Vulnerabilities

Adobe Patch Tuesday: Critical Flaws Haunt InDesign, ColdFusion

Application Security, Ransomware, Vulnerabilities /

Adobe Patch Tuesday: Critical Flaws Haunt InDesign, ColdFusion 11/07/2023 at 20:33 By Ryan Naraine Software maker calls special attention to CVE-2023-29300, a deserialization of untrusted data bug with a CVSS severity score of 9.8/10. The post Adobe Patch Tuesday: Critical Flaws Haunt InDesign, ColdFusion appeared first on SecurityWeek. This article is an excerpt from SecurityWeek […]

React to this headline:

Loading spinner

Adobe Patch Tuesday: Critical Flaws Haunt InDesign, ColdFusion Read More »

Apple Ships Urgent iOS Patch for WebKit Zero-Day

apple, CVE-2023-37450, Incident Response, iOS, iPadOS, Mobile & Wireless, Vulnerabilities, WebKit, Zero-Day /

Apple Ships Urgent iOS Patch for WebKit Zero-Day 11/07/2023 at 02:02 By Ryan Naraine Apple rolls out urgent iOS and iPadOS software updates and warned that zero-day exploitation has already been detected. The post Apple Ships Urgent iOS Patch for WebKit Zero-Day appeared first on SecurityWeek. This article is an excerpt from SecurityWeek RSS Feed

React to this headline:

Loading spinner

Apple Ships Urgent iOS Patch for WebKit Zero-Day Read More »

Exploit Code Published for Remote Root Flaw in VMware Logging Software

Application Security, CISA, CVE-2023-20864, Network Security, VMWare, VMware aria Operations for Logs, vrealize, Vulnerabilities /

Exploit Code Published for Remote Root Flaw in VMware Logging Software 10/07/2023 at 23:02 By Ryan Naraine VMware confirmed that exploit code for CVE-2023-20864 has been published, underscoring the urgency for enterprise network admins to apply available patches. The post Exploit Code Published for Remote Root Flaw in VMware Logging Software appeared first on SecurityWeek.

React to this headline:

Loading spinner

Exploit Code Published for Remote Root Flaw in VMware Logging Software Read More »

Critical Vulnerability Can Allow Takeover of Mastodon Servers

Mastodon, Vulnerabilities, vulnerability /

Critical Vulnerability Can Allow Takeover of Mastodon Servers 10/07/2023 at 17:17 By Ionut Arghire A critical vulnerability in the Mastodon social networking platform may allow attackers to take over target servers. The post Critical Vulnerability Can Allow Takeover of Mastodon Servers appeared first on SecurityWeek. This article is an excerpt from SecurityWeek RSS Feed View

React to this headline:

Loading spinner

Critical Vulnerability Can Allow Takeover of Mastodon Servers Read More »

PoC Exploit Published for Recent Ubiquiti EdgeRouter Vulnerability

Vulnerabilities /

PoC Exploit Published for Recent Ubiquiti EdgeRouter Vulnerability 10/07/2023 at 17:17 By Ionut Arghire PoC exploit has been published for a recently patched Ubiquiti EdgeRouter vulnerability leading to arbitrary code execution. The post PoC Exploit Published for Recent Ubiquiti EdgeRouter Vulnerability appeared first on SecurityWeek. This article is an excerpt from SecurityWeek RSS Feed View

React to this headline:

Loading spinner

PoC Exploit Published for Recent Ubiquiti EdgeRouter Vulnerability Read More »

After Zero-Day Attacks, MOVEit Turns to Security Service Packs

CVE-2023-36932, CVE-2023-36933, CVE-2023-36934, cybercrime, Progress Software, Ransomware, Vulnerabilities, Zero-Day /

After Zero-Day Attacks, MOVEit Turns to Security Service Packs 07/07/2023 at 20:31 By Ryan Naraine Facing ransomware zero-days, Progress Software will release regular service packs to help customers mitigate critical security flaws. The post After Zero-Day Attacks, MOVEit Turns to Security Service Packs appeared first on SecurityWeek. This article is an excerpt from SecurityWeek RSS

React to this headline:

Loading spinner

After Zero-Day Attacks, MOVEit Turns to Security Service Packs Read More »

In Other News: Healthcare Product Flaws, Free Email Security Testing, New Attack Techniques

email security, In Other News, Malware & Threats, Vulnerabilities /

In Other News: Healthcare Product Flaws, Free Email Security Testing, New Attack Techniques 07/07/2023 at 18:31 By SecurityWeek News Weekly cybersecurity news roundup that provides a summary of noteworthy stories that might have slipped under the radar for the week of July 3, 2023. The post In Other News: Healthcare Product Flaws, Free Email Security

React to this headline:

Loading spinner

In Other News: Healthcare Product Flaws, Free Email Security Testing, New Attack Techniques Read More »

StackRot Linux Kernel Vulnerability Shows Exploitability of UAFBR Bugs

kernel, Linux, StackRot, Vulnerabilities, vulnerability /

StackRot Linux Kernel Vulnerability Shows Exploitability of UAFBR Bugs 06/07/2023 at 14:46 By Eduard Kovacs A new Linux kernel vulnerability tracked as StackRot and CVE-2023-3269 shows the exploitability of use-after-free-by-RCU (UAFBR) bugs. The post StackRot Linux Kernel Vulnerability Shows Exploitability of UAFBR Bugs appeared first on SecurityWeek. This article is an excerpt from SecurityWeek RSS

React to this headline:

Loading spinner

StackRot Linux Kernel Vulnerability Shows Exploitability of UAFBR Bugs Read More »

Vulnerability in Cisco Enterprise Switches Allows Attackers to Modify Encrypted Traffic

Vulnerabilities /

Vulnerability in Cisco Enterprise Switches Allows Attackers to Modify Encrypted Traffic 06/07/2023 at 13:34 By Ionut Arghire Cisco says a high-severity vulnerability in Nexus 9000 series switches could allow attackers to intercept and modify encrypted traffic. The post Vulnerability in Cisco Enterprise Switches Allows Attackers to Modify Encrypted Traffic appeared first on SecurityWeek. This article

React to this headline:

Loading spinner

Vulnerability in Cisco Enterprise Switches Allows Attackers to Modify Encrypted Traffic Read More »

Exploited Solar Power Product Vulnerability Could Expose Energy Organizations to Attacks

ICS/OT, Vulnerabilities /

Exploited Solar Power Product Vulnerability Could Expose Energy Organizations to Attacks 05/07/2023 at 17:02 By Eduard Kovacs An actively exploited vulnerability in the Contec SolarView solar power monitoring product can expose hundreds of energy organizations to attacks. The post Exploited Solar Power Product Vulnerability Could Expose Energy Organizations to Attacks appeared first on SecurityWeek. This

React to this headline:

Loading spinner

Exploited Solar Power Product Vulnerability Could Expose Energy Organizations to Attacks Read More »

Firefox 115 Patches High-Severity Use-After-Free Vulnerabilities

Vulnerabilities /

Firefox 115 Patches High-Severity Use-After-Free Vulnerabilities 05/07/2023 at 14:15 By Ionut Arghire Mozilla has released Firefox 115 to the stable channel with patches for two high-severity use-after-free vulnerabilities. The post Firefox 115 Patches High-Severity Use-After-Free Vulnerabilities appeared first on SecurityWeek. This article is an excerpt from SecurityWeek RSS Feed View Original Source React to this

React to this headline:

Loading spinner

Firefox 115 Patches High-Severity Use-After-Free Vulnerabilities Read More »

In Other News: Hospital Infected via USB Drive, EU Cybersecurity Rules, Free Security Tools

Government, ICS/OT, In Other News, Vulnerabilities /

In Other News: Hospital Infected via USB Drive, EU Cybersecurity Rules, Free Security Tools 30/06/2023 at 17:46 By SecurityWeek News Weekly cybersecurity news roundup that provides a summary of noteworthy stories that might have slipped under the radar for the week of June 26, 2023. The post In Other News: Hospital Infected via USB Drive,

React to this headline:

Loading spinner

In Other News: Hospital Infected via USB Drive, EU Cybersecurity Rules, Free Security Tools Read More »

200,000 WordPress Sites Exposed to Attacks Exploiting Flaw in ‘Ultimate Member’ Plugin

Vulnerabilities /

200,000 WordPress Sites Exposed to Attacks Exploiting Flaw in ‘Ultimate Member’ Plugin 30/06/2023 at 16:18 By Ionut Arghire Attackers exploit critical vulnerability in the Ultimate Member plugin to create administrative accounts on WordPress websites. The post 200,000 WordPress Sites Exposed to Attacks Exploiting Flaw in ‘Ultimate Member’ Plugin appeared first on SecurityWeek. This article is

React to this headline:

Loading spinner

200,000 WordPress Sites Exposed to Attacks Exploiting Flaw in ‘Ultimate Member’ Plugin Read More »

Samsung Phone Flaws Added to CISA ‘Must Patch’ List Likely Exploited by Spyware Vendor

CISA, exploited, Mobile & Wireless, Samsung, Vulnerabilities /

Samsung Phone Flaws Added to CISA ‘Must Patch’ List Likely Exploited by Spyware Vendor 30/06/2023 at 16:18 By Eduard Kovacs CISA adds 6 Samsung mobile device flaws to its known exploited vulnerabilities catalog and they have likely been exploited by a spyware vendor. The post Samsung Phone Flaws Added to CISA ‘Must Patch’ List Likely

React to this headline:

Loading spinner

Samsung Phone Flaws Added to CISA ‘Must Patch’ List Likely Exploited by Spyware Vendor Read More »

MITRE Updates CWE Top 25 Most Dangerous Software Weaknesses

Application Security, CWE, MITRE, Vulnerabilities, vulnerability /

MITRE Updates CWE Top 25 Most Dangerous Software Weaknesses 30/06/2023 at 15:16 By Ionut Arghire Use-after-free and OS command injection vulnerabilities reach the top five most dangerous software weaknesses in the 2023 CWE Top 25 list. The post MITRE Updates CWE Top 25 Most Dangerous Software Weaknesses appeared first on SecurityWeek. This article is an

React to this headline:

Loading spinner

MITRE Updates CWE Top 25 Most Dangerous Software Weaknesses Read More »

Serious Vulnerability Exposes Admin Interface of Arcserve UDP Backup Solution

Arcserve, Vulnerabilities, vulnerability /

Serious Vulnerability Exposes Admin Interface of Arcserve UDP Backup Solution 29/06/2023 at 16:47 By Ionut Arghire Researchers publish PoC for a high-severity authentication bypass vulnerability in the Arcserve UDP data backup solution. The post Serious Vulnerability Exposes Admin Interface of Arcserve UDP Backup Solution appeared first on SecurityWeek. This article is an excerpt from SecurityWeek

React to this headline:

Loading spinner

Serious Vulnerability Exposes Admin Interface of Arcserve UDP Backup Solution Read More »

Chrome 114 Update Patches High-Severity Vulnerabilities

Vulnerabilities /

Chrome 114 Update Patches High-Severity Vulnerabilities 27/06/2023 at 15:18 By Ionut Arghire Google says it handed out $35,000 in bug bounty rewards for three high-severity vulnerabilities in Chrome 114. The post Chrome 114 Update Patches High-Severity Vulnerabilities appeared first on SecurityWeek. This article is an excerpt from SecurityWeek RSS Feed View Original Source React to

React to this headline:

Loading spinner

Chrome 114 Update Patches High-Severity Vulnerabilities Read More »

Fortinet Patches Critical RCE Vulnerability in FortiNAC

Vulnerabilities /

Fortinet Patches Critical RCE Vulnerability in FortiNAC 26/06/2023 at 18:36 By Ionut Arghire Fortinet releases patches for a critical FortiNAC vulnerability leading to remote code execution without authentication. The post Fortinet Patches Critical RCE Vulnerability in FortiNAC appeared first on SecurityWeek. This article is an excerpt from SecurityWeek RSS Feed View Original Source React to

React to this headline:

Loading spinner

Fortinet Patches Critical RCE Vulnerability in FortiNAC Read More »

Remotely Exploitable DoS Vulnerabilities Patched in BIND

Vulnerabilities /

Remotely Exploitable DoS Vulnerabilities Patched in BIND 26/06/2023 at 14:47 By Ionut Arghire The latest BIND updates address three high-severity, remotely exploitable vulnerabilities leading to denial-of-service (DoS). The post Remotely Exploitable DoS Vulnerabilities Patched in BIND appeared first on SecurityWeek. This article is an excerpt from SecurityWeek RSS Feed View Original Source React to this

React to this headline:

Loading spinner

Remotely Exploitable DoS Vulnerabilities Patched in BIND Read More »

NSA Issues Guidance on Mitigating BlackLotus Bootkit Infections

bootkit, firmware, Malware & Threats, NSA, UEFI, Vulnerabilities /

NSA Issues Guidance on Mitigating BlackLotus Bootkit Infections 23/06/2023 at 20:58 By Ionut Arghire The National Security Agency (NSA) has released mitigation guidance to help organizations stave off BlackLotus UEFI bootkit infections. The post NSA Issues Guidance on Mitigating BlackLotus Bootkit Infections appeared first on SecurityWeek. This article is an excerpt from SecurityWeek RSS Feed

React to this headline:

Loading spinner

NSA Issues Guidance on Mitigating BlackLotus Bootkit Infections Read More »

Scroll to Top