Tag: vulnerability
-
New Critical GitLab Vulnerability Could Allow Arbitrary CI/CD Pipeline Execution
GitLab has released security updates for Community Edition (CE) and Enterprise Edition (EE) to address eight security flaws, including a critical bug that could allow running Continuous Integration and Continuous Delivery (CI/CD) pipelines on arbitrary branches.Tracked as CVE-2024-9164, the vulnerability carries a CVSS score of 9.6 out of 10.”An issue was discovered in GitLab EE…
-
Juniper: Mehr als 30 Sicherheitslücken gestopft
Juniper Networks hat mehr als 30 Sicherheitsmitteilungen veröffentlicht. Zugehörige Updates schließen Schwachstellen in Junos OS. First seen on heise.de Jump to article: www.heise.de/news/Juniper-Mehr-als-30-Sicherheitsluecken-gestopft-9977411.html
-
European Council Adopts Cyber Resilience Act
Act Imposes Mandatory Patching for IoT Devices. The European Council adopted Thursday security-by-design regulation that makes patching and vulnerability updates mandatory for connected devices. The regulation will ensure that products with digital components are made secure throughout the supply chain and throughout their lifecycle. First seen on govinfosecurity.com Jump to article: www.govinfosecurity.com/european-council-adopts-cyber-resilience-act-a-26509
-
Vulnerability Prioritization the Magic 8 Ball
Last month marks 25 years of operation for the CVE (Common Vulnerabilities and Exposures) program, launched in September 1999. It’s difficult to imagine a world without CVEs. Much of the “vulnerability management” activities, before the CVE program became popular, relied on matching version numbers from remote scans and executing shady exploits found in dark places on……
-
Akira and Fog ransomware now exploit critical Veeam RCE flaw
Ransomware gangs now exploit a critical security vulnerability that lets attackers gain remote code execution (RCE) on vulnerable Veeam Backup & Replication (VBR) servers. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/akira-and-fog-ransomware-now-exploiting-critical-veeam-rce-flaw/
-
Remediation vs. Mitigation: The Choice Between Instant or Indirect Action
Organizations are constantly faced with the challenge of addressing vulnerabilities and threats to maintain a secure environment. Two common strategies to aide in this are remediation and mitigation, both of which aim to reduce risk but with different approaches and timelines. Understanding the distinction between these strategies”, and knowing when to apply each”, can be…
-
Several serious Palo Alto firewall hijacking vulnerabilities resolved
First seen on scworld.com Jump to article: www.scworld.com/brief/several-serious-palo-alto-firewall-hijacking-vulnerabilities-resolved
-
US, UK warn of Russian APT29 hackers targeting Zimbra, TeamCity servers
U.S. and U.K. cyber agencies warned today that APT29 hackers linked to Russia’s Foreign Intelligence Service (SVR) target vulnerable Zimbra and JetBrains TeamCity servers “at a mass scale.” First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/us-uk-warn-of-russian-apt29-hackers-targeting-zimbra-teamcity-servers/
-
NCSC issues fresh alert over wave of Cozy Bear activity
The NCSC, FBI and NSA publish updated warning about Cozy Bear’s activities, highlighting a range of vulnerabilities the threat actor is using to set up its cyber attacks First seen on computerweekly.com Jump to article: www.computerweekly.com/news/366613456/NCSC-issues-fresh-alert-over-wave-of-Cozy-Bear-activity
-
14,000 medical devices are online, unsecured and vulnerable
Censys cybersecurity researchers find medical devices, login portals, and health records floating online. First seen on cyberscoop.com Jump to article: cyberscoop.com/medical-devices-online-health-censys/
-
Flash Sales, Sneaker Drops, and Concert Tickets: Protecting Your Applications, APIs, and Bottom Line
Flash sales, hype sales, and online product launches like limited-edition sneakers generate interest, excitement, and high demand from customers, so naturally they have also become a target for cyberattacks. These events often involve high-value items, making them prime targets for malicious actors and their bot armies. Understanding application and API vulnerabilities and the… First seen…
-
Vulnerability Prioritization & the Magic 8 Ball
Vulnerability prioritization has evolved over the years. Several frameworks exist to help organizations make the right decisions when it comes to deciding which patches to apply and when. But are these better than a Magic 8 Ball? First seen on darkreading.com Jump to article: www.darkreading.com/vulnerabilities-threats/vulnerability-prioritization-magic-8-ball
-
Trio of Ivanti CSA zero-day vulnerabilities under exploit threat
The latest round of exploitation follows more than three weeks of CVE disclosures involving various Ivanti products.; First seen on cybersecuritydive.com Jump to article: www.cybersecuritydive.com/news/ivanti-zero-day-vulnerabilities-exploitation/729354/
-
Firefox 131 Update Patches Exploited Zero-Day Vulnerability
First seen on packetstormsecurity.com Jump to article: packetstormsecurity.com/news/view/36458/Firefox-131-Update-Patches-Exploited-Zero-Day-Vulnerability.html
-
Mozilla Warns Of Firefox Zero-Day Actively Exploited In Cyber Attacks
A critical use-after-free vulnerability affecting Firefox and Firefox Extended Support Release (ESR) is being actively exploited in cyberattacks. With a CVSS base score of 9.8, the flaw is identified as Use-after-free in the Animation timeline component tracked as CVE-2024-9680 reported by Damien Schaeffer from ESET.” An attacker was able to achieve code execution in the…
-
Check Point zeigt Schwachstellen im Linux CUPS-System auf
Check Points Kunden sind durch CloudGuard geschützt, insbesondere gegen Remote Code Execution (RCE), die durch die Sicherheitslücke CVE-2024-47176 ausgelöst werden kann. First seen on infopoint-security.de Jump to article: www.infopoint-security.de/check-point-zeigt-schwachstellen-im-linux-cups-system-auf/a38580/
-
U.S. CISA adds Ivanti CSA and Fortinet bugs to its Known Exploited Vulnerabilities catalog
U.S. Cybersecurity and Infrastructure Security Agency (CISA) adds Ivanti CSA and Fortinet bugs to its Known Exploited Vulnerabilities catalog. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) added the following vulnerabilities to its Known Exploited Vulnerabilities (KEV) catalog: This week, Fortinet addressed a critical flaw in FortiOS, tracked as CVE-2024-23113 (CVSS score 9.8). The issue if…
-
Actively exploited Firefox zero-day fixed, update ASAP! (CVE-2024-9680)
Mozilla has pushed out an emergency update for its Firefox and Firefox ESR browsers to fix a vulnerability (CVE-2024-9680) that is being exploited in the wild. About … First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2024/10/10/cve-2024-9680/
-
Microsoft adressiert Zero-Day-Schwachstellen
Im aktuellen Patch-Tuesday-Update nimmt sich Microsoft fünf Zero-Day-Schwachstellen an, darunter zwei, die bereits aktiv ausgenutzt werden. First seen on csoonline.com Jump to article: www.csoonline.com/de/a/microsoft-adressiert-zero-day-schwachstellen
-
Experts Warn of Critical Unpatched Vulnerability in Linear eMerge E3 Systems
Cybersecurity security researchers are warning about an unpatched vulnerability in Nice Linear eMerge E3 access controller systems that could allow for the execution of arbitrary operating system (OS) commands.The flaw, assigned the CVE identifier CVE-2024-9441, carries a CVSS score of 9.8 out of a maximum of 10.0, according to VulnCheck.”A vulnerability in the Nortek Linear…
-
Kritische Sicherheitslücken im Linux-CUPS-System aufgedeckt
Check Point Software Technologies warnt vor schwerwiegenden Sicherheitslücken im Common-Unix-Printing-System (CUPS). Diese Schwachstellen, die von dem Sicherheitsexperten Simone Margaritelli (evilSocket) aufgedeckt wurden, betreffen Linux-Umgebungen und können zur Ausführung von schädlichem Code führen. Die vier Schwachstellen wurden öffentlich bekannt gemacht, nachdem das Entwickler-Team unzureichend auf die verantwortungsbewusste Offenlegung reagierte. Schwere der Schwachstellen und betroffene Systeme Die…
-
Secure Your World with Phishing Resistant Passkeys
Tags: access, apple, attack, authentication, awareness, banking, breach, business, cloud, compliance, cyber, cybersecurity, data, encryption, exploit, fido, finance, google, government, Hardware, healthcare, identity, login, mfa, microsoft, network, passkey, password, phishing, psychology, regulation, risk, service, soar, software, strategy, threat, tool, vulnerabilitySecure Your World with Phishing Resistant Passkeys madhav Thu, 10/10/2024 – 05:12 As we celebrate Cybersecurity Awareness Month 2024 with the theme “Secure Our World,” exploring innovative technologies is crucial to help us achieve this goal. One such advancement that’s revolutionizing online security and user authentication is passkeys. Passkeys represent a significant leap forward in…
-
Foxit PDF Reader Vulnerability Let Attackers Execute Arbitary Code
Researchers recently disclosed six new security vulnerabilities across various software, as one critical vulnerability was found in Foxit PDF Reader, a widely used alternative to Adobe Acrobat. Given the memory corruption vulnerability, attackers could execute arbitrary code on the machine that is the target of their attack. Additionally, three vulnerabilities were discovered in Veertu’s Anka…
-
CISA Warns of Fortinet Ivanti Vulnerabilities Exploited in Attacks
Tags: attack, cisa, cve, cyber, cybersecurity, exploit, fortinet, infrastructure, ivanti, kev, risk, vulnerabilityThe Cybersecurity and Infrastructure Security Agency (CISA) has recently updated its Known Exploited Vulnerabilities Catalog, adding critical vulnerabilities from Fortinet and Ivanti. These vulnerabilities are actively exploited in the wild, posing significant risks to organizations worldwide. CISA urges immediate action to mitigate potential threats. Fortinet Multiple Products Format String Vulnerability CVE-2024-23113 Fortinet’s suite of […]…
-
Mozilla issued an urgent Firefox update to fix an actively exploited flaw
Mozilla released an urgent Firefox update to fix a critical use-after-free vulnerability actively exploited in ongoing attacks. Mozilla released an emergency security update for its Firefox browser to address a critical use-after-free vulnerability, tracked as CVE-2024-9680, that is actively exploited in attacks. The vulnerability CVE-2024-9680 resides in Animation timelines. Firefox Animation Timelines is a feature…
-
Multiple VMware NSX Vulnerabilities Let Attackers Gain Root Access
VMware has disclosed multiple vulnerabilities in its NSX product line that could potentially allow attackers to gain root access. The vulnerabilities, identified as CVE-2024-38818, CVE-2024-38817, and CVE-2024-38815, affect both VMware NSX and VMware Cloud Foundation. According to the Broadcom report, the advisory, VMSA-2024-0020, was initially published on October 9, 2024, and highlights the moderate severity…
-
CISA Added Fortinet Ivanti Vulnerabilities that Exploited in the Wild
Tags: cisa, cve, cyber, cybersecurity, exploit, fortinet, infrastructure, ivanti, kev, risk, vulnerabilityThe Cybersecurity and Infrastructure Security Agency (CISA) has recently updated its Known Exploited Vulnerabilities Catalog, adding critical vulnerabilities from Fortinet and Ivanti. These vulnerabilities are actively exploited in the wild, posing significant risks to organizations worldwide. CISA urges immediate action to mitigate potential threats. Fortinet Multiple Products Format String Vulnerability CVE-2024-23113 Fortinet’s suite of […]…
-
Palo Alto fixed critical flaws in PAN-OS firewalls that allow for full compromise of the devices
Palo Alto fixed critical flaws in PAN-OS firewalls, warning that attackers could chain these vulnerabilities to hijack the devices. Palo Alto Networks addressed multiple vulnerabilities that an attacker can chain to hijack PAN-OS firewalls. The vulnerabilities reside in the Palo Alto Networks’ Expedition solution, which is a migration tool designed to help organizations move configurations…
-
CISA Warns of Critical Fortinet Flaw as Palo Alto and Cisco Issue Urgent Security Patches
Tags: cisa, cisco, cve, cybersecurity, exploit, flaw, fortinet, infrastructure, kev, remote-code-execution, vulnerabilityThe U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Wednesday added a critical security flaw impacting Fortinet products to its Known Exploited Vulnerabilities (KEV) catalog, citing evidence of active exploitation.The vulnerability, tracked as CVE-2024-23113 (CVSS score: 9.8), relates to cases of remote code execution that affects FortiOS, FortiPAM, FortiProxy, and FortiWeb.”A First seen on thehackernews.com…
-
Microsoft’s October 2024 Patch Tuesday: Addressing 5 Zero-Days and 118 Vulnerabilities
On October 10, 2024, Microsoft released its latest round of security updates as part of the monthly Patch Tuesday. This month’s update addresses a total of 118 vulnerabilities, including five zero-days, two of which are actively being exploited. These vulnerabilities impact various Microsoft products, making it crucial for organizations to apply patches promptly and review…