enterprise - Security Ticks

SolarWinds fixes severe Serv-U vulnerability (CVE-2024-28995)

CVE, Don't miss, enterprise, file-sharing, Hot stuff, News, SolarWinds, vulnerability / SecurityTicks

SolarWinds fixes severe Serv-U vulnerability (CVE-2024-28995) 2024-06-07 at 20:01 By Zeljka Zorz SolarWinds has fixed a high-severity vulnerability (CVE-2024-28995) affecting its Serv-U managed file transfer (MFT) server solution, which could be exploited by unauthenticated attackers to access sensitive files on the host machine. About CVE-2024-28995 Serv-U MFT Server is a widely used enterprise solution that […]

React to this headline:

SolarWinds fixes severe Serv-U vulnerability (CVE-2024-28995) Read More »

Vulnerability in Cisco Webex cloud service exposed government authorities, companies

Cisco, cloud security, Don't miss, enterprise, Europe, Germany, Government, Hot stuff, News, research, video conferencing, vulnerability, Webex / SecurityTicks

Vulnerability in Cisco Webex cloud service exposed government authorities, companies 2024-06-05 at 22:33 By Zeljka Zorz The vulnerability that allowed a German journalist to discover links to video conference meetings held by Bundeswehr (the German armed forces) and the Social Democratic Party of Germany (SPD) via their self-hosted Cisco Webex instances similarly affected the Webex

React to this headline:

Vulnerability in Cisco Webex cloud service exposed government authorities, companies Read More »

PoC for Progress Telerik RCE chain released (CVE-2024-4358, CVE-2024-1800)

Censys, CVE, Don't miss, enterprise, Hot stuff, News, PoC, Progress, vulnerability / SecurityTicks

PoC for Progress Telerik RCE chain released (CVE-2024-4358, CVE-2024-1800) 2024-06-04 at 17:46 By Zeljka Zorz Security researchers have published a proof-of-concept (PoC) exploit that chains together two vulnerabilities (CVE-2024-4358, CVE-2024-1800) to achieve unauthenticated remote code execution on Progress Telerik Report Servers. Telerik Report Server is a centralized enterprise platform for report creation, management, storage and

React to this headline:

PoC for Progress Telerik RCE chain released (CVE-2024-4358, CVE-2024-1800) Read More »

361 million account credentials leaked on Telegram: Are yours among them?

account hijacking, consumer, credentials, Data leak, data theft, Don't miss, enterprise, HIBP, Hot stuff, Malware, News, passwords, Telegram, tips / SecurityTicks

361 million account credentials leaked on Telegram: Are yours among them? 2024-06-04 at 15:03 By Zeljka Zorz A new trove of 361 million email addresses has been added to Have I Been Pwned? (HIBP), the free online service through which users can check whether their account credentials and other data has been compromised in one

React to this headline:

361 million account credentials leaked on Telegram: Are yours among them? Read More »

Snowflake compromised? Attackers exploit stolen credentials

credentials, data breach, data theft, Don't miss, enterprise, extortion, Hot stuff, Hudson Rock, Mitiga, News, Snowflake / SecurityTicks

Snowflake compromised? Attackers exploit stolen credentials 2024-05-31 at 22:17 By Zeljka Zorz Have attackers compromised Snowflake or just their customers’ accounts and databases? Conflicting claims muddy the situation. What is Snowflake? Snowflake is cloud-based data storage and analytics company based in the US, and claims nearly 9,500 organizations around the world as customers. “From an

React to this headline:

Snowflake compromised? Attackers exploit stolen credentials Read More »

Check Point VPN zero-day exploited since beginning of April (CVE-2024-24919)

0-day, Check Point, CISA, CVE, Don't miss, enterprise, Hot stuff, News, Rapid7, WatchTowr / SecurityTicks

Check Point VPN zero-day exploited since beginning of April (CVE-2024-24919) 2024-05-31 at 14:32 By Zeljka Zorz Attackers have been exploiting CVE-2024-24919, a zero-day vulnerability in Check Point Security Gateways, to pinpoint and extract password hashes for local accounts, which they then used to move laterally in the target organizations’ network. “The vulnerability is particularly critical

React to this headline:

Check Point VPN zero-day exploited since beginning of April (CVE-2024-24919) Read More »

PoC exploits for critical FortiSIEM command execution flaws released (CVE-2024-23108, CVE-2023-34992)

CVE, Don't miss, enterprise, exploit, Fortinet, Horizon3.ai, Hot stuff, News, PoC, vulnerability / SecurityTicks

PoC exploits for critical FortiSIEM command execution flaws released (CVE-2024-23108, CVE-2023-34992) 2024-05-29 at 13:01 By Zeljka Zorz Horizon3.ai researches have released proof-of-concept (PoC) exploits for CVE-2024-23108 and CVE-2023-34992, vulnerabilities that allow remote, unauthenticated command execution as root on certain Fortinet FortiSIEM appliances. CVE confusion FortiSIEM helps customers build an inventory of their organization’s assets, it

React to this headline:

PoC exploits for critical FortiSIEM command execution flaws released (CVE-2024-23108, CVE-2023-34992) Read More »

Attackers are probing Check Point Remote Access VPN devices

Check Point, Cisco, Don't miss, enterprise, Hot stuff, News, VPN / SecurityTicks

Attackers are probing Check Point Remote Access VPN devices 2024-05-28 at 12:46 By Zeljka Zorz Attackers are trying to gain access to Check Point VPN devices via local accounts protected only by passwords, the company has warned on Monday. Their ultimate goal is to use that access to discover and pivot to other enterprise assets

React to this headline:

Attackers are probing Check Point Remote Access VPN devices Read More »

GitHub fixes maximum severity Enterprise Server auth bypass bug (CVE-2024-4985)

Don't miss, enterprise, GitHub, Hot stuff, News, software development, vulnerability / SecurityTicks

GitHub fixes maximum severity Enterprise Server auth bypass bug (CVE-2024-4985) 2024-05-23 at 13:16 By Zeljka Zorz A critical, 10-out-of-10 vulnerability (CVE-2024-4985) allowing unrestricted access to vulnerable GitHub Enterprise Server (GHES) instances has been fixed by Microsoft-owned GitHub. Fortunately, there is a catch that may narrow down the pool of potential victims: instances are vulnerable to

React to this headline:

GitHub fixes maximum severity Enterprise Server auth bypass bug (CVE-2024-4985) Read More »

Veeam fixes auth bypass flaw in Backup Enterprise Manager (CVE-2024-29849)

backup, Don't miss, enterprise, Hot stuff, News, Veeam Software, vulnerability / SecurityTicks

Veeam fixes auth bypass flaw in Backup Enterprise Manager (CVE-2024-29849) 2024-05-22 at 11:46 By Zeljka Zorz Veeam has patched four vulnerabilities in Backup Enterprise Manager (VBEM), one of which (CVE-2024-29849) may allow attackers to bypass authentication and log in to its web interface as any user. With no user interaction required for remote exploitation and

React to this headline:

Veeam fixes auth bypass flaw in Backup Enterprise Manager (CVE-2024-29849) Read More »

PoC exploit for Ivanti EPMM privilege escalation flaw released (CVE 2024-22026)

Don't miss, endpoint management, enterprise, Hot stuff, Ivanti, News, PoC, Redline Cyber Security, vulnerability / SecurityTicks

PoC exploit for Ivanti EPMM privilege escalation flaw released (CVE 2024-22026) 2024-05-20 at 14:02 By Zeljka Zorz Technical details about and a proof-of-concept (PoC) exploit for CVE-2024-22026, a privilege escalation bug affecting Ivanti EPMM, has been released by the vulnerability’s reporter. About CVE-2024-22026 Ivanti Endpoint Manager Mobile (formerly MobileIron Core) is used by enterprises to

React to this headline:

PoC exploit for Ivanti EPMM privilege escalation flaw released (CVE 2024-22026) Read More »

US exposes scheme enabling North Korean IT workers to bypass sanctions

DOJ, Don't miss, enterprise, Hot stuff, News, North Korea, tips, USA / SecurityTicks

US exposes scheme enabling North Korean IT workers to bypass sanctions 2024-05-17 at 14:46 By Zeljka Zorz The US Justice Department had unsealed charges against a US woman and an Ukranian man who, along with three unidentified foreign nationals, have allegedly helped North Korean IT workers work remotely for US companies under assumed US identities

React to this headline:

US exposes scheme enabling North Korean IT workers to bypass sanctions Read More »

Attackers may be using TunnelVision to snoop on users’ VPN traffic (CVE-2024-3661)

consumer, CVE, Don't miss, enterprise, Hot stuff, Leviathan Security Group, News, Privacy, VPN / SecurityTicks

Attackers may be using TunnelVision to snoop on users’ VPN traffic (CVE-2024-3661) 2024-05-08 at 16:31 By Zeljka Zorz Researchers have brought to light a new attack method – dubbed TunnelVision and uniquely identified as CVE-2024-3661 – that can be used to intercept and snoop on VPN users’ traffic by attackers who are on the same

React to this headline:

Attackers may be using TunnelVision to snoop on users’ VPN traffic (CVE-2024-3661) Read More »

Microsoft, Google widen passkey support for its users

account protection, Bitwarden, consumer, Don't miss, enterprise, FIDO Alliance, Google, Hot stuff, Microsoft, News, passwordless, passwords / SecurityTicks

Microsoft, Google widen passkey support for its users 2024-05-03 at 14:46 By Zeljka Zorz Since 2013, the first Thursday in May is marked as World Password Day, a day dedicated to raising awareness about the need for using strong, unique passwords to secure out digital lives. Despite decades of often-repeated statements proclaiming the death of

React to this headline:

Microsoft, Google widen passkey support for its users Read More »

PoC for critical Progress Flowmon vulnerability released (CVE-2024-2389)

Don't miss, enterprise, network monitoring, News, PoC, Progress, Rhino Security, vulnerability / SecurityTicks

PoC for critical Progress Flowmon vulnerability released (CVE-2024-2389) 2024-04-24 at 15:01 By Zeljka Zorz More details of and a proof-of-concept exploit for an unauthenticated OS command injection vulnerability (CVE-2024-2389) in Flowmon, Progress Software’s network monitoring/analysis and security solution, have been published. The critical vulnerability has been disclosed and patched by Progress earlier this month. “Currently,

React to this headline:

PoC for critical Progress Flowmon vulnerability released (CVE-2024-2389) Read More »

CrushFTP zero-day exploited by attackers, upgrade immediately! (CVE-2024-4040)

Censys, CrowdStrike, CrushFTP, CVE, Don't miss, enterprise, exploit, FTP, Hot stuff, News / SecurityTicks

CrushFTP zero-day exploited by attackers, upgrade immediately! (CVE-2024-4040) 2024-04-23 at 13:01 By Zeljka Zorz A vulnerability (CVE-2024-4040) in enterprise file transfer solution CrushFTP is being exploited by attackers in a targeted fashion, according to Crowdstrike. The vulnerability allows attackers to escape their virtual file system and download system files (i.e., configuration files), but only if

React to this headline:

CrushFTP zero-day exploited by attackers, upgrade immediately! (CVE-2024-4040) Read More »

Ernst & Young taps ZK-proofs on Ethereum to automate contracts

accounting, audit, enterprise, EY OpsChain Contract Manager, Paul Brody, Polygon, Poylgon Nightfall, Private Blockchain, Public Blockchain, tax / SecurityTicks

Ernst & Young taps ZK-proofs on Ethereum to automate contracts 2024-04-18 at 06:01 By Cointelegraph by Brayden Lindrea EY said it chose Ethereum instead of a private network as it is cheaper, more confidential and prevents a party from gaining a “strategic advantage” over another. This article is an excerpt from Cointelegraph.com News View Original

React to this headline:

Ernst & Young taps ZK-proofs on Ethereum to automate contracts Read More »

Palo Alto firewalls: Public exploits, rising attacks, ineffective mitigation

Don't miss, enterprise, exploit, firewall, GreyNoise, Hot stuff, News, Palo Alto Networks, PoC, security update, TrustedSec, Volexity, vulnerability, WatchTowr / SecurityTicks

Palo Alto firewalls: Public exploits, rising attacks, ineffective mitigation 2024-04-17 at 12:31 By Zeljka Zorz While it initially seemed that protecting Palo Alto Network firewalls from attacks leveraging CVE-2024-3400 would be as easy a disabling the devices’ telemetry, it has now been comfirmed that this mitigation is ineffectual. “Device telemetry does not need to be

React to this headline:

Palo Alto firewalls: Public exploits, rising attacks, ineffective mitigation Read More »

A critical vulnerability in Delinea Secret Server allows auth bypass, admin access

access management, Delinea, Don't miss, enterprise, Hot stuff, News, PoC, privileged accounts, vulnerability, vulnerability disclosure / SecurityTicks

A critical vulnerability in Delinea Secret Server allows auth bypass, admin access 2024-04-15 at 14:46 By Zeljka Zorz Organizations with on-prem installations of Delinea Secret Server are urged to update them immediately, to plug a critical vulnerability that may allow attackers to bypass authentication, gain admin access and extract secrets. Fixing the Delinea Secret Server

React to this headline:

A critical vulnerability in Delinea Secret Server allows auth bypass, admin access Read More »

New covert SharePoint data exfiltration techniques revealed

Data exfiltration, data theft, Don't miss, enterprise, Hot stuff, logging, News, SharePoint, Varonis / SecurityTicks

New covert SharePoint data exfiltration techniques revealed 2024-04-10 at 18:10 By Zeljka Zorz Varonis Threat Labs researchers have uncovered two techniques attackers can use can use for covert data and file exfiltration from companies’ SharePoint server. “These techniques can bypass the detection and enforcement policies of traditional tools, such as cloud access security brokers, data

React to this headline:

New covert SharePoint data exfiltration techniques revealed Read More »