Tag: vulnerability
-
Researchers Uncover Malware Using BYOVD to Bypass Antivirus Protections
by
in SecurityNewsCybersecurity researchers have uncovered a new malicious campaign that leverages a technique called Bring Your Own Vulnerable Driver (BYOVD) to disarm security protections and ultimately gain access to the infected system.”This malware takes a more sinister route: it drops a legitimate Avast Anti-Rootkit driver (aswArPot.sys) and manipulates it to carry out its destructive agenda,” Trellix…
-
Veritas Enterprise Vault Vulnerabilities Lets Attackers Execute Arbitrary Code Remotely
by
in SecurityNewsCritical security vulnerability has been identified in Veritas Enterprise Vault, a widely-used archiving and content management solution. The vulnerability, rated with a CVSS v3.1 Base Score of 9.8 (Critical), could allow attackers to execute arbitrary code on affected servers. This exploit leverages vulnerabilities inherent to the .NET Remoting service used by Enterprise Vault. The Nature…
-
Blackduck Software Vulnerability Snapshot 2024 – Tausende Schwachstellen in Softwareanwendungen
by
in SecurityNewsFirst seen on security-insider.de Jump to article: www.security-insider.de/cybersicherheit-risiken-handlungsbedarf-unternehmen-2024-a-9f5ce3661198e12519fba1c7442150cd/
-
7-Zip RCE Vulnerability Let Attackers Execute Remote Code
by
in SecurityNewsA critical security vulnerability has been disclosed in the popular file archiving tool 7-Zip, allowing attackers to execute arbitrary code remotely. The flaw, identified as CVE-2024-11477, has been attributed to an integer underflow in the Zstandard decompression implementation, which could lead to remote code execution (RCE). CVE-2024-11477 Vulnerability Details The vulnerability, CVE-2024-11477 discovered by […]…
-
Sicherheitsupdates für Drupal: Schadcode-Attacken auf Webbrowser möglich
by
in SecurityNewsDie Entwickler von Drupal haben in ihrem Content Management System mehrere Schwachstellen geschlossen. First seen on heise.de Jump to article: www.heise.de/news/Sicherheitsupdates-fuer-Drupal-Schadcode-Attacken-auf-Webbrowser-moeglich-10146419.html
-
Hackers abuse Avast anti-rootkit driver to disable defenses
by
in SecurityNewsA new malicious campaign is using a legitimate but old and vulnerable Avast Anti-Rootkit driver to evade detection and take control of the target system by disabling security components. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/hackers-abuse-avast-anti-rootkit-driver-to-disable-defenses/
-
NotLockBit Ransomware, Embargo Ransomware, Emennet Pasargad, and More: Hacker’s Playbook Threat Coverage Round-up: November 2024
by
in SecurityNewsNew and updated coverage for Windows Downdate Attacks, Quick Share Vulnerability Exploit, MagicRAT, and More First seen on securityboulevard.com Jump to article: securityboulevard.com/2024/11/notlockbit-ransomware-embargo-ransomware-emennet-pasargad-and-more-hackers-playbook-threat-coverage-round-up-november-2024/
-
Fortinet discloses critical zero-day flaw in FortiManager
by
in SecurityNewsAccording to Fortinet, the FortiManager vulnerability ‘may allow a remote unauthenticated attacker to execute arbitrary code or commands via specially… First seen on techtarget.com Jump to article: www.techtarget.com/searchsecurity/news/366614476/Fortinet-discloses-critical-zero-day-flaw-in-FortiManager
-
MSSP Market Update: Google’s AI Boost Identifies 26 New Vulnerabilities in Open-Source Projects
by
in SecurityNewsFirst seen on scworld.com Jump to article: www.scworld.com/news/mssp-market-update-googles-ai-boost-identifies-26-new-vulnerabilities-in-open-source-projects
-
Google’s AI-powered fuzzing tool discovers 26 new vulnerabilities
by
in SecurityNewsFirst seen on scworld.com Jump to article: www.scworld.com/news/googles-ai-powered-fuzzing-tool-discovers-26-new-vulnerabilities
-
Leaky Cybersecurity Holes Put Water Systems at Risk
by
in SecurityNewsAt least 97 major water systems in the US have serious cybersecurity vulnerabilities and compliance issues, raising concerns that cyberattacks could disrupt businesses, industry, and the lives of millions of citizens. First seen on darkreading.com Jump to article: www.darkreading.com/vulnerabilities-threats/leaky-cybersecurity-holes-water-systems-risk
-
Over Half of Top Routinely Exploited Vulnerabilities in 2023 Affected Network Devices and Infrastructure
by
in SecurityNewsOver half of the most routinely exploited vulnerabilities worldwide in 2023 affected network devices and infrastructure, according to a cybersecurity advisory issued by CISA and other international cybersecurity agencies in November, 2024. Furthermore, the majority of the routinely exploited vulnerabilities were “initially exploited as a zero-day” which was a change from 2022, when the majority……
-
Operation Lunar Peek: More Than 2,000 Palo Alto Network Firewalls Hacked
by
in SecurityNewsThe Shadowserver Foundation reports over 2,000 Palo Alto Networks firewalls have been hacked via two zero-day vulnerabilities: CVE-2024-0012… First seen on hackread.com Jump to article: hackread.com/operation-lunar-peek-palo-alto-firewalls-hacked/
-
Zero Days Top Cybersecurity Agencies’ Most-Exploited List
by
in SecurityNewsCybersecurity Officials Urge to Prioritize Fixing These 15 Most-Exploited Flaws. Which vulnerabilities need fixing first to best block nation-state and other hacking attempts? Enter the latest Five Eyes intelligence partnership list of the 15 flaws most targeted by attackers, of which 11 were zero-days. Many organizations have yet to patch them all. First seen on…
-
Google AI Tool Finds 26 Bugs in Open-Source Projects
by
in SecurityNewsOne Vulnerability Had Been Undiscovered for Two Decades, Researchers Said. Google researchers used an AI-powered fuzzing tool to identify 26 vulnerabilities in open-source code repositories, some of which had been lurking undiscovered for several decades. Each was found with AI, using AI-generated and enhanced fuzz targets, Google said. First seen on govinfosecurity.com Jump to article:…
-
China’s DeepSeek Aims to Rival OpenAI’s ‘Reasoning’ Model
by
in SecurityNewsDeepSeek-R1 Struggles with Logic Tests and Is Vulnerable to Jailbreaks. Chinese artificial intelligence research company DeepSeek, funded by quantitative trading firms, introduced what it says is one of the first reasoning models to rival OpenAI o1. Reasoning models engage in self-fact checking and perform multi-step reasoning tasks. First seen on govinfosecurity.com Jump to article: www.govinfosecurity.com/chinas-deepseek-aims-to-rival-openais-reasoning-model-a-26883
-
Schlimmsten-Liste: CISA veröffentlicht die Top 25 Softwarelücken des Jahres
by
in SecurityNewsDie US-Behörde CISA und Mitre haben die Top 25 der gefährlichsten Software-Schwachstellen des Jahres 2024 veröffentlicht. First seen on heise.de Jump to article: www.heise.de/news/Software-Schwachstellen-CISA-veroeffentlicht-die-Top-25-des-Jahres-2024-10107064.html
-
Cybersecurity Snapshot: Prompt Injection and Data Disclosure Top OWASP’s List of Cyber Risks for GenAI LLM Apps
by
in SecurityNews
Tags: access, advisory, ai, application-security, attack, backup, best-practice, breach, cisa, cloud, computer, cve, cyber, cyberattack, cybercrime, cybersecurity, data, exploit, extortion, firewall, framework, governance, government, group, guide, Hardware, incident, incident response, infrastructure, injection, intelligence, Internet, LLM, malicious, microsoft, mitigation, mitre, monitoring, network, nist, office, open-source, powershell, privacy, ransomware, regulation, risk, risk-management, russia, service, skills, software, sql, strategy, supply-chain, tactics, technology, theft, threat, tool, update, vulnerability, vulnerability-management, windowsDon’t miss OWASP’s update to its “Top 10 Risks for LLMs” list. Plus, the ranking of the most harmful software weaknesses is out. Meanwhile, critical infrastructure orgs have a new framework for using AI securely. And get the latest on the BianLian ransomware gang and on the challenges of protecting water and transportation systems against…
-
Software-Schwachstellen: CISA veröffentlicht die Top 25 des Jahres 2024
by
in SecurityNewsDie US-Behörde CISA und Mitre haben die Top 25 der gefährlichsten Software-Schwachstellen des Jahres 2024 veröffentlicht. First seen on heise.de Jump to article: www.heise.de/news/Software-Schwachstellen-CISA-veroeffentlicht-die-Top-25-des-Jahres-2024-10107064.html
-
Russian TAG-110 Hacked 60+ Users With HTML Loaded Python Backdoor
by
in SecurityNewsThe Russian threat group TAG-110, linked to BlueDelta (APT28), is actively targeting organizations in Central Asia, East Asia, and Europe by deploying custom malware, HATVIBE and CHERRYSPY, to compromise government entities, human rights groups, and educational institutions. Initial access is typically gained through phishing or exploiting vulnerable web services, as the campaign’s goal is to…
-
Earth Kasha Upgraded Their Arsenal With New Tactics To Attack Organizations
by
in SecurityNewsEarth Kasha, a threat actor linked to APT10, has expanded its targeting scope to India, Taiwan, and Japan, leveraging spear-phishing and exploiting vulnerabilities in public-facing applications like SSL-VPN and file storage services. The group has deployed various backdoors, including Cobalt Strike, LODEINFO, and the newly discovered NOOPDOOR, to maintain persistent access to compromised networks, which…
-
Mobilize Like Your Organization Depended On It
by
in SecurityNewsExplore how seamless integration, automation, and collaboration drive effective vulnerability remediation to protect your organization in real-time. First seen on securityboulevard.com Jump to article: securityboulevard.com/2024/11/mobilize-like-your-organization-depended-on-it/
-
In Other News: Nvidia Fixes Critical Flaw, Chinese Linux Backdoor, New Details in WhatsApp-NSO Lawsuit
by
in SecurityNewsNoteworthy stories that might have slipped under the radar: Nvidia fixes vulnerability with rare ‘critical’ severity, Chinese APT’s first Linux backdoor, new details emerge from the WhatsApp-NSO lawsuit. The post In Other News: Nvidia Fixes Critical Flaw, Chinese Linux Backdoor, New Details in WhatsApp-NSO Lawsuit appeared first on SecurityWeek. First seen on securityweek.com Jump to…
-
U.S. CISA adds Apple, Oracle Agile PLM bugs to its Known Exploited Vulnerabilities catalog
by
in SecurityNews
Tags: apple, cisa, cve, cybersecurity, exploit, infrastructure, kev, oracle, update, vulnerability, zero-dayU.S. Cybersecurity and Infrastructure Security Agency (CISA) adds Apple, Oracle Agile PLM bugs to its Known Exploited Vulnerabilities catalog. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) added the following vulnerabilities to its Known Exploited Vulnerabilities (KEV) catalog: This week, Apple released security updates for two zero-day vulnerabilities, tracked as CVE-2024-44309 and CVE-2024-44308, in iOS, iPadOS,…
-
JFrog zeigt proaktive Schritte gegen Schwachstelle im userinfo-Segment
by
in SecurityNewsCVE-2024-10524 verdeutlicht eindrucksvoll die Risiken, die selbst in etablierten Softwareabhängigkeiten schlummern, und betont die Notwendigkeit gründlicher Sicherheitsprüfungen auch für vertrauenswürdige Tools. First seen on infopoint-security.de Jump to article: www.infopoint-security.de/jfrog-zeigt-proaktive-schritte-gegen-schwachstelle-im-userinfo-segment/a39040/
-
400,000 Systems Potentially Exposed to 2023’s Most Exploited Flaws
by
in SecurityNewsVulnCheck finds hundreds of thousands of internet-accessible hosts potentially vulnerable to 2023’s top frequently exploited flaws. The post 400,000 Systems Potentially Exposed to 2023’s Most Exploited Flaws appeared first on SecurityWeek. First seen on securityweek.com Jump to article: www.securityweek.com/400000-systems-potentially-exposed-to-2023s-most-exploited-flaws/
-
Programmiersprache Rust: AWS-Wettbewerb für mehr Sicherheit der Standard-Library
by
in SecurityNewsMittels Crowdsourcing will AWS die Standard-Library von Rust auf Schwachstellen und undefiniertes Verhalten untersuchen. First seen on heise.de Jump to article: www.heise.de/news/Amazon-Web-Services-gibt-Geld-fuer-mehr-Sicherheit-der-Standard-Library-von-Rust-10097801.html
-
CERT-In Flags Critical Vulnerabilities in Zoom: Update Your Apps Now
by
in SecurityNewsThe Indian Computer Emergency Response Team (CERT-In) has issued a detailed security advisory about multiple vulnerabilities found in the popular video conferencing application, Zoom. First seen on thecyberexpress.com Jump to article: thecyberexpress.com/cert-in-advisory-for-zoom-vulnerabilities/
-
MITRE Unveils Top 25 Most Critical Software Flaws
by
in SecurityNewsThe 25 most dangerous software weaknesses between June 2023 and June 2024 are responsible for almost 32,000 vulnerabilities First seen on infosecurity-magazine.com Jump to article: www.infosecurity-magazine.com/news/mitre-unveils-top-25-software-flaws/
-
SentinelOne AI-SPM detects misconfigurations and vulnerabilities in AI applications
by
in SecurityNewsSentinelOne announced new AI security posture management (AI-SPM) capabilities to protect and secure the use of AI services in the workplace. Built on SentinelOne’s … First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2024/11/22/sentinelone-ai-spm/