Tag: vulnerability
-
Security researchers find deep flaws in CVSS vulnerability scoring system
by
in SecurityNewsThe industrywide method for assessing the severity of vulnerabilities in software and hardware needs to be revised because it provides potential misleading severity assessment, delegates at Black Hat Europe were told Thursday.The Common Vulnerability Scoring System (CVSS) makes use of various metrics to quantify vulnerability severity. A presentation at Black Hat by cybersecurity experts from…
-
Europol shutters 27 DDoS sites in major crackdown
by
in SecurityNews
Tags: attack, crime, cybercrime, ddos, defense, finance, hacker, infrastructure, international, iot, network, vulnerabilityEuropol has announced that it has carried out a major crackdown on cybercriminal actors in cooperation with the police authorities in 15 countries as part of an ongoing international crackdown known as PowerOFF.Included in the effort are the Australian Federal Police, the UK’s National Crime Agency, and the US Department of Justice, Federal Bureau of Investigation, Homeland…
-
Microsoft Windows ‘Best Fit’ character conversion ‘ripe for exploitation’
by
in SecurityNews
Tags: api, application-security, attack, cve, exploit, flaw, injection, malicious, microsoft, mitigation, office, programming, software, switch, technology, tool, vulnerability, windowsSecurity researchers have outlined a novel attack vector that exploits the “Best Fit” character conversion technology built into Windows.The technology comes into play in string conversions, particularly when characters cannot be directly represented in a target character set.However, application security experts Orange Tsai and Splitline Huang from Taiwanese firm DEVCORE used a presentation at Black…
-
Hackers Exploiting Cleo Software Zero-Day
by
in SecurityNewsAttackers Target Managed File Transfer Software Vulnerabilities. File transfer software made by Cleo Communications is under active attack and a patch meant to stymie hackers doesn’t fix the flaw, say security researchers from Huntress. Hackers exploit an arbitrary file-write vulnerability along with a feature that automatically executes files. First seen on govinfosecurity.com Jump to article:…
-
KeyTrap DNSSEC: The day the internet (almost) stood still
by
in SecurityNews
Tags: attack, cyberattack, cybersecurity, data, dns, email, exploit, germany, google, Internet, mitigation, service, software, technology, vulnerabilityA severe vulnerability in the internet lookup protocol DNSSEC carried the potential to make much of the web functionally inaccessible for many, according to a presentation at Black Hat Europe.DNSSEC (Domain Name System Security Extensions) offers mitigation against various types of cyberattacks, including DNS spoofing and cache poisoning, by providing a way to cryptographically authenticate…
-
Cleo patches zero-day exploited by ransomware gang
by
in SecurityNewsCleo has released a security patch to address the critical vulnerability that started getting exploited while still a zero-day to breach internet-facing Cleo Harmony, … First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2024/12/12/cleo-patches-zero-day-exploited-by-ransomware-gang/
-
‘Sesam, öffne dich” Team82 entdeckt Schwachstellen im Cloud-Management von Ruijie Networks
by
in SecurityNewsDie Sicherheitsforscher von Team82, der Forschungsabteilung des Spezialisten für die Sicherheit von cyberphysischen Systemen (CPS) Claroty, haben insgesamt zehn Schwachstellen in der Reyee-Cloud-Management-Plattform des chinesischen Netzwerkanbieters Ruijie Networks entdeckt. Dadurch war es Angreifern möglich, auf jedem mit der Cloud verbundenen Gerät Code auszuführen und damit Zehntausende Geräte zu kontrollieren. Darüber hinaus haben die Sicherheitsforscher einen…
-
Sechs Sicherheitslücken in SAG Sonicwall behebt Schwachstellen in Firewall und Firmware
by
in SecurityNewsFirst seen on security-insider.de Jump to article: www.security-insider.de/sonicwall-firewalls-angriffe-schutzmassnahmen-cve-2024-40766-a-fb6be1e1993f9f52f8ca402442ac8faf/
-
Researchers find security flaws in Skoda cars that may let hackers remotely track them
by
in SecurityNewsSecurity researchers have discovered multiple vulnerabilities in the infotainment units used in some Skoda cars that could allow malicious actors to remotely trigger certain controls and track the cars’ location in real time. PCAutomotive, a cybersecurity firm specializing in the automotive sector, unveiled 12 new security vulnerabilities impacting the latest model of the Skoda Superb…
-
Cleo Patches Exploited Flaw as Security Firms Detail Malware Pushed in Attacks
by
in SecurityNewsCleo has released patches for the exploited vulnerability and security firms have detailed the malware delivered in attacks. The post Cleo Patches Exploited Flaw as Security Firms Detail Malware Pushed in Attacks appeared first on SecurityWeek. First seen on securityweek.com Jump to article: www.securityweek.com/cleo-patches-exploited-flaw-as-security-firms-detail-malware-pushed-in-attacks/
-
Cleo 0-day Vulnerability Exploited to Deploy Malichus Malware
by
in SecurityNewsCybersecurity researchers have uncovered a sophisticated exploitation campaign involving a zero-day (0-day) vulnerability in Cleo file transfer software platforms. This campaign has been used to deliver a newly identified malware family, now dubbed “Malichus.” The threat, recently analyzed by Huntress and corroborated by other industry vendors, demonstrates significant technical complexity, raising alarms across the cybersecurity…
-
Hunk Companion, WP Query Console Vulnerabilities Chained to Hack WordPress Sites
by
in SecurityNewsTwo vulnerabilities in the Hunk Companion and WP Query Console WordPress plugins allow attackers to backdoor websites. The post Hunk Companion, WP Query Console Vulnerabilities Chained to Hack WordPress Sites appeared first on SecurityWeek. First seen on securityweek.com Jump to article: www.securityweek.com/hunk-companion-wp-query-console-vulnerabilities-chained-to-hack-wordpress-sites/
-
WordPress Hunk Companion Plugin Flaw Exploited to Silently Install Vulnerable Plugins
by
in SecurityNewsMalicious actors are exploiting a critical vulnerability in the Hunk Companion plugin for WordPress to install other vulnerable plugins that could open the door to a variety of attacks.The flaw, tracked as CVE-2024-11972 (CVSS score: 9.8), affects all versions of the plugin prior to 1.9.0. The plugin has over 10,000 active installations.”This flaw poses a…
-
GitLab Security Update, Patch for Critical Vulnerabilities
by
in SecurityNewsGitLab announced the release of critical security patches for its Community Edition (CE) and Enterprise Edition (EE). The newly released versions 17.6.2, 17.5.4, and 17.4.6 address several high-severity vulnerabilities, and GitLab strongly recommends that all self-managed installations be upgraded immediately. It is worth noting that GitLab.com is already running the patched version, while GitLab-dedicated customers…
-
Apple stopft schwere Sicherheitslücken, kein Patch für iOS 17
by
in SecurityNewsApples jüngste Updates schließen viele Schwachstellen in iOS, macOS und iPadOS, darunter kritische. Für iOS 17 gibt es wohl keine Patches mehr. First seen on heise.de Jump to article: www.heise.de/news/Apple-stopft-schwere-Sicherheitsluecken-kein-Patch-fuer-iOS-17-10196897.html
-
BadRAM Attack Breaches AMD Secure VMs with $10 Device
by
in SecurityNewsResearchers have uncovered a vulnerability that allows attackers to compromise AMD’s Secure Encrypted Virtualization (SEV) technology using a $10 device. This breakthrough exposes a previously underexplored weakness in memory module security, specifically in cloud computing environments where SEV is widely used to protect sensitive data, which is shared on the BadRAM page. Modern computers depend…
-
Epic Games Launcher: Sicherheitslücke ermöglicht Rechteausweitung
by
in SecurityNewsIm Epic Games Launcher können Angreifer eine Schwachstelle missbrauchen, um ihre Rechte auszuweiten. Ein Update korrigiert das. First seen on heise.de Jump to article: www.heise.de/news/Epic-Games-Launcher-Sicherheitsluecke-ermoeglicht-Rechteausweitung-10196655.html
-
Splunk RCE Vulnerability Let Attackers Execute Remote Code
by
in SecurityNewsSplunk, the data analysis and monitoring platform, is grappling with a Remote Code Execution (RCE) vulnerability. This flaw, identified as CVE-2024-53247, affects several versions of Splunk Enterprise and the Splunk Secure Gateway app on the Splunk Cloud Platform. The vulnerability is rated with a CVSSv3.1 score of 8.8, indicating a high severity level that poses…
-
SAP Patchday Dezember 2024 – Kritische Schwachstelle in SAP NetWeaver AS for Java
by
in SecurityNewsFirst seen on security-insider.de Jump to article: www.security-insider.de/de-2024-12-sap-sicherheitsupdates-dezember-a-19125652b491abbb45e69fa71313ebbb/
-
AMD data center chips vulnerable to revealing data through ‘BadRAM’ attack
by
in SecurityNews
Tags: access, advisory, attack, best-practice, cloud, cve, data, encryption, exploit, finance, firmware, flaw, germany, Hardware, mitigation, monitoring, reverse-engineering, software, update, vulnerabilityAMD’s Secure Encrypted Virtualization (SEV), meant to protect processor memory from prying eyes in virtual machine (VM) environments, can be tricked into giving access to its encrypted memory contents using a test rig costing less than $10, researchers have revealed.Dubbed “BadRAM” by researchers from the University of Lübeck in Germany, KU Leven in Belgium, and…
-
Hunk Companion WordPress plugin exploited to install vulnerable plugins
by
in SecurityNewsHackers are exploiting a critical vulnerability in the “Hunk Companion” plugin to install and activate other plugins with exploitable flaws directly from the WordPress.org repository. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/hunk-companion-wordpress-plugin-exploited-to-install-vulnerable-plugins/
-
Ransomware Hackers Exploiting Cleo Software Zero-Day
by
in SecurityNews
Tags: attack, communications, exploit, flaw, hacker, ransomware, software, update, vulnerability, zero-dayAttackers Target Managed File Transfer Software Vulnerabilities. File transfer software made by Cleo Communications is under active attack and a patch meant to stymie hackers doesn’t fix the flaw, say security researchers from Huntress. Hackers exploit an arbitrary file-write vulnerability along with a feature that automatically executes files. First seen on govinfosecurity.com Jump to article:…
-
Patch Tuesday: Microsoft Patches One Actively Exploited Vulnerability, Among Others
by
in SecurityNewsDecember marked a quiet month with 70 vulnerabilities patched, plus updates from outside of Microsoft. First seen on techrepublic.com Jump to article: www.techrepublic.com/article/patch-tuesday-december-24/
-
The imperative for governments to leverage genAI in cyber defense
by
in SecurityNews
Tags: ai, attack, cyber, cyberattack, cybersecurity, dark-web, data, deep-fake, defense, detection, email, endpoint, gartner, government, incident response, infrastructure, intelligence, LLM, malicious, malware, microsoft, strategy, tactics, threat, tool, training, vulnerabilityIn an era where cyber threats are evolving at an unprecedented pace, the need for robust cyber defense mechanisms has never been more critical. Sixty-two percent of all cyberattacks focus on public sector organizations directly and indirectly. Nation-state actors, equipped with generative artificial intelligence (genAI) sophisticated tools and techniques, pose significant threats to national security,…
-
Cybersecurity Lessons From 3 Public Breaches
by
in SecurityNewsHigh-profile security incidents provide examples of how common vulnerabilities can be exploited. If you pay attention, you can learn from others’ mistakes. First seen on darkreading.com Jump to article: www.darkreading.com/cyberattacks-data-breaches/cybersecurity-lessons-from-3-public-breaches
-
Microsoft fixes 72 vulnerabilities in final 2024 Patch Tuesday
by
in SecurityNewsFirst seen on scworld.com Jump to article: www.scworld.com/news/microsoft-fixes-72-vulnerabilities-in-final-2024-patch-tuesday
-
December Patch Tuesday shuts down Windows zero-day
by
in SecurityNewsMicrosoft addresses 72 vulnerabilities, including 17 rated critical. Administrators should focus on patching the Windows OS to stop a flaw that has been exploited in the wild. First seen on techtarget.com Jump to article: www.techtarget.com/searchwindowsserver/news/366617192/December-Patch-Tuesday-shuts-down-Windows-zero-day