Vulnerabilities - Security Ticks

Patch Tuesday: Critical Flaws in Adobe Commerce Software

Application Security, Vulnerabilities / SecurityTicks

Patch Tuesday: Critical Flaws in Adobe Commerce Software 13/06/2023 at 19:21 By Ryan Naraine Adobe ships urgent fixes for at least a dozen flaws that expose Adobe Commerce users to code execution attacks. The post Patch Tuesday: Critical Flaws in Adobe Commerce Software appeared first on SecurityWeek. This article is an excerpt from SecurityWeek RSS […]

React to this headline:

Patch Tuesday: Critical Flaws in Adobe Commerce Software Read More »

Fortinet Warns Customers of Possible Zero-Day Exploited in Limited Attacks

Featured, Fortinet, Vulnerabilities, Zero-Day / SecurityTicks

Fortinet Warns Customers of Possible Zero-Day Exploited in Limited Attacks 13/06/2023 at 11:50 By Eduard Kovacs Fortinet has warned customers that the critical CVE-2023-27997 vulnerability that was patched recently could be a zero-day exploited in limited attacks. The post Fortinet Warns Customers of Possible Zero-Day Exploited in Limited Attacks appeared first on SecurityWeek. This article

React to this headline:

Fortinet Warns Customers of Possible Zero-Day Exploited in Limited Attacks Read More »

Software Supply Chain: The Golden Container Ship

SBOM, Supply Chain Security, Vulnerabilities / SecurityTicks

Software Supply Chain: The Golden Container Ship 12/06/2023 at 15:18 By Matt Honea By having a golden image you will put a process in place that allows you to quickly take action when a vulnerability is found within your organization. The post Software Supply Chain: The Golden Container Ship appeared first on SecurityWeek. This article

React to this headline:

Software Supply Chain: The Golden Container Ship Read More »

New MOVEit Vulnerabilities Found as More Zero-Day Attack Victims Come Forward

Featured, MOVEit, Ransomware, Vulnerabilities / SecurityTicks

New MOVEit Vulnerabilities Found as More Zero-Day Attack Victims Come Forward 12/06/2023 at 13:34 By Eduard Kovacs Researchers discover new MOVEit vulnerabilities related to the zero-day, just as more organizations hit by the attack are coming forward. The post New MOVEit Vulnerabilities Found as More Zero-Day Attack Victims Come Forward appeared first on SecurityWeek. This

React to this headline:

New MOVEit Vulnerabilities Found as More Zero-Day Attack Victims Come Forward Read More »

Fortinet Patches Critical FortiGate SSL VPN Vulnerability

Vulnerabilities / SecurityTicks

Fortinet Patches Critical FortiGate SSL VPN Vulnerability 12/06/2023 at 12:40 By Eduard Kovacs Fortinet has patched CVE-2023-27997, a critical FortiGate SSL VPN vulnerability that can be exploited for unauthenticated remote code execution. The post Fortinet Patches Critical FortiGate SSL VPN Vulnerability appeared first on SecurityWeek. This article is an excerpt from SecurityWeek RSS Feed View

React to this headline:

Fortinet Patches Critical FortiGate SSL VPN Vulnerability Read More »

Evidence Suggests Ransomware Group Knew About MOVEit Zero-Day Since 2021

Ransomware, Vulnerabilities / SecurityTicks

Evidence Suggests Ransomware Group Knew About MOVEit Zero-Day Since 2021 09/06/2023 at 15:46 By Eduard Kovacs Evidence suggests that the Cl0p ransomware group has known about and conducted tests with the recently patched MOVEit zero-day since mid-2021. The post Evidence Suggests Ransomware Group Knew About MOVEit Zero-Day Since 2021 appeared first on SecurityWeek. This article

React to this headline:

Evidence Suggests Ransomware Group Knew About MOVEit Zero-Day Since 2021 Read More »

Vulnerabilities in Honda eCommerce Platform Exposed Customer, Dealer Data

data breach, Data Breaches, Honda, Vulnerabilities, vulnerability / SecurityTicks

Vulnerabilities in Honda eCommerce Platform Exposed Customer, Dealer Data 08/06/2023 at 18:48 By Eduard Kovacs Vulnerabilities found by a researcher in a Honda ecommerce platform used for equipment sales exposed customer and dealer information. The post Vulnerabilities in Honda eCommerce Platform Exposed Customer, Dealer Data appeared first on SecurityWeek. This article is an excerpt from

React to this headline:

Vulnerabilities in Honda eCommerce Platform Exposed Customer, Dealer Data Read More »

Cisco Patches Critical Vulnerability in Enterprise Collaboration Solutions

Vulnerabilities / SecurityTicks

Cisco Patches Critical Vulnerability in Enterprise Collaboration Solutions 08/06/2023 at 14:17 By Ionut Arghire Cisco releases fixes for a critical-severity vulnerability in Expressway series and TelePresence Video Communication Server (VCS). The post Cisco Patches Critical Vulnerability in Enterprise Collaboration Solutions appeared first on SecurityWeek. This article is an excerpt from SecurityWeek RSS Feed View Original

React to this headline:

Cisco Patches Critical Vulnerability in Enterprise Collaboration Solutions Read More »

VMware Plugs Critical Flaws in Network Monitoring Product

Application Security, CVE-2023-20887, CVE-2023-20888, CVE-2023-20889, VMWare, Vulnerabilities / SecurityTicks

VMware Plugs Critical Flaws in Network Monitoring Product 07/06/2023 at 19:02 By Ryan Naraine VMware ships urgent patches to cover security defects that expose businesses to remote code execution attacks. The post VMware Plugs Critical Flaws in Network Monitoring Product appeared first on SecurityWeek. This article is an excerpt from SecurityWeek RSS Feed View Original

React to this headline:

VMware Plugs Critical Flaws in Network Monitoring Product Read More »

KeePass Update Patches Vulnerability Exposing Master Password

KeePass, password, Vulnerabilities / SecurityTicks

KeePass Update Patches Vulnerability Exposing Master Password 06/06/2023 at 17:17 By Ionut Arghire KeePass 2.54 patches a vulnerability allowing attackers to retrieve the cleartext master password from a memory dump. The post KeePass Update Patches Vulnerability Exposing Master Password appeared first on SecurityWeek. This article is an excerpt from SecurityWeek RSS Feed View Original Source

React to this headline:

KeePass Update Patches Vulnerability Exposing Master Password Read More »

Google Patches Third Chrome Zero-Day of 2023

Chrome, Featured, Vulnerabilities, Zero-Day / SecurityTicks

Google Patches Third Chrome Zero-Day of 2023 06/06/2023 at 12:03 By Eduard Kovacs Google has released a Chrome 114 security update that patches CVE-2023-3079, the third zero-day vulnerability patched in the browser in 2023. The post Google Patches Third Chrome Zero-Day of 2023 appeared first on SecurityWeek. This article is an excerpt from SecurityWeek RSS

React to this headline:

Google Patches Third Chrome Zero-Day of 2023 Read More »

Zyxel Urges Customers to Patch Firewalls Against Exploited Vulnerabilities

firewall, Network Security, Vulnerabilities, Zyxel / SecurityTicks

Zyxel Urges Customers to Patch Firewalls Against Exploited Vulnerabilities 05/06/2023 at 16:47 By Ionut Arghire Zyxel urges customers to update ATP, USG Flex, VPN, and ZyWALL/USG firewalls to prevent exploitation of recent vulnerabilities. The post Zyxel Urges Customers to Patch Firewalls Against Exploited Vulnerabilities appeared first on SecurityWeek. This article is an excerpt from SecurityWeek

React to this headline:

Zyxel Urges Customers to Patch Firewalls Against Exploited Vulnerabilities Read More »

SBOMs – Software Supply Chain Security’s Future or Fantasy?

Featured, Government, Government Policy, open source, SBOM, software, Supply Chain Security, Vulnerabilities / SecurityTicks

SBOMs – Software Supply Chain Security’s Future or Fantasy? 05/06/2023 at 14:39 By Kevin Townsend If after eighteen months, meaningful use of SBOMs is unachievable, we need to ask what needs to be done to fulfill Biden’s executive order. The post SBOMs – Software Supply Chain Security’s Future or Fantasy? appeared first on SecurityWeek. This

React to this headline:

SBOMs – Software Supply Chain Security’s Future or Fantasy? Read More »

Gigabyte Rolls Out BIOS Updates to Remove Backdoor From Motherboards

Endpoint Security, Vulnerabilities / SecurityTicks

Gigabyte Rolls Out BIOS Updates to Remove Backdoor From Motherboards 05/06/2023 at 14:39 By Ionut Arghire Gigabyte has announced BIOS updates that remove a recently identified backdoor feature in hundreds of its motherboards. The post Gigabyte Rolls Out BIOS Updates to Remove Backdoor From Motherboards appeared first on SecurityWeek. This article is an excerpt from

React to this headline:

Gigabyte Rolls Out BIOS Updates to Remove Backdoor From Motherboards Read More »

In Other News: Government Use of Spyware, New Industrial Security Tools, Japan Router Hack

Malware & Threats, news roundup, Tracking & Law Enforcement, Vulnerabilities / SecurityTicks

In Other News: Government Use of Spyware, New Industrial Security Tools, Japan Router Hack 03/06/2023 at 14:33 By Eduard Kovacs Cybersecurity news that you may have missed this week: the spyware used by various governments, new vulnerabilities, industrial security products, and Linux router attacks. The post In Other News: Government Use of Spyware, New Industrial

React to this headline:

In Other News: Government Use of Spyware, New Industrial Security Tools, Japan Router Hack Read More »

High-Severity Vulnerabilities Patched in Splunk Enterprise

Vulnerabilities, vulnerability / SecurityTicks

High-Severity Vulnerabilities Patched in Splunk Enterprise 02/06/2023 at 16:54 By Ionut Arghire Splunk has resolved multiple high-severity vulnerabilities in Splunk Enterprise, including bugs in third-party packages used by the product. The post High-Severity Vulnerabilities Patched in Splunk Enterprise appeared first on SecurityWeek. This article is an excerpt from SecurityWeek RSS Feed View Original Source React

React to this headline:

High-Severity Vulnerabilities Patched in Splunk Enterprise Read More »

Zero-Day in MOVEit File Transfer Software Exploited to Steal Data From Organizations

Featured, MOVEit, Vulnerabilities, Zero-Day / SecurityTicks

Zero-Day in MOVEit File Transfer Software Exploited to Steal Data From Organizations 02/06/2023 at 12:41 By Eduard Kovacs A zero-day vulnerability in Progress Software’s MOVEit Transfer product has been exploited to hack organizations and steal their data. The post Zero-Day in MOVEit File Transfer Software Exploited to Steal Data From Organizations appeared first on SecurityWeek.

React to this headline:

Zero-Day in MOVEit File Transfer Software Exploited to Steal Data From Organizations Read More »

Google Temporarily Offering $180,000 for Full Chain Chrome Exploit

Vulnerabilities / SecurityTicks

Google Temporarily Offering $180,000 for Full Chain Chrome Exploit 02/06/2023 at 07:42 By Ionut Arghire Google is offering a bug bounty reward of up to $180,000 for a full chain exploit leading to a sandbox escape in the Chrome browser. The post Google Temporarily Offering $180,000 for Full Chain Chrome Exploit appeared first on SecurityWeek.

React to this headline:

Google Temporarily Offering $180,000 for Full Chain Chrome Exploit Read More »

Moxa Patches MXsecurity Vulnerabilities That Could Be Exploited in OT Attacks

ICS, ICS/OT, Vulnerabilities / SecurityTicks

Moxa Patches MXsecurity Vulnerabilities That Could Be Exploited in OT Attacks 01/06/2023 at 15:19 By Eduard Kovacs Critical authentication bypass and high-severity command injection vulnerabilities have been patched in Moxa’s MXsecurity product. The post Moxa Patches MXsecurity Vulnerabilities That Could Be Exploited in OT Attacks appeared first on SecurityWeek. This article is an excerpt from

React to this headline:

Moxa Patches MXsecurity Vulnerabilities That Could Be Exploited in OT Attacks Read More »

Adobe Inviting Researchers to Private Bug Bounty Program

Vulnerabilities / SecurityTicks

Adobe Inviting Researchers to Private Bug Bounty Program 01/06/2023 at 13:47 By Ionut Arghire Adobe is inviting security researchers to join its private bug bounty program on the HackerOne platform. The post Adobe Inviting Researchers to Private Bug Bounty Program appeared first on SecurityWeek. This article is an excerpt from SecurityWeek RSS Feed View Original

React to this headline:

Adobe Inviting Researchers to Private Bug Bounty Program Read More »