Vulnerabilities

Critical Vulnerability Allows Access to QNAP NAS Devices

QNAP, Vulnerabilities /

Critical Vulnerability Allows Access to QNAP NAS Devices 2024-03-11 at 16:01 By Ionut Arghire Critical-severity vulnerability could allow network attackers to access QNAP NAS devices without authentication. The post Critical Vulnerability Allows Access to QNAP NAS Devices appeared first on SecurityWeek. This article is an excerpt from SecurityWeek RSS Feed View Original Source React to […]

React to this headline:

Loading spinner

Critical Vulnerability Allows Access to QNAP NAS Devices Read More »

In Other News: Google AI Hacking, Font Vulnerabilities, IBM Training Facility

In Other News, Vulnerabilities /

In Other News: Google AI Hacking, Font Vulnerabilities, IBM Training Facility 2024-03-08 at 16:59 By SecurityWeek News Noteworthy stories that might have slipped under the radar: Google AI bug bounties, font vulnerabilities, IBM opens new training facility. The post In Other News: Google AI Hacking, Font Vulnerabilities, IBM Training Facility appeared first on SecurityWeek. This

React to this headline:

Loading spinner

In Other News: Google AI Hacking, Font Vulnerabilities, IBM Training Facility Read More »

Cisco Patches High-Severity Vulnerabilities in VPN Product

Cisco, Vulnerabilities /

Cisco Patches High-Severity Vulnerabilities in VPN Product 2024-03-07 at 16:40 By Ionut Arghire High-severity flaws in Cisco Secure Client could lead to code execution and unauthorized remote access VPN sessions. The post Cisco Patches High-Severity Vulnerabilities in VPN Product appeared first on SecurityWeek. This article is an excerpt from SecurityWeek RSS Feed View Original Source

React to this headline:

Loading spinner

Cisco Patches High-Severity Vulnerabilities in VPN Product Read More »

CISA Warns of Pixel Phone Vulnerability Exploitation

Android, CISA KEV, exploited, Pixel, Vulnerabilities /

CISA Warns of Pixel Phone Vulnerability Exploitation 2024-03-06 at 14:07 By Eduard Kovacs CISA adds Pixel Android phone (CVE-2023-21237) and Sunhillo SureLine (CVE-2021-36380) flaws to its known exploited vulnerabilities catalog.  The post CISA Warns of Pixel Phone Vulnerability Exploitation appeared first on SecurityWeek. This article is an excerpt from SecurityWeek RSS Feed View Original Source

React to this headline:

Loading spinner

CISA Warns of Pixel Phone Vulnerability Exploitation Read More »

Apple Blunts Zero-Day Attacks With iOS 17.4 Update

CVE-2024-23225, CVE-2024-23296, IOS 17.4, Mobile & Wireless, Vulnerabilities, Zero-Day /

Apple Blunts Zero-Day Attacks With iOS 17.4 Update 2024-03-05 at 23:01 By Ryan Naraine Apple rolls out urgent patches to fix multiple security flaws in its flagship iOS platform and warned about zero-day exploits in the wild. The post Apple Blunts Zero-Day Attacks With iOS 17.4 Update appeared first on SecurityWeek. This article is an

React to this headline:

Loading spinner

Apple Blunts Zero-Day Attacks With iOS 17.4 Update Read More »

VMware Patches Critical ESXi Sandbox Escape Flaws

CVE-2024-22252, CVE-2024-22253, ESXi, Malware & Threats, VMWare, Vulnerabilities /

VMware Patches Critical ESXi Sandbox Escape Flaws 2024-03-05 at 21:17 By Ryan Naraine The most serious flaws allow hackers with local admin rights to execute code as the virtual machine’s VMX process running on the host. The post VMware Patches Critical ESXi Sandbox Escape Flaws appeared first on SecurityWeek. This article is an excerpt from

React to this headline:

Loading spinner

VMware Patches Critical ESXi Sandbox Escape Flaws Read More »

Critical Vulnerability Exposes TeamCity Servers to Takeover

Vulnerabilities /

Critical Vulnerability Exposes TeamCity Servers to Takeover 2024-03-05 at 14:03 By Ionut Arghire A critical authentication bypass in TeamCity allows remote attackers to take full control of vulnerable servers. The post Critical Vulnerability Exposes TeamCity Servers to Takeover appeared first on SecurityWeek. This article is an excerpt from SecurityWeek RSS Feed View Original Source React

React to this headline:

Loading spinner

Critical Vulnerability Exposes TeamCity Servers to Takeover Read More »

Hikvision Patches High-Severity Vulnerability in Security Management System

Hikvision, IoT Security, Vulnerabilities, vulnerability /

Hikvision Patches High-Severity Vulnerability in Security Management System 2024-03-04 at 15:47 By Ionut Arghire A high-severity vulnerability in HikCentral Professional could lead to unauthorized access to certain URLs. The post Hikvision Patches High-Severity Vulnerability in Security Management System appeared first on SecurityWeek. This article is an excerpt from SecurityWeek RSS Feed View Original Source React

React to this headline:

Loading spinner

Hikvision Patches High-Severity Vulnerability in Security Management System Read More »

CISA Warns of Windows Streaming Service Vulnerability Exploitation

exploited, Featured, Vulnerabilities, Windows /

CISA Warns of Windows Streaming Service Vulnerability Exploitation 2024-03-01 at 16:01 By Ionut Arghire CISA says a high-severity elevation of privilege vulnerability in Microsoft Streaming Service is actively exploited in the wild. The post CISA Warns of Windows Streaming Service Vulnerability Exploitation appeared first on SecurityWeek. This article is an excerpt from SecurityWeek RSS Feed

React to this headline:

Loading spinner

CISA Warns of Windows Streaming Service Vulnerability Exploitation Read More »

Meta Patches Facebook Account Takeover Vulnerability

Facebook, Vulnerabilities, vulnerability /

Meta Patches Facebook Account Takeover Vulnerability 2024-02-29 at 16:34 By Eduard Kovacs Meta has patched a critical vulnerability that could have been exploited to take over any Facebook account via a brute-force attack. The post Meta Patches Facebook Account Takeover Vulnerability appeared first on SecurityWeek. This article is an excerpt from SecurityWeek RSS Feed View

React to this headline:

Loading spinner

Meta Patches Facebook Account Takeover Vulnerability Read More »

The Imperative for Modern Security: Risk-Based Vulnerability Management

Risk Management, Vulnerabilities /

The Imperative for Modern Security: Risk-Based Vulnerability Management 2024-02-29 at 15:01 By Torsten George By prioritizing vulnerabilities based on risk and aligning security efforts with business objectives, organizations can enhance their resilience to cyberattacks, optimize resource allocation, and maintain a proactive security posture. The post The Imperative for Modern Security: Risk-Based Vulnerability Management appeared first

React to this headline:

Loading spinner

The Imperative for Modern Security: Risk-Based Vulnerability Management Read More »

Cisco Patches High-Severity Vulnerabilities in Data Center OS

Cisco, Vulnerabilities, vulnerability /

Cisco Patches High-Severity Vulnerabilities in Data Center OS 2024-02-29 at 15:01 By Ionut Arghire Cisco’s semiannual FXOS and NX-OS security advisory bundle resolves two high- and two medium-severity vulnerabilities. The post Cisco Patches High-Severity Vulnerabilities in Data Center OS appeared first on SecurityWeek. This article is an excerpt from SecurityWeek RSS Feed View Original Source

React to this headline:

Loading spinner

Cisco Patches High-Severity Vulnerabilities in Data Center OS Read More »

Windows Zero-Day Exploited by North Korean Hackers in Rootkit Attack

CVE-2024-21338, exploited, Featured, Lazarus, Malware & Threats, North Korea, Vulnerabilities, Windows, Zero-Day /

Windows Zero-Day Exploited by North Korean Hackers in Rootkit Attack 2024-02-29 at 13:46 By Eduard Kovacs North Korean group Lazarus exploited AppLocker driver zero-day CVE-2024-21338 for privilege escalation in attacks involving FudModule rootkit. The post Windows Zero-Day Exploited by North Korean Hackers in Rootkit Attack appeared first on SecurityWeek. This article is an excerpt from

React to this headline:

Loading spinner

Windows Zero-Day Exploited by North Korean Hackers in Rootkit Attack Read More »

Zyxel Patches Remote Code Execution Bug in Firewall Products

CVE-2023-6397, CVE-2023-6398, CVE-2023-6399, CVE-2023-6764, Network Security, Vulnerabilities, Zyxel /

Zyxel Patches Remote Code Execution Bug in Firewall Products 2024-02-26 at 19:17 By Ryan Naraine Taiwanese networking vendor Zyxel confirms security flaws in firewall and access points put users at risk of remote code execution attacks. The post Zyxel Patches Remote Code Execution Bug in Firewall Products appeared first on SecurityWeek. This article is an

React to this headline:

Loading spinner

Zyxel Patches Remote Code Execution Bug in Firewall Products Read More »

Critical Flaw in Popular ‘Ultimate Member’ WordPress Plugin

Incident Response, remote code execution, SQL injection, Ultimate Member, Vulnerabilities, WordPress /

Critical Flaw in Popular ‘Ultimate Member’ WordPress Plugin 2024-02-26 at 17:33 By Ionut Arghire The vulnerability carries a CVSS severity score of 9.8/10 and affects web sites running the Ultimate Member WordPress membership plugin. The post Critical Flaw in Popular ‘Ultimate Member’ WordPress Plugin appeared first on SecurityWeek. This article is an excerpt from SecurityWeek

React to this headline:

Loading spinner

Critical Flaw in Popular ‘Ultimate Member’ WordPress Plugin Read More »

‘SlashAndGrab’ ScreenConnect Vulnerability Widely Exploited for Malware Delivery

Featured, Malware & Threats, ScreenConnect, Vulnerabilities /

‘SlashAndGrab’ ScreenConnect Vulnerability Widely Exploited for Malware Delivery 2024-02-23 at 14:31 By Eduard Kovacs ConnectWise ScreenConnect vulnerability tracked as CVE-2024-1709 and SlashAndGrab exploited to deliver ransomware and other malware. The post ‘SlashAndGrab’ ScreenConnect Vulnerability Widely Exploited for Malware Delivery appeared first on SecurityWeek. This article is an excerpt from SecurityWeek RSS Feed View Original Source

React to this headline:

Loading spinner

‘SlashAndGrab’ ScreenConnect Vulnerability Widely Exploited for Malware Delivery Read More »

ConnectWise Confirms ScreenConnect Flaw Under Active Exploitation

ConnectWise, Malware & Threats, remote code execution, ScreenConnect, Vulnerabilities /

ConnectWise Confirms ScreenConnect Flaw Under Active Exploitation 2024-02-21 at 19:16 By Ryan Naraine Security experts describe exploitation of the CVSS 10/10 flaw as “trivial and embarrassingly easy.” The post ConnectWise Confirms ScreenConnect Flaw Under Active Exploitation appeared first on SecurityWeek. This article is an excerpt from SecurityWeek RSS Feed View Original Source React to this

React to this headline:

Loading spinner

ConnectWise Confirms ScreenConnect Flaw Under Active Exploitation Read More »

Researchers Devise ‘VoltSchemer’ Attacks Targeting Wireless Chargers

Mobile & Wireless, Qi standard, University of Florida, VoltSchemer, Vulnerabilities, wireless charger /

Researchers Devise ‘VoltSchemer’ Attacks Targeting Wireless Chargers 2024-02-21 at 19:16 By Ionut Arghire Researchers document VoltSchemer attacks that manipulate power voltage to take over commercial wireless chargers. The post Researchers Devise ‘VoltSchemer’ Attacks Targeting Wireless Chargers appeared first on SecurityWeek. This article is an excerpt from SecurityWeek RSS Feed View Original Source React to this

React to this headline:

Loading spinner

Researchers Devise ‘VoltSchemer’ Attacks Targeting Wireless Chargers Read More »

Chrome 122, Firefox 123 Patch High-Severity Vulnerabilities

Chrome, Firefox, Vulnerabilities, vulnerability /

Chrome 122, Firefox 123 Patch High-Severity Vulnerabilities 2024-02-21 at 13:46 By Ionut Arghire Google and Mozilla resolve high-severity memory safety vulnerabilities with the latest Chrome and Firefox updates. The post Chrome 122, Firefox 123 Patch High-Severity Vulnerabilities appeared first on SecurityWeek. This article is an excerpt from SecurityWeek RSS Feed View Original Source React to

React to this headline:

Loading spinner

Chrome 122, Firefox 123 Patch High-Severity Vulnerabilities Read More »

ConnectWise Rushes to Patch Critical Vulns in Remote Access Tool

AnyConnect, ConnectWise, CVSS 10, Malware & Threats, remote access, Vulnerabilities /

ConnectWise Rushes to Patch Critical Vulns in Remote Access Tool 2024-02-20 at 19:31 By Ryan Naraine ConnectWise ships patches for extremely critical security defects in its ScreenConnect remote desktop access product and urges emergency patching. The post ConnectWise Rushes to Patch Critical Vulns in Remote Access Tool appeared first on SecurityWeek. This article is an

React to this headline:

Loading spinner

ConnectWise Rushes to Patch Critical Vulns in Remote Access Tool Read More »

Scroll to Top