Vulnerabilities

After Zero-Day Attacks, MOVEit Turns to Security Service Packs

CVE-2023-36932, CVE-2023-36933, CVE-2023-36934, cybercrime, Progress Software, Ransomware, Vulnerabilities, Zero-Day /

After Zero-Day Attacks, MOVEit Turns to Security Service Packs 07/07/2023 at 20:31 By Ryan Naraine Facing ransomware zero-days, Progress Software will release regular service packs to help customers mitigate critical security flaws. The post After Zero-Day Attacks, MOVEit Turns to Security Service Packs appeared first on SecurityWeek. This article is an excerpt from SecurityWeek RSS […]

React to this headline:

Loading spinner

After Zero-Day Attacks, MOVEit Turns to Security Service Packs Read More »

In Other News: Healthcare Product Flaws, Free Email Security Testing, New Attack Techniques

email security, In Other News, Malware & Threats, Vulnerabilities /

In Other News: Healthcare Product Flaws, Free Email Security Testing, New Attack Techniques 07/07/2023 at 18:31 By SecurityWeek News Weekly cybersecurity news roundup that provides a summary of noteworthy stories that might have slipped under the radar for the week of July 3, 2023. The post In Other News: Healthcare Product Flaws, Free Email Security

React to this headline:

Loading spinner

In Other News: Healthcare Product Flaws, Free Email Security Testing, New Attack Techniques Read More »

StackRot Linux Kernel Vulnerability Shows Exploitability of UAFBR Bugs

kernel, Linux, StackRot, Vulnerabilities, vulnerability /

StackRot Linux Kernel Vulnerability Shows Exploitability of UAFBR Bugs 06/07/2023 at 14:46 By Eduard Kovacs A new Linux kernel vulnerability tracked as StackRot and CVE-2023-3269 shows the exploitability of use-after-free-by-RCU (UAFBR) bugs. The post StackRot Linux Kernel Vulnerability Shows Exploitability of UAFBR Bugs appeared first on SecurityWeek. This article is an excerpt from SecurityWeek RSS

React to this headline:

Loading spinner

StackRot Linux Kernel Vulnerability Shows Exploitability of UAFBR Bugs Read More »

Vulnerability in Cisco Enterprise Switches Allows Attackers to Modify Encrypted Traffic

Vulnerabilities /

Vulnerability in Cisco Enterprise Switches Allows Attackers to Modify Encrypted Traffic 06/07/2023 at 13:34 By Ionut Arghire Cisco says a high-severity vulnerability in Nexus 9000 series switches could allow attackers to intercept and modify encrypted traffic. The post Vulnerability in Cisco Enterprise Switches Allows Attackers to Modify Encrypted Traffic appeared first on SecurityWeek. This article

React to this headline:

Loading spinner

Vulnerability in Cisco Enterprise Switches Allows Attackers to Modify Encrypted Traffic Read More »

Exploited Solar Power Product Vulnerability Could Expose Energy Organizations to Attacks

ICS/OT, Vulnerabilities /

Exploited Solar Power Product Vulnerability Could Expose Energy Organizations to Attacks 05/07/2023 at 17:02 By Eduard Kovacs An actively exploited vulnerability in the Contec SolarView solar power monitoring product can expose hundreds of energy organizations to attacks. The post Exploited Solar Power Product Vulnerability Could Expose Energy Organizations to Attacks appeared first on SecurityWeek. This

React to this headline:

Loading spinner

Exploited Solar Power Product Vulnerability Could Expose Energy Organizations to Attacks Read More »

Firefox 115 Patches High-Severity Use-After-Free Vulnerabilities

Vulnerabilities /

Firefox 115 Patches High-Severity Use-After-Free Vulnerabilities 05/07/2023 at 14:15 By Ionut Arghire Mozilla has released Firefox 115 to the stable channel with patches for two high-severity use-after-free vulnerabilities. The post Firefox 115 Patches High-Severity Use-After-Free Vulnerabilities appeared first on SecurityWeek. This article is an excerpt from SecurityWeek RSS Feed View Original Source React to this

React to this headline:

Loading spinner

Firefox 115 Patches High-Severity Use-After-Free Vulnerabilities Read More »

In Other News: Hospital Infected via USB Drive, EU Cybersecurity Rules, Free Security Tools

Government, ICS/OT, In Other News, Vulnerabilities /

In Other News: Hospital Infected via USB Drive, EU Cybersecurity Rules, Free Security Tools 30/06/2023 at 17:46 By SecurityWeek News Weekly cybersecurity news roundup that provides a summary of noteworthy stories that might have slipped under the radar for the week of June 26, 2023. The post In Other News: Hospital Infected via USB Drive,

React to this headline:

Loading spinner

In Other News: Hospital Infected via USB Drive, EU Cybersecurity Rules, Free Security Tools Read More »

200,000 WordPress Sites Exposed to Attacks Exploiting Flaw in ‘Ultimate Member’ Plugin

Vulnerabilities /

200,000 WordPress Sites Exposed to Attacks Exploiting Flaw in ‘Ultimate Member’ Plugin 30/06/2023 at 16:18 By Ionut Arghire Attackers exploit critical vulnerability in the Ultimate Member plugin to create administrative accounts on WordPress websites. The post 200,000 WordPress Sites Exposed to Attacks Exploiting Flaw in ‘Ultimate Member’ Plugin appeared first on SecurityWeek. This article is

React to this headline:

Loading spinner

200,000 WordPress Sites Exposed to Attacks Exploiting Flaw in ‘Ultimate Member’ Plugin Read More »

Samsung Phone Flaws Added to CISA ‘Must Patch’ List Likely Exploited by Spyware Vendor

CISA, exploited, Mobile & Wireless, Samsung, Vulnerabilities /

Samsung Phone Flaws Added to CISA ‘Must Patch’ List Likely Exploited by Spyware Vendor 30/06/2023 at 16:18 By Eduard Kovacs CISA adds 6 Samsung mobile device flaws to its known exploited vulnerabilities catalog and they have likely been exploited by a spyware vendor. The post Samsung Phone Flaws Added to CISA ‘Must Patch’ List Likely

React to this headline:

Loading spinner

Samsung Phone Flaws Added to CISA ‘Must Patch’ List Likely Exploited by Spyware Vendor Read More »

MITRE Updates CWE Top 25 Most Dangerous Software Weaknesses

Application Security, CWE, MITRE, Vulnerabilities, vulnerability /

MITRE Updates CWE Top 25 Most Dangerous Software Weaknesses 30/06/2023 at 15:16 By Ionut Arghire Use-after-free and OS command injection vulnerabilities reach the top five most dangerous software weaknesses in the 2023 CWE Top 25 list. The post MITRE Updates CWE Top 25 Most Dangerous Software Weaknesses appeared first on SecurityWeek. This article is an

React to this headline:

Loading spinner

MITRE Updates CWE Top 25 Most Dangerous Software Weaknesses Read More »

Serious Vulnerability Exposes Admin Interface of Arcserve UDP Backup Solution

Arcserve, Vulnerabilities, vulnerability /

Serious Vulnerability Exposes Admin Interface of Arcserve UDP Backup Solution 29/06/2023 at 16:47 By Ionut Arghire Researchers publish PoC for a high-severity authentication bypass vulnerability in the Arcserve UDP data backup solution. The post Serious Vulnerability Exposes Admin Interface of Arcserve UDP Backup Solution appeared first on SecurityWeek. This article is an excerpt from SecurityWeek

React to this headline:

Loading spinner

Serious Vulnerability Exposes Admin Interface of Arcserve UDP Backup Solution Read More »

Chrome 114 Update Patches High-Severity Vulnerabilities

Vulnerabilities /

Chrome 114 Update Patches High-Severity Vulnerabilities 27/06/2023 at 15:18 By Ionut Arghire Google says it handed out $35,000 in bug bounty rewards for three high-severity vulnerabilities in Chrome 114. The post Chrome 114 Update Patches High-Severity Vulnerabilities appeared first on SecurityWeek. This article is an excerpt from SecurityWeek RSS Feed View Original Source React to

React to this headline:

Loading spinner

Chrome 114 Update Patches High-Severity Vulnerabilities Read More »

Fortinet Patches Critical RCE Vulnerability in FortiNAC

Vulnerabilities /

Fortinet Patches Critical RCE Vulnerability in FortiNAC 26/06/2023 at 18:36 By Ionut Arghire Fortinet releases patches for a critical FortiNAC vulnerability leading to remote code execution without authentication. The post Fortinet Patches Critical RCE Vulnerability in FortiNAC appeared first on SecurityWeek. This article is an excerpt from SecurityWeek RSS Feed View Original Source React to

React to this headline:

Loading spinner

Fortinet Patches Critical RCE Vulnerability in FortiNAC Read More »

Remotely Exploitable DoS Vulnerabilities Patched in BIND

Vulnerabilities /

Remotely Exploitable DoS Vulnerabilities Patched in BIND 26/06/2023 at 14:47 By Ionut Arghire The latest BIND updates address three high-severity, remotely exploitable vulnerabilities leading to denial-of-service (DoS). The post Remotely Exploitable DoS Vulnerabilities Patched in BIND appeared first on SecurityWeek. This article is an excerpt from SecurityWeek RSS Feed View Original Source React to this

React to this headline:

Loading spinner

Remotely Exploitable DoS Vulnerabilities Patched in BIND Read More »

NSA Issues Guidance on Mitigating BlackLotus Bootkit Infections

bootkit, firmware, Malware & Threats, NSA, UEFI, Vulnerabilities /

NSA Issues Guidance on Mitigating BlackLotus Bootkit Infections 23/06/2023 at 20:58 By Ionut Arghire The National Security Agency (NSA) has released mitigation guidance to help organizations stave off BlackLotus UEFI bootkit infections. The post NSA Issues Guidance on Mitigating BlackLotus Bootkit Infections appeared first on SecurityWeek. This article is an excerpt from SecurityWeek RSS Feed

React to this headline:

Loading spinner

NSA Issues Guidance on Mitigating BlackLotus Bootkit Infections Read More »

CISA Tells US Agencies to Patch Exploited Roundcube, VMware Flaws

and CVE-2021-44026, CISA, CVE-2020-12641, CVE-2020-35730, Government, Incident Response, KEV catalog, Vulnerabilities /

CISA Tells US Agencies to Patch Exploited Roundcube, VMware Flaws 23/06/2023 at 18:43 By Ionut Arghire The US government’s cybersecurity agency adds VMware and Roundcube server flaws to its Known Exploited Vulnerabilities (KEV) catalog. The post CISA Tells US Agencies to Patch Exploited Roundcube, VMware Flaws appeared first on SecurityWeek. This article is an excerpt

React to this headline:

Loading spinner

CISA Tells US Agencies to Patch Exploited Roundcube, VMware Flaws Read More »

VMware Patches Code Execution Vulnerabilities in vCenter Server

VMWare, Vulnerabilities /

VMware Patches Code Execution Vulnerabilities in vCenter Server 23/06/2023 at 17:19 By Ionut Arghire VMware published software updates to address multiple memory corruption vulnerabilities in vCenter Server that could lead to remote code execution. The post VMware Patches Code Execution Vulnerabilities in vCenter Server appeared first on SecurityWeek. This article is an excerpt from SecurityWeek

React to this headline:

Loading spinner

VMware Patches Code Execution Vulnerabilities in vCenter Server Read More »

PoC Exploit Published for Cisco AnyConnect Secure Vulnerability

Cisco, exploit, Vulnerabilities /

PoC Exploit Published for Cisco AnyConnect Secure Vulnerability 22/06/2023 at 16:31 By Ionut Arghire A security researcher has published proof-of-concept (PoC) exploit code targeting a recent high-severity vulnerability (CVE-2023-20178) in Cisco AnyConnect Secure. The post PoC Exploit Published for Cisco AnyConnect Secure Vulnerability appeared first on SecurityWeek. This article is an excerpt from SecurityWeek RSS

React to this headline:

Loading spinner

PoC Exploit Published for Cisco AnyConnect Secure Vulnerability Read More »

The Benefits of Red Zone Threat Intelligence

Threat Intelligence, Vulnerabilities /

The Benefits of Red Zone Threat Intelligence 22/06/2023 at 16:31 By Derek Manky Incorporating Red Zone threat intelligence into your security strategy will help you stay on top of the latest threats and better protect your organization. The post The Benefits of Red Zone Threat Intelligence appeared first on SecurityWeek. This article is an excerpt

React to this headline:

Loading spinner

The Benefits of Red Zone Threat Intelligence Read More »

Apple Patches iOS Flaws Used in Kaspersky ‘Operation Triangulation’ 

CVE-2023-32434, CVE-2023-32435, Nation-State, Vulnerabilities, Zero-Day /

Apple Patches iOS Flaws Used in Kaspersky ‘Operation Triangulation’  21/06/2023 at 22:52 By Ionut Arghire Apple ships major iOS security updates to cover code execution vulnerabilities already exploited in the wild. The post Apple Patches iOS Flaws Used in Kaspersky ‘Operation Triangulation’  appeared first on SecurityWeek. This article is an excerpt from SecurityWeek RSS Feed

React to this headline:

Loading spinner

Apple Patches iOS Flaws Used in Kaspersky ‘Operation Triangulation’  Read More »

Scroll to Top