesday edition, Microsoft published 134 CVEs, including 9 republished CVEs. Overall, Microsoft announced one Zero-Day, 11 Critical, and 113 Important vulnerabilities. From an Impact perspective, Escalation of Privilege (EoP) vulnerabilities accounted for 39%, followed by Remote Code Execution (RCE) at 28% and Information Disclosure (ID) at 13%….…
-
Google launches unified enterprise security platform, announces AI security agents
by
in SecurityNewsCloud security enhancements: The Google Cloud Platform (GCP) Security Command Center will gain new capabilities for protecting cloud workloads, especially those related to AI model use.Model Armor, a feature that’s part of GCP’s existing AI Protection service, will allow customers to apply content safety and security controls to prompts that are sent to self-hosted AI…
-
Fortinet FortiSwitch Unverified Password Change Vulnerability (CVE-2024-48887)
by
in SecurityNewsSummary On April 8, 2025, Fortinet disclosed a critical vulnerability affecting multiple versions of FortiSwitch, tracked asCVE-2024-48887. This vulnerability is anunverified password change vulnerabilityin the First seen on research.kudelskisecurity.com Jump to article: research.kudelskisecurity.com/2025/04/09/fortinet-fortiswitch-unverified-password-change-vulnerability-cve-2024-48887/
-
Critical FortiSwitch flaw lets hackers change admin passwords remotely
by
in SecurityNewsFortinet has released security patches for a critical vulnerability in its FortiSwitch devices that can be exploited to change administrator passwords remotely. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/critical-fortiswitch-flaw-lets-hackers-change-admin-passwords-remotely/
-
Outlook 2016: Kalender-Zugriff nach April 2025-Update KB5002700 gesperrt
by
in SecurityNewsZum 8. April 2025 hat Microsoft das Office-Update KB5002700 veröffentlicht, um eine Reihe Schwachstellen in Microsoft Office 2016 zu schließen. Nach Installation dieses Updates ist kein Zugriff auf dem Kalender mehr möglich. Es gibt aber einen schnellen Workaround, einfach die … First seen on borncity.com Jump to article: www.borncity.com/blog/2025/04/09/outlook-2016-kalender-zugriff-nach-april-2025-update-kb5002700-gesperrt/
-
Microsoft Security Update Summary (8. April 2025)
by
in SecurityNewsMicrosoft hat am 8. April 2025Sicherheitsupdates für Windows-Clients und -Server, für Office sowie für weitere Produkte veröffentlicht. Die Sicherheitsupdates beseitigen 121 Schwachstellen (CVEs), eine davon wurde als 0-day klassifiziert. Diese Schwachstelle wurde bereits angegriffen. Nachfolgend findet sich ein … First seen on borncity.com Jump to article: www.borncity.com/blog/2025/04/09/microsoft-security-update-summary-8-april-2025/
-
Patchday: Windows 10/11 Updates (8. April 2025)
by
in SecurityNewsAm 8. April 2025 (zweiter Dienstag im Monat, Patchday bei Microsoft) hat Microsoft kumulative Updates für die noch unterstützten Client-Betriebssystem-Versionen von Windows 10 und Windows 11 veröffentlicht. Hier einige Details zu diesen Updates, die Schwachstellen sowie Probleme beheben sollen. Updates … First seen on borncity.com Jump to article: www.borncity.com/blog/2025/04/09/patchday-windows-10-11-updates-8-april-2025/
-
ICS Patch Tuesday: Vulnerabilities Addressed by Rockwell, ABB, Siemens, Schneider
by
in SecurityNewsIndustrial giants Siemens, Rockwell, Schneider and ABB have released their March 2025 Patch Tuesday ICS security advisories. The post ICS Patch Tuesday: Vulnerabilities Addressed by Rockwell, ABB, Siemens, Schneider appeared first on SecurityWeek. First seen on securityweek.com Jump to article: www.securityweek.com/ics-patch-tuesday-vulnerabilities-addressed-by-rockwell-abb-siemens-schneider/
-
CISA Urges Urgent Patching for Exploited CentreStack, Windows Zero-Days
by
in SecurityNewsCISA has added fresh CentreStack and Windows CLFS vulnerabilities to the Known Exploited Vulnerabilities catalog. The post CISA Urges Urgent Patching for Exploited CentreStack, Windows Zero-Days appeared first on SecurityWeek. First seen on securityweek.com Jump to article: www.securityweek.com/cisa-urges-urgent-patching-for-exploited-centrestack-windows-zero-days/
-
New Mirai Botnet Variant Exploits TVT DVRs to Gain Admin Control
by
in SecurityNewsGreyNoise has noted a sharp escalation in hacking attempts targeting TVT NVMS9000 Digital Video Recorders (DVRs). The surge in malicious activity, peaking on April 3, 2025, with over 2,500 unique IP addresses, suggests a new variant of the notorious Mirai botnet is at play, exploiting an information disclosure vulnerability to seize administrative control over these…
-
Whatsapp plugs bug allowing RCE with spoofed filenames
by
in SecurityNewsWhatsapp makes for a popular attack vector: Whatsapp has been frequently targeted in the past for its popularity as an encrypted chatting platform. With over 10 billion downloads on Google Play Store alone, the platform makes for a lucrative target for threat actors.A similar security oversight was reported in July 2024 to be affecting the…
-
U.S. CISA adds Gladinet CentreStack and ZTA Microsoft Windows Common Log File System (CLFS) Driver flaws to its Known Exploited Vulnerabilities catalog
by
in SecurityNews
Tags: cisa, cve, cybersecurity, exploit, flaw, infrastructure, kev, microsoft, vulnerability, windowsU.S. Cybersecurity and Infrastructure Security Agency (CISA) adds Gladinet CentreStack and ZTA Microsoft Windows Common Log File System (CLFS) Driver flaws to its Known Exploited Vulnerabilities catalog. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) added Gladinet CentreStack and ZTA Microsoft Windows Common Log File System (CLFS) Driver flaws, respectively tracked as CVE-2025-30406 and CVE-2025-29824, to its…
-
Windows Kerberos Vulnerability Enables Security Feature Bypass
by
in SecurityNewsMicrosoft has disclosed a new security vulnerability in Windows operating systems, tracked as CVE-2025-29809. This flaw, classified withImportantseverity, impacts the Kerberos authentication protocol, potentially enabling attackers to bypass critical security features. The vulnerability stems from weaknesses described underCWE-922: Insecure Storage of Sensitive Information, making it a pressing concern for organizations relying on Kerberos for secure authentication.…
-
Is HR running your employee security training? Here’s why that’s not always the best idea
by
in SecurityNews
Tags: attack, awareness, best-practice, breach, business, ciso, communications, compliance, cyber, cybersecurity, data, finance, guide, healthcare, privacy, resilience, risk, security-incident, service, threat, training, vulnerabilityHR doesn’t have specialized security knowledge: Another limitation is that an organization’s security training can be a component in maintaining certain certifications, compliance, contractual agreements, and customer expectations, according to Hughes.”If that’s important to your organization, then security, IT, and compliance teams will know the subjects to cover and help guide in the importance of…
-
WhatsApp vulnerability could be used to infect Windows users with malware (CVE-2025-30401)
by
in SecurityNewsWhatsApp users are urged to update the Windows client app to plug a serious security vulnerability (CVE-2025-30401) that may allow attackers to trick users into running … First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2025/04/09/whatsapp-vulnerability-windows-cve-2025-30401/
-
Hellcat Ransomware Upgrades Arsenal to Target Government, Education, and Energy Sectors
by
in SecurityNews
Tags: attack, cyber, cybersecurity, exploit, government, group, phishing, ransomware, service, spear-phishing, tactics, vulnerability, zero-dayThe cybersecurity community has raised alarms over the rapid evolution of the Hellcat ransomware group, which has escalated its tactics to target critical sectors. Hellcat, which emerged in mid-2024, now employs a sophisticated blend of psychological manipulation, zero-day vulnerabilities, and Ransomware-as-a-Service (RaaS) to expand its influence. Spear Phishing and Zero-day Exploits Hellcat operators initiate attacks…
-
Microsoft Warns of Ransomware Attacks Exploiting CVE-2025-29824 Zero-Day
by
in SecurityNewsOn April 8, 2025, Microsoft released its monthly security updates, addressing a total of 121 vulnerabilities across various products. Among these, CVE-2025-29824, a zero-day vulnerability in the Windows Common Log File System (CLFS) Driver, has been actively exploited in ransomware… First seen on sensorstechforum.com Jump to article: sensorstechforum.com/cve-2025-29824-zero-day-ransomware-attacks/
-
RCE flaw in MSP-friendly file sharing platform exploited by attackers (CVE-2025-30406)
by
in SecurityNewsA critical RCE vulnerability (CVE-2025-30406) affecting the Gladinet CentreStack file-sharing/remote access platform has been added to CISA’s Known Exploited … First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2025/04/09/rce-gladinet-centrestack-file-sharing-exploited-cve-2025-30406/
-
Achtung Sicherheitslücke: Exploit Kits und andere Gefahren
by
in SecurityNewsSchwachstellen in Software und Hardware sind ein wichtiges Thema in der Auseinandersetzung mit IT-Sicherheit. Wie ihr in unserem Bericht über die Bedrohungstrends für Unternehmen im Jahr 2015 nachlesen könnt, zählen Sicherheitslücken zu den zentralen Bedrohungen in diesem Jahr. First seen on welivesecurity.com Jump to article: www.welivesecurity.com/deutsch/2015/04/07/achtung-sicherheitslucke-exploit-kits-und-andere-gefahren/
-
Fortinet Patches Critical FortiSwitch Vulnerability
by
in SecurityNewsFortinet fixes a critical-severity bug in FortiSwitch that could allow an attacker to modify administrative passwords. The post Fortinet Patches Critical FortiSwitch Vulnerability appeared first on SecurityWeek. First seen on securityweek.com Jump to article: www.securityweek.com/fortinet-patches-critical-fortiswitch-vulnerability/
-
NIST Deprioritizes Pre-2018 CVEs as Backlog Struggles Continue
by
in SecurityNewsNIST, which for more than a year has been struggling to address a backlog of CVEs in its database following budget cuts, is now putting pre-2018 vulnerabilities on the back burner to give itself more time to address the rapidly growing number of new software security flaws. First seen on securityboulevard.com Jump to article: securityboulevard.com/2025/04/nist-deprioritizes-pre-2018-cves-as-backlog-struggles-continue/
-
Vulnerabilities Patched by Ivanti, VMware, Zoom
by
in SecurityNewsIvanti, VMware, and Zoom released fixes for dozens of vulnerabilities in their products on April 2025 Patch Tuesday. The post Vulnerabilities Patched by Ivanti, VMware, Zoom appeared first on SecurityWeek. First seen on securityweek.com Jump to article: www.securityweek.com/vulnerabilities-patched-by-ivanti-vmware-zoom/
-
CentreStack RCE exploited as zero-day to breach file sharing servers
by
in SecurityNewsHackers exploited a vulnerability in Gladinet CentreStack’s secure file-sharing software as a zero-day since March to breach storage servers First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/centrestack-rce-exploited-as-zero-day-to-breach-file-sharing-servers/