Tag: vulnerability
-
December Patch Tuesday shuts down Windows zero-day
by
in SecurityNewsMicrosoft addresses 72 vulnerabilities, including 17 rated critical. Administrators should focus on patching the Windows OS to stop a flaw that has been exploited in the wild. First seen on techtarget.com Jump to article: www.techtarget.com/searchwindowsserver/news/366617192/December-Patch-Tuesday-shuts-down-Windows-zero-day
-
Containers have 600+ vulnerabilities on average
by
in SecurityNewsContainers are the fastest growing and weakest cybersecurity link in software supply chains, according to NetRise. Companies are struggling to get container … First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2024/12/11/containers-security-concerns/
-
US sanctions Chinese cybersecurity firm over global malware campaign
by
in SecurityNews
Tags: attack, breach, china, computer, control, corporate, credentials, cve, cyber, cyberattack, cybersecurity, email, encryption, exploit, finance, firewall, fraud, government, group, healthcare, identity, infection, infrastructure, intelligence, international, malicious, malware, monitoring, network, office, password, ransomware, risk, service, software, sophos, technology, terrorism, threat, tool, vulnerability, zero-dayThe US government has imposed sanctions on Chinese cybersecurity firm Sichuan Silence Information Technology and one of its employees, Guan Tianfeng, for their alleged involvement in a 2020 global cyberattack that exploited zero day vulnerabilities in firewalls.The actions were announced by the US Department of the Treasury and the Department of Justice (DOJ), which also…
-
U.S. CISA adds Microsoft Windows CLFS driver flaw to its Known Exploited Vulnerabilities catalog
by
in SecurityNews
Tags: cisa, cve, cybersecurity, exploit, flaw, infrastructure, kev, microsoft, vulnerability, windowsU.S. Cybersecurity and Infrastructure Security Agency (CISA) adds Microsoft Windows Common Log File System (CLFS) driver flaw to its Known Exploited Vulnerabilities catalog. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) added the Microsoft Windows Common Log File System (CLFS) driver flaw CVE-2024-49138 (CVSS score: 7.8) to its Known Exploited Vulnerabilities (KEV) catalog. Microsoft December 2024…
-
Anton’s Security Blog Quarterly Q4 2024
by
in SecurityNews
Tags: ai, automation, ciso, cloud, cyber, defense, detection, edr, google, governance, incident response, metric, office, security-incident, siem, soc, threat, vulnerability, vulnerability-management, zero-trustAmazingly, Medium has fixed the stats so my blog/podcast quarterly is back to life. As before, this covers both Anton on Security and my posts from Google Cloud blog, and our Cloud Security Podcast (subscribe). Meta AI creation, steampunk theme Top 10 posts with the most lifetime views (excluding paper announcement blogs): Security Correlation Then…
-
Ivanti Issues Critical Security Updates for CSA and Connect Secure Vulnerabilities
by
in SecurityNewsIvanti has released security updates to address multiple critical flaws in its Cloud Services Application (CSA) and Connect Secure products that could lead to privilege escalation and code execution.The list of vulnerabilities is as follows -CVE-2024-11639 (CVSS score: 10.0) – An authentication bypass vulnerability in the admin web console of Ivanti CSA before 5.0.3 that…
-
Attackers exploit zero-day RCE flaw in Cleo managed file transfer
by
in SecurityNews
Tags: advisory, attack, cve, edr, exploit, firewall, flaw, group, Internet, malicious, mitigation, moveIT, powershell, ransomware, rce, remote-code-execution, software, tool, update, vulnerability, vulnerability-management, windows, zero-daySecurity researchers have warned about in-the-wild attacks that exploit a remote code execution vulnerability in managed file transfer (MFT) solutions developed by enterprise software vendor Cleo Communications.The impacted products include the latest versions of Cleo LexiCom, Cleo VLTrader and Cleo Harmony, with experts advising to temporarily disconnect these systems from the internet until a patch…
-
Microsoft Security Update Summary (10. Dezember 2024)
by
in SecurityNewsAm 10. Dezember 2024 hat Microsoft Sicherheitsupdates für Windows-Clients und -Server, für Office sowie für weitere Produkte veröffentlicht. Die Sicherheitsupdates beseitigen 70 Schwachstellen (CVEs), davon 16 kritische Sicherheitslücken, davon eine als 0-day klassifiziert (bereits ausgenutzt). Nachfolgend findet sich … First seen on borncity.com Jump to article: www.borncity.com/blog/2024/12/10/microsoft-security-update-summary-10-dezember-2024/
-
Microsoft December 2024 Patch Tuesday addressed actively exploited zero-day
by
in SecurityNewsMicrosoft December 2024 Patch Tuesday security updates addressed 71 vulnerabilities including an actively exploited zero-day. Microsoft December 2024 Patch Tuesday security updates addressed 71 vulnerabilities in Windows and Windows Components, Office and Office Components, SharePoint Server, Hyper-V, Defender for Endpoint, and System Center Operations Manager. 16 vulnerabilities are rated Critical, 54 are rated Important, and…
-
Multiple Cleo file transfer products being exploited by hackers
by
in SecurityNewsThe vulnerability, CVE-2024-50623, was recently patched by software developer Cleo and affects the company’s LexiCom, VLTransfer and Harmony products. However, researchers at cybersecurity firm Huntress say the patch “does not mitigate the software flaw.”]]> First seen on therecord.media Jump to article: therecord.media/multiple-cleo-file-transfer-products-exploited-by-hackers
-
iOS vuln leaves user data dangerously exposed
by
in SecurityNewsJamf threat researchers detail an exploit chain for a recently patched iOS vulnerability that enables a threat actor to steal sensitive data, warning that many organisations are still neglecting mobile updates. First seen on computerweekly.com Jump to article: www.computerweekly.com/news/366616985/iOS-vuln-leaves-user-data-dangerously-exposed
-
Microsoft fixes exploited zero-day (CVE-2024-49138)
by
in SecurityNewsOn December 2024 Patch Tuesday, Microsoft resolved 71 vulnerabilities in a variety of its products, including a zero-day (CVE-2024-49138) that’s been exploited by … First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2024/12/10/december-2024-patch-tuesday-microsoft-zero-day-cve-2024-49138/
-
OpenWrt Update Flaw Exposed Devices to Malicious Firmware
by
in SecurityNewsEmbedded Device Operating Sytem Had Flaw Allowing Hacers to Bypass Integrity Check. A critical flaw in the updating service of a popular Linux operating system for embedded devices could enable hackers to compromise firmware with malicious images. OpenWrt developers patched the vulnerability, with a CVSS core of 9.3 and tracked as CVE-2024-54143. First seen on…
-
WPForms bug allows Stripe refunds on millions of WordPress sites
by
in SecurityNewsA vulnerability in WPForms, a WordPress plugin used in over 6 million websites, could allow subscriber-level users to issue arbitrary Stripe refunds or cancel subscriptions. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/wpforms-bug-allows-stripe-refunds-on-millions-of-wordpress-sites/
-
Microsoft Patch Tuesday December 2024, 71 Vulnerabilities Fixed Including 1 Zero-day
by
in SecurityNewsIn its final Patch Tuesday of 2024, Microsoft has released a significant security update addressing a total of 71 vulnerabilities, including 16 critical vulnerabilities and 1 zero-day. This December update marks a crucial milestone in Microsoft’s ongoing efforts to enhance the security of its products and protect users from potential cyber threats. Critical Zero-Day Vulnerability…
-
Microsoft Patch Tuesday for December 2024 contains four critical vulnerabilities
by
in SecurityNewsThe Patch Tuesday for December of 2024 includes 72 vulnerabilities, including four that Microsoft marked as “critical.” The remaining vulnerabilities listed are classified as “important.” First seen on blog.talosintelligence.com Jump to article: blog.talosintelligence.com/december-patch-tuesday-release/
-
Adobe Patches Over 160 Vulnerabilities Across 16 Products
by
in SecurityNewsAdobe has patched over 160 vulnerabilities across over a dozen products, including Reader, Illustrator, Photoshop and Connect. The post Adobe Patches Over 160 Vulnerabilities Across 16 Products appeared first on SecurityWeek. First seen on securityweek.com Jump to article: www.securityweek.com/adobe-patches-over-160-vulnerabilities-across-16-products/
-
Ivanti warns of maximum severity CSA auth bypass vulnerability
by
in SecurityNewsIvanti warned customers on Tuesday about a new maximum-severity authentication bypass vulnerability in its Cloud Services Appliance (CSA) solution. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/ivanti-warns-of-maximum-severity-csa-auth-bypass-vulnerability/
-
Black Hat: Latest news and insights
by
in SecurityNewsThe infosecurity world decamps to London this week, with research on vulnerabilities in AI systems at the fore of the latest edition of Black Hat Europe.The four-day program runs from Dec. 9-12, with two-and four-day options of hands-on trainings, but the main event at ExCeL London occurs on Dec. 11 and 12 featuring the latest research, developments,…
-
US sanctions Chinese cybersecurity firm for firewall hacks targeting critical infrastructure
by
in SecurityNews
Tags: china, cybersecurity, exploit, firewall, hacking, infrastructure, sophos, vulnerability, zero-dayThe U.S. sanctioned a Chinese cybersecurity company and one of its employees for exploiting a zero-day vulnerability in Sophos firewalls to target U.S. organizations. On Tuesday, the U.S. Treasury Department said Guan Tianfeng, an employee of Sichuan Silence, used the vulnerability to compromise approximately 81,000 firewalls in April 2020. The hacking campaign, detailed by Sophos…
-
Windows 11 KB5048667 & KB5048685 cumulative updates released
by
in SecurityNewsMicrosoft has released the Windows 11 KB5048667 and KB5048685 cumulative updates for versions 24H2 and 23H2 to fix security vulnerabilities and issues. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/microsoft/windows-11-kb5048667-and-kb5048685-cumulative-updates-released/
-
Microsoft Patch Tuesday December 2024, Patch for 16 Critical Security Flaws
by
in SecurityNewsIn its final Patch Tuesday of 2024, Microsoft has released a significant security update addressing a total of 71 vulnerabilities, including 16 critical flaws. This December update marks a crucial milestone in Microsoft’s ongoing efforts to enhance the security of its products and protect users from potential cyber threats. Critical Vulnerabilities Patched The 16 critical…
-
Black Hat Europe preview: Cryptographic protocol attacks and AI in the spotlight
by
in SecurityNews
Tags: access, ai, application-security, attack, authentication, backdoor, best-practice, computer, conference, control, cybercrime, cybersecurity, data, dns, encryption, exploit, finance, github, government, hacker, healthcare, identity, injection, Internet, LLM, malicious, microsoft, mitigation, office, open-source, radius, RedTeam, risk, service, sophos, technology, tool, training, vulnerability, vulnerability-management, windowsThis week in London Black Hat Europe will feature a diverse range of talks and presentations covering the latest developments in cybersecurity.The opening keynote on Wednesday will be delivered by Frédérick Douzet, a professor of geopolitics at the University of Paris 8, and director of the French Institute of Geopolitics research team. No preview is…
-
Dell Urges Immediate Update to Fix Critical Power Manager Vulnerability
by
in SecurityNewsA critical security flaw in Dell Power Manager has been discovered that could allow attackers to compromise your systems and execute arbitrary code. First seen on hackread.com Jump to article: hackread.com/dell-urges-update-critical-power-manager-vulnerability/
-
OpenWrt: Upgrade-Schwachstelle CVE-2024-54143 gefährdet Firmware-Updates
by
in SecurityNewsKurze Information für Benutzer der OpenWrt-Firmware für Router. Der Update-Service für die Firmware weist in älteren Versionen die Schwachstelle CVE-2024-54143 auf. Angreifer könnten diese Schwachstelle ausnutzen, um Schadsoftware per Firmware-Update einzuschleusen. Es gibt aber bereits eine gepatchte Firmware-Version. Die Open-Source-Software … First seen on borncity.com Jump to article: www.borncity.com/blog/2024/12/10/openwrt-upgrade-schwachstelle-cve-2024-54143-gefaehrdet-firmware-updates/
-
SAP fixed critical SSRF flaw in NetWeaver’s Adobe Document Services
by
in SecurityNewsSAP has issued patches for 16 vulnerabilities, including a critical SSRF flaw in NetWeaver’s Adobe Document Services. SAP addressed 16 vulnerabilities as part of its December 2024 Security Patch Day. The company released nine new and four updated security notes. The most severe of these vulnerabilities is a critical issue, tracked as CVE-2024-47578 (CVSS score…
-
Cleo File Transfer Vulnerability Under Exploitation Patch Pending, Mitigation Urged
by
in SecurityNewsUsers of Cleo-managed file transfer software are being urged to ensure that their instances are not exposed to the internet following reports of mass exploitation of a vulnerability affecting fully patched systems.Cybersecurity company Huntress said it discovered evidence of threat actors exploiting the issue en masse on December 3, 2024. The vulnerability, which impacts Cleo’s…
-
New Cleo zero-day RCE flaw exploited in data theft attacks
by
in SecurityNewsHackers are actively exploiting a zero-day vulnerability in Cleo managed file transfer software to breach corporate networks and conduct data theft attacks. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/new-cleo-zero-day-rce-flaw-exploited-in-data-theft-attacks/
-
SAP Compliance und Patch Management in der Rüstungsindustrie
by
in SecurityNewsMit dem SecurityBridge Vulnerability- und Patch Management sind die monatlichen SAP Security Notes kein Problem mehr und die SAP-Basis hat viel Zeit gewonnen, um sich der weiteren Systemhärtung zu widmen. First seen on infopoint-security.de Jump to article: www.infopoint-security.de/sap-compliance-und-patch-management-in-der-ruestungsindustrie/a39212/
-
Cleo File Transfer Tool Vulnerability Exploited in Wild Against Enterprises
by
in SecurityNewsCVE-2024-50623, an improperly patched vulnerability affecting Cleo file transfer tools, has been exploited in the wild. The post Cleo File Transfer Tool Vulnerability Exploited in Wild Against Enterprises appeared first on SecurityWeek. First seen on securityweek.com Jump to article: www.securityweek.com/cleo-file-transfer-tool-vulnerability-exploited-in-wild-against-enterprises/