Vulnerabilities

SEC Investigating Progress Software Over MOVEit Hack

Data Breaches, Malware & Threats, MOVEit, Progress Software, Ransomware, SEC, Vulnerabilities, WS_FTP /

SEC Investigating Progress Software Over MOVEit Hack 12/10/2023 at 20:16 By Ionut Arghire Progress Software confirms the SEC has launched its own investigation into costly ransomware zero-days in the MOVEit file transfer software. The post SEC Investigating Progress Software Over MOVEit Hack appeared first on SecurityWeek. This article is an excerpt from SecurityWeek RSS Feed […]

React to this headline:

Loading spinner

SEC Investigating Progress Software Over MOVEit Hack Read More »

Unpatched Vulnerabilities Expose Yifan Industrial Routers to Attacks

ICS, ICS/OT, router, Vulnerabilities, vulnerability /

Unpatched Vulnerabilities Expose Yifan Industrial Routers to Attacks 12/10/2023 at 14:46 By Eduard Kovacs Industrial routers made by Chinese company Yifan are affected by several critical vulnerabilities that can expose organizations to attacks.  The post Unpatched Vulnerabilities Expose Yifan Industrial Routers to Attacks appeared first on SecurityWeek. This article is an excerpt from SecurityWeek RSS

React to this headline:

Loading spinner

Unpatched Vulnerabilities Expose Yifan Industrial Routers to Attacks Read More »

Critical SOCKS5 Vulnerability in cURL Puts Enterprise Systems at Risk

Curl, CVE-2023-38545, ICS/OT, libcurl, memory corruption, Supply Chain Security, Vulnerabilities /

Critical SOCKS5 Vulnerability in cURL Puts Enterprise Systems at Risk 11/10/2023 at 19:01 By Ryan Naraine Flaw poses a direct threat to the SOCKS5 proxy handshake process in cURL and can be exploited remotely in some non-standard configurations. The post Critical SOCKS5 Vulnerability in cURL Puts Enterprise Systems at Risk appeared first on SecurityWeek. This

React to this headline:

Loading spinner

Critical SOCKS5 Vulnerability in cURL Puts Enterprise Systems at Risk Read More »

Citrix Patches Critical NetScaler ADC, Gateway Vulnerability

Vulnerabilities /

Citrix Patches Critical NetScaler ADC, Gateway Vulnerability 11/10/2023 at 17:02 By Ionut Arghire Citrix has released patches for a critical information disclosure vulnerability in NetScaler ADC and NetScaler Gateway. The post Citrix Patches Critical NetScaler ADC, Gateway Vulnerability appeared first on SecurityWeek. This article is an excerpt from SecurityWeek RSS Feed View Original Source React

React to this headline:

Loading spinner

Citrix Patches Critical NetScaler ADC, Gateway Vulnerability Read More »

Organizations Respond to HTTP/2 Zero-Day Exploited for DDoS Attacks

DDoS, HTTP, Network Security, Rapid Reset, Vulnerabilities /

Organizations Respond to HTTP/2 Zero-Day Exploited for DDoS Attacks 11/10/2023 at 15:33 By Eduard Kovacs Organizations respond to HTTP/2 Rapid Reset zero-day vulnerability exploited to launch the largest DDoS attacks seen to date.  The post Organizations Respond to HTTP/2 Zero-Day Exploited for DDoS Attacks appeared first on SecurityWeek. This article is an excerpt from SecurityWeek

React to this headline:

Loading spinner

Organizations Respond to HTTP/2 Zero-Day Exploited for DDoS Attacks Read More »

Chrome 118 Patches 20 Vulnerabilities

Chrome, Vulnerabilities /

Chrome 118 Patches 20 Vulnerabilities 11/10/2023 at 15:33 By Ionut Arghire Google has released Chrome 118 to the stable channel with patches for 20 vulnerabilities, including one rated ‘critical severity’. The post Chrome 118 Patches 20 Vulnerabilities appeared first on SecurityWeek. This article is an excerpt from SecurityWeek RSS Feed View Original Source React to

React to this headline:

Loading spinner

Chrome 118 Patches 20 Vulnerabilities Read More »

CISA Warns of Attacks Exploiting Adobe Acrobat Vulnerability 

CISA KEV, exploited, Vulnerabilities /

CISA Warns of Attacks Exploiting Adobe Acrobat Vulnerability  11/10/2023 at 13:48 By Ionut Arghire CISA has added five bugs to its Known Exploited Vulnerabilities catalog, including the recent WordPad, Skype, and HTTP/2 zero-days. The post CISA Warns of Attacks Exploiting Adobe Acrobat Vulnerability  appeared first on SecurityWeek. This article is an excerpt from SecurityWeek RSS

React to this headline:

Loading spinner

CISA Warns of Attacks Exploiting Adobe Acrobat Vulnerability  Read More »

Microsoft Blames Nation-State Threat Actor for Confluence Zero-Day Attacks

Atlassian, Confluence, CVE-2023-22515, Cyberwarfare, Incident Response, Nation-State, Storm-0062, Vulnerabilities /

Microsoft Blames Nation-State Threat Actor for Confluence Zero-Day Attacks 11/10/2023 at 03:01 By Ryan Naraine Microsoft says an APT group tracked as Storm-0062 has been hacking Confluence installations since mid-September, three weeks before Atlassian’s disclosure. The post Microsoft Blames Nation-State Threat Actor for Confluence Zero-Day Attacks appeared first on SecurityWeek. This article is an excerpt

React to this headline:

Loading spinner

Microsoft Blames Nation-State Threat Actor for Confluence Zero-Day Attacks Read More »

Microsoft Fixes Exploited Zero-Days in WordPad, Skype for Business

Application Security, CVE-2023-36563, CVE-2023-41763, CVE-2023-44487, Malware & Threats, Microsoft, Patch Tuesday, Vulnerabilities /

Microsoft Fixes Exploited Zero-Days in WordPad, Skype for Business 10/10/2023 at 21:32 By Ryan Naraine Microsoft patches more than 100 vulnerabilities across the Windows ecosystem and warned that three are already being exploited in the wild. The post Microsoft Fixes Exploited Zero-Days in WordPad, Skype for Business appeared first on SecurityWeek. This article is an

React to this headline:

Loading spinner

Microsoft Fixes Exploited Zero-Days in WordPad, Skype for Business Read More »

Patch Tuesday: Code Execution Flaws in Adobe Commerce, Photoshop

Adobe, CVE-2023-26370, Incident Response, magento, Malware & Threats, Patch Tuesday, Vulnerabilities /

Patch Tuesday: Code Execution Flaws in Adobe Commerce, Photoshop 10/10/2023 at 20:17 By Ryan Naraine Adobe Commerce customers exposed to code execution, privilege escalation, arbitrary file system read, and security feature bypass attacks. The post Patch Tuesday: Code Execution Flaws in Adobe Commerce, Photoshop appeared first on SecurityWeek. This article is an excerpt from SecurityWeek

React to this headline:

Loading spinner

Patch Tuesday: Code Execution Flaws in Adobe Commerce, Photoshop Read More »

One-Click GNOME Exploit Could Pose Serious Threat to Linux Systems

GNOME, Linux, Vulnerabilities /

One-Click GNOME Exploit Could Pose Serious Threat to Linux Systems 10/10/2023 at 17:02 By Eduard Kovacs A one-click exploit targeting the Libcue component of the GNOME desktop environment could pose a serious threat to Linux systems. The post One-Click GNOME Exploit Could Pose Serious Threat to Linux Systems appeared first on SecurityWeek. This article is

React to this headline:

Loading spinner

One-Click GNOME Exploit Could Pose Serious Threat to Linux Systems Read More »

Researcher Conversations: Natalie Silvanovich From Google’s Project Zero

Featured, Google, Hacker Conversations, Vulnerabilities, vulnerability reserach /

Researcher Conversations: Natalie Silvanovich From Google’s Project Zero 10/10/2023 at 15:37 By Kevin Townsend SecurityWeek continues its Hacker Conversations series in a discussion with Natalie Silvanovich, a member of of Google’s Project Zero. The post Researcher Conversations: Natalie Silvanovich From Google’s Project Zero appeared first on SecurityWeek. This article is an excerpt from SecurityWeek RSS

React to this headline:

Loading spinner

Researcher Conversations: Natalie Silvanovich From Google’s Project Zero Read More »

Google Expands Bug Bounty Program With Chrome, Cloud CTF Events

bug bounty program, Google, Vulnerabilities /

Google Expands Bug Bounty Program With Chrome, Cloud CTF Events 09/10/2023 at 15:01 By Ionut Arghire Google is hosting capture the flag (CTF) events focused on Chrome’s V8 engine and on Kernel-based Virtual Machine (KVM). The post Google Expands Bug Bounty Program With Chrome, Cloud CTF Events appeared first on SecurityWeek. This article is an

React to this headline:

Loading spinner

Google Expands Bug Bounty Program With Chrome, Cloud CTF Events Read More »

Patches Prepared for ‘Probably Worst’ cURL Vulnerability

Curl, Vulnerabilities /

Patches Prepared for ‘Probably Worst’ cURL Vulnerability 09/10/2023 at 15:01 By Ionut Arghire A high-severity vulnerability in the data transfer project cURL will be addressed with libcurl and curl updates this week. The post Patches Prepared for ‘Probably Worst’ cURL Vulnerability appeared first on SecurityWeek. This article is an excerpt from SecurityWeek RSS Feed View

React to this headline:

Loading spinner

Patches Prepared for ‘Probably Worst’ cURL Vulnerability Read More »

CISA Reverses Course on Malicious Exploitation of Video Conferencing Device Flaws

Bluetooth, CISA, CISA KEV, Featured, Vulnerabilities /

CISA Reverses Course on Malicious Exploitation of Video Conferencing Device Flaws 06/10/2023 at 13:46 By Eduard Kovacs CISA has removed from its KEV catalog five Owl Labs video conferencing flaws that require the attacker to be in Bluetooth range. The post CISA Reverses Course on Malicious Exploitation of Video Conferencing Device Flaws appeared first on

React to this headline:

Loading spinner

CISA Reverses Course on Malicious Exploitation of Video Conferencing Device Flaws Read More »

Cisco Plugs Gaping Hole in Emergency Responder Software

Cisco, Cisco Emergency Responder, cloud security, CVSS 9.8, disaster recovery, Incident Response, Vulnerabilities /

Cisco Plugs Gaping Hole in Emergency Responder Software 05/10/2023 at 21:31 By Ryan Naraine Cisco warns that unauthenticated, remote attackers can log into devices using root account, which has default, static credentials that cannot be changed or deleted. The post Cisco Plugs Gaping Hole in Emergency Responder Software appeared first on SecurityWeek. This article is

React to this headline:

Loading spinner

Cisco Plugs Gaping Hole in Emergency Responder Software Read More »

Apple Warns of Newly Exploited iOS 17 Kernel Zero-Day

apple, iOS, iOS 17.0.3, Malware & Threats, Mobile & Wireless, Nation-State, Vulnerabilities, Zero-Day /

Apple Warns of Newly Exploited iOS 17 Kernel Zero-Day 04/10/2023 at 22:16 By Ryan Naraine Apple’s cat-and-mouse struggles with zero-day exploits on its flagship iOS platform is showing no signs of slowing down. The post Apple Warns of Newly Exploited iOS 17 Kernel Zero-Day appeared first on SecurityWeek. This article is an excerpt from SecurityWeek

React to this headline:

Loading spinner

Apple Warns of Newly Exploited iOS 17 Kernel Zero-Day Read More »

Atlassian Ships Urgent Patch for Exploited Confluence Zero-Day

Application Security, Atlassian, Confluence, Malware & Threats, Vulnerabilities, Zero-Day /

Atlassian Ships Urgent Patch for Exploited Confluence Zero-Day 04/10/2023 at 20:16 By Ryan Naraine Atlassian confirms that “a handful of customers” were hit by exploits targeting a remotely exploitable flaw in its Confluence Data Center and Server products. The post Atlassian Ships Urgent Patch for Exploited Confluence Zero-Day appeared first on SecurityWeek. This article is

React to this headline:

Loading spinner

Atlassian Ships Urgent Patch for Exploited Confluence Zero-Day Read More »

New Supermicro BMC Vulnerabilities Could Expose Many Servers to Remote Attacks

Endpoint Security, Vulnerabilities /

New Supermicro BMC Vulnerabilities Could Expose Many Servers to Remote Attacks 04/10/2023 at 18:16 By Ionut Arghire Supermicro has released BMC IPMI firmware updates to address multiple vulnerabilities impacting select motherboard models. The post New Supermicro BMC Vulnerabilities Could Expose Many Servers to Remote Attacks appeared first on SecurityWeek. This article is an excerpt from

React to this headline:

Loading spinner

New Supermicro BMC Vulnerabilities Could Expose Many Servers to Remote Attacks Read More »

Scroll to Top