Vulnerabilities

Researcher Conversations: Natalie Silvanovich From Google’s Project Zero

Featured, Google, Hacker Conversations, Vulnerabilities, vulnerability reserach /

Researcher Conversations: Natalie Silvanovich From Google’s Project Zero 10/10/2023 at 15:37 By Kevin Townsend SecurityWeek continues its Hacker Conversations series in a discussion with Natalie Silvanovich, a member of of Google’s Project Zero. The post Researcher Conversations: Natalie Silvanovich From Google’s Project Zero appeared first on SecurityWeek. This article is an excerpt from SecurityWeek RSS […]

React to this headline:

Loading spinner

Researcher Conversations: Natalie Silvanovich From Google’s Project Zero Read More »

Google Expands Bug Bounty Program With Chrome, Cloud CTF Events

bug bounty program, Google, Vulnerabilities /

Google Expands Bug Bounty Program With Chrome, Cloud CTF Events 09/10/2023 at 15:01 By Ionut Arghire Google is hosting capture the flag (CTF) events focused on Chrome’s V8 engine and on Kernel-based Virtual Machine (KVM). The post Google Expands Bug Bounty Program With Chrome, Cloud CTF Events appeared first on SecurityWeek. This article is an

React to this headline:

Loading spinner

Google Expands Bug Bounty Program With Chrome, Cloud CTF Events Read More »

Patches Prepared for ‘Probably Worst’ cURL Vulnerability

Curl, Vulnerabilities /

Patches Prepared for ‘Probably Worst’ cURL Vulnerability 09/10/2023 at 15:01 By Ionut Arghire A high-severity vulnerability in the data transfer project cURL will be addressed with libcurl and curl updates this week. The post Patches Prepared for ‘Probably Worst’ cURL Vulnerability appeared first on SecurityWeek. This article is an excerpt from SecurityWeek RSS Feed View

React to this headline:

Loading spinner

Patches Prepared for ‘Probably Worst’ cURL Vulnerability Read More »

CISA Reverses Course on Malicious Exploitation of Video Conferencing Device Flaws

Bluetooth, CISA, CISA KEV, Featured, Vulnerabilities /

CISA Reverses Course on Malicious Exploitation of Video Conferencing Device Flaws 06/10/2023 at 13:46 By Eduard Kovacs CISA has removed from its KEV catalog five Owl Labs video conferencing flaws that require the attacker to be in Bluetooth range. The post CISA Reverses Course on Malicious Exploitation of Video Conferencing Device Flaws appeared first on

React to this headline:

Loading spinner

CISA Reverses Course on Malicious Exploitation of Video Conferencing Device Flaws Read More »

Cisco Plugs Gaping Hole in Emergency Responder Software

Cisco, Cisco Emergency Responder, cloud security, CVSS 9.8, disaster recovery, Incident Response, Vulnerabilities /

Cisco Plugs Gaping Hole in Emergency Responder Software 05/10/2023 at 21:31 By Ryan Naraine Cisco warns that unauthenticated, remote attackers can log into devices using root account, which has default, static credentials that cannot be changed or deleted. The post Cisco Plugs Gaping Hole in Emergency Responder Software appeared first on SecurityWeek. This article is

React to this headline:

Loading spinner

Cisco Plugs Gaping Hole in Emergency Responder Software Read More »

Apple Warns of Newly Exploited iOS 17 Kernel Zero-Day

apple, iOS, iOS 17.0.3, Malware & Threats, Mobile & Wireless, Nation-State, Vulnerabilities, Zero-Day /

Apple Warns of Newly Exploited iOS 17 Kernel Zero-Day 04/10/2023 at 22:16 By Ryan Naraine Apple’s cat-and-mouse struggles with zero-day exploits on its flagship iOS platform is showing no signs of slowing down. The post Apple Warns of Newly Exploited iOS 17 Kernel Zero-Day appeared first on SecurityWeek. This article is an excerpt from SecurityWeek

React to this headline:

Loading spinner

Apple Warns of Newly Exploited iOS 17 Kernel Zero-Day Read More »

Atlassian Ships Urgent Patch for Exploited Confluence Zero-Day

Application Security, Atlassian, Confluence, Malware & Threats, Vulnerabilities, Zero-Day /

Atlassian Ships Urgent Patch for Exploited Confluence Zero-Day 04/10/2023 at 20:16 By Ryan Naraine Atlassian confirms that “a handful of customers” were hit by exploits targeting a remotely exploitable flaw in its Confluence Data Center and Server products. The post Atlassian Ships Urgent Patch for Exploited Confluence Zero-Day appeared first on SecurityWeek. This article is

React to this headline:

Loading spinner

Atlassian Ships Urgent Patch for Exploited Confluence Zero-Day Read More »

New Supermicro BMC Vulnerabilities Could Expose Many Servers to Remote Attacks

Endpoint Security, Vulnerabilities /

New Supermicro BMC Vulnerabilities Could Expose Many Servers to Remote Attacks 04/10/2023 at 18:16 By Ionut Arghire Supermicro has released BMC IPMI firmware updates to address multiple vulnerabilities impacting select motherboard models. The post New Supermicro BMC Vulnerabilities Could Expose Many Servers to Remote Attacks appeared first on SecurityWeek. This article is an excerpt from

React to this headline:

Loading spinner

New Supermicro BMC Vulnerabilities Could Expose Many Servers to Remote Attacks Read More »

Severe Glibc Privilege Escalation Vulnerability Impacts Major Linux Distributions

Linux, Vulnerabilities /

Severe Glibc Privilege Escalation Vulnerability Impacts Major Linux Distributions 04/10/2023 at 16:16 By Ionut Arghire A local privilege escalation vulnerability (CVE-2023-4911) in the GNU C Library (glibc) can be exploited to gain full root privileges. The post Severe Glibc Privilege Escalation Vulnerability Impacts Major Linux Distributions appeared first on SecurityWeek. This article is an excerpt

React to this headline:

Loading spinner

Severe Glibc Privilege Escalation Vulnerability Impacts Major Linux Distributions Read More »

Qualcomm Patches 3 Zero-Days Reported by Google

Featured, Mobile & Wireless, Qualcomm, Vulnerabilities /

Qualcomm Patches 3 Zero-Days Reported by Google 04/10/2023 at 13:31 By Eduard Kovacs Qualcomm has patched more than two dozen vulnerabilities, including three zero-days that may have been exploited by spyware vendors. The post Qualcomm Patches 3 Zero-Days Reported by Google appeared first on SecurityWeek. This article is an excerpt from SecurityWeek RSS Feed View

React to this headline:

Loading spinner

Qualcomm Patches 3 Zero-Days Reported by Google Read More »

Critical TorchServe Flaws Could Expose AI Infrastructure of Major Companies

AI, Artificial Intelligence, Featured, Vulnerabilities /

Critical TorchServe Flaws Could Expose AI Infrastructure of Major Companies 03/10/2023 at 19:18 By Eduard Kovacs ShellTorch attack chains critical TorchServe vulnerabilities and could completely compromise the AI infrastructure of major companies. The post Critical TorchServe Flaws Could Expose AI Infrastructure of Major Companies appeared first on SecurityWeek. This article is an excerpt from SecurityWeek

React to this headline:

Loading spinner

Critical TorchServe Flaws Could Expose AI Infrastructure of Major Companies Read More »

Companies Address Impact of Exploited Libwebp Vulnerability 

exploited, Vulnerabilities /

Companies Address Impact of Exploited Libwebp Vulnerability  03/10/2023 at 12:46 By Eduard Kovacs Companies have addressed the impact of the exploited Libwebp vulnerability CVE-2023-4863 on their products.  The post Companies Address Impact of Exploited Libwebp Vulnerability  appeared first on SecurityWeek. This article is an excerpt from SecurityWeek RSS Feed View Original Source React to this

React to this headline:

Loading spinner

Companies Address Impact of Exploited Libwebp Vulnerability  Read More »

Live Exploitation Underscores Urgency to Patch Critical WS-FTP Server Flaw

Incident Response, MOVEit, Progress Software, Ransomware, Vulnerabilities, WS_FTP /

Live Exploitation Underscores Urgency to Patch Critical WS-FTP Server Flaw 02/10/2023 at 20:17 By Ryan Naraine Rapid7 says attackers are targeting a critical pre-authentication flaw in Progress Software’s WS_FTP server just days after disclosure. The post Live Exploitation Underscores Urgency to Patch Critical WS-FTP Server Flaw appeared first on SecurityWeek. This article is an excerpt

React to this headline:

Loading spinner

Live Exploitation Underscores Urgency to Patch Critical WS-FTP Server Flaw Read More »

Unpatched Exim Vulnerabilities Expose Many Mail Servers to Attacks 

Email, email security, Exim, Vulnerabilities /

Unpatched Exim Vulnerabilities Expose Many Mail Servers to Attacks  02/10/2023 at 14:48 By Eduard Kovacs Patches are being developed for serious Exim vulnerabilities that could expose many mail servers to attacks.  The post Unpatched Exim Vulnerabilities Expose Many Mail Servers to Attacks  appeared first on SecurityWeek. This article is an excerpt from SecurityWeek RSS Feed

React to this headline:

Loading spinner

Unpatched Exim Vulnerabilities Expose Many Mail Servers to Attacks  Read More »

Recently Patched TeamCity Vulnerability Exploited to Hack Servers

exploited, Featured, Vulnerabilities /

Recently Patched TeamCity Vulnerability Exploited to Hack Servers 02/10/2023 at 13:01 By Eduard Kovacs In-the-wild exploitation of a critical vulnerability in the TeamCity CI/CD server started shortly after a patch was released by developers. The post Recently Patched TeamCity Vulnerability Exploited to Hack Servers appeared first on SecurityWeek. This article is an excerpt from SecurityWeek

React to this headline:

Loading spinner

Recently Patched TeamCity Vulnerability Exploited to Hack Servers Read More »

CISA Warns of Old JBoss RichFaces Vulnerability Being Exploited in Attacks

Vulnerabilities /

CISA Warns of Old JBoss RichFaces Vulnerability Being Exploited in Attacks 29/09/2023 at 16:46 By Eduard Kovacs CISA has added CVE-2018-14667, an old critical JBoss RichFaces flaw to its known exploited vulnerabilities catalog. The post CISA Warns of Old JBoss RichFaces Vulnerability Being Exploited in Attacks appeared first on SecurityWeek. This article is an excerpt

React to this headline:

Loading spinner

CISA Warns of Old JBoss RichFaces Vulnerability Being Exploited in Attacks Read More »

Hackers Set Sights on Apache NiFi Flaw That Exposes Many Organizations to Attacks

Apache, Vulnerabilities /

Hackers Set Sights on Apache NiFi Flaw That Exposes Many Organizations to Attacks 29/09/2023 at 16:46 By Ionut Arghire Hackers have set their sights on CVE-2023-34468, an RCE vulnerability in Apache NiFi that impacts thousands of organizations.  The post Hackers Set Sights on Apache NiFi Flaw That Exposes Many Organizations to Attacks appeared first on

React to this headline:

Loading spinner

Hackers Set Sights on Apache NiFi Flaw That Exposes Many Organizations to Attacks Read More »

Cloudflare Users Exposed to Attacks Launched From Within Cloudflare: Researchers

Vulnerabilities /

Cloudflare Users Exposed to Attacks Launched From Within Cloudflare: Researchers 29/09/2023 at 14:31 By Ionut Arghire Gaps in Cloudflare’s security controls allow users to bypass protections and target others from the platform itself. The post Cloudflare Users Exposed to Attacks Launched From Within Cloudflare: Researchers appeared first on SecurityWeek. This article is an excerpt from

React to this headline:

Loading spinner

Cloudflare Users Exposed to Attacks Launched From Within Cloudflare: Researchers Read More »

Progress Software Patches Critical Pre-Auth Flaws in WS_FTP Server Product 

Cl0p, cybercrime, MOVEit, Progress Software, Ransomware, Vulnerabilities, WS_FTP /

Progress Software Patches Critical Pre-Auth Flaws in WS_FTP Server Product  28/09/2023 at 22:48 By Ryan Naraine Progress Software ships patches for critical-severity flaws in its WS_FTP file transfer software and warns that a pre-authenticated attacker could wreak havoc on the underlying operating system. The post Progress Software Patches Critical Pre-Auth Flaws in WS_FTP Server Product 

React to this headline:

Loading spinner

Progress Software Patches Critical Pre-Auth Flaws in WS_FTP Server Product  Read More »

Cisco Warns of IOS Software Zero-Day Exploitation Attempts

Cisco, exploited, Featured, Vulnerabilities, Zero-Day /

Cisco Warns of IOS Software Zero-Day Exploitation Attempts 28/09/2023 at 15:32 By Ionut Arghire Cisco has released patches for vulnerability in the GET VPN feature of IOS and IOS XE software that has been exploited in attacks. The post Cisco Warns of IOS Software Zero-Day Exploitation Attempts appeared first on SecurityWeek. This article is an

React to this headline:

Loading spinner

Cisco Warns of IOS Software Zero-Day Exploitation Attempts Read More »

Scroll to Top