Vulnerabilities

Microsoft Tackling Windows Logfile Flaws With New HMAC-Based Security Mitigation

CLFS, exploit mitigation, HMAC, Microsoft, Ransomware, Security Architecture, Vulnerabilities /

Microsoft Tackling Windows Logfile Flaws With New HMAC-Based Security Mitigation 2024-09-04 at 20:46 By Ryan Naraine Microsoft is experimenting with a major new security mitigation to block attacks targeting flaws in the Windows Common Log File System (CLFS). The post Microsoft Tackling Windows Logfile Flaws With New HMAC-Based Security Mitigation appeared first on SecurityWeek. This […]

Microsoft Tackling Windows Logfile Flaws With New HMAC-Based Security Mitigation Read More »

Zyxel Patches Critical Vulnerabilities in Networking Devices

Vulnerabilities, Zyxel /

Zyxel Patches Critical Vulnerabilities in Networking Devices 2024-09-04 at 15:31 By Ionut Arghire Zyxel has released patches for multiple vulnerabilities in its networking devices, including a critical flaw impacting access points and security routers. The post Zyxel Patches Critical Vulnerabilities in Networking Devices appeared first on SecurityWeek. This article is an excerpt from SecurityWeek RSS

Zyxel Patches Critical Vulnerabilities in Networking Devices Read More »

D-Link Warns of Code Execution Flaws in Discontinued Router Model

D-Link, Vulnerabilities, vulnerability /

D-Link Warns of Code Execution Flaws in Discontinued Router Model 2024-09-04 at 13:46 By Ionut Arghire D-Link warns of multiple remote code execution vulnerabilities impacting its discontinued DIR-846 router model. The post D-Link Warns of Code Execution Flaws in Discontinued Router Model appeared first on SecurityWeek. This article is an excerpt from SecurityWeek RSS Feed

D-Link Warns of Code Execution Flaws in Discontinued Router Model Read More »

CISA Warns of Critical ICS Vulnerabilities in Rockwell and Delta Electronics

Vulnerabilities, vulnerability /

CISA Warns of Critical ICS Vulnerabilities in Rockwell and Delta Electronics 2024-09-04 at 11:02 By Cyble Key Takeaways  Overview  On August 29, the Cybersecurity and Infrastructure Security Agency (CISA) released three advisories to warn users and administrators of several critical vulnerabilities affecting industrial control systems (ICS) from prominent vendors.  Cyble’s ICS vulnerabilities report last week

CISA Warns of Critical ICS Vulnerabilities in Rockwell and Delta Electronics Read More »

VMware Patches High-Severity Code Execution Flaw in Fusion

code execution, CVE-2024-38811, virtualization, VMWare, Vulnerabilities /

VMware Patches High-Severity Code Execution Flaw in Fusion 2024-09-03 at 19:16 By Ionut Arghire VMware rolls out patch for a high-severity code execution vulnerability in the Fusion hypervisor. The post VMware Patches High-Severity Code Execution Flaw in Fusion appeared first on SecurityWeek. This article is an excerpt from SecurityWeek RSS Feed View Original Source

VMware Patches High-Severity Code Execution Flaw in Fusion Read More »

Chrome 128 Updates Patch High-Severity Vulnerabilities

Chrome, Vulnerabilities /

Chrome 128 Updates Patch High-Severity Vulnerabilities 2024-09-03 at 11:46 By Ionut Arghire Google has released two Chrome 128 updates to address six high-severity vulnerabilities reported by external researchers. The post Chrome 128 Updates Patch High-Severity Vulnerabilities appeared first on SecurityWeek. This article is an excerpt from SecurityWeek RSS Feed View Original Source

Chrome 128 Updates Patch High-Severity Vulnerabilities Read More »

Microsoft Says North Korean Cryptocurrency Thieves Behind Chrome Zero-Day

Citrine Sleet, CVE-2024-7971, Google Chrome, Microsoft, Vulnerabilities /

Microsoft Says North Korean Cryptocurrency Thieves Behind Chrome Zero-Day 2024-08-31 at 00:01 By Ryan Naraine Redmond’s threat intel team said exploitation of CVE-2024-7971 can be attributed to a North Korean APT targeting the cryptocurrency sector for financial gain. The post Microsoft Says North Korean Cryptocurrency Thieves Behind Chrome Zero-Day appeared first on SecurityWeek. This article

Microsoft Says North Korean Cryptocurrency Thieves Behind Chrome Zero-Day Read More »

Fortra Patches Critical Vulnerability in FileCatalyst Workflow

Fortra, Vulnerabilities, vulnerability /

Fortra Patches Critical Vulnerability in FileCatalyst Workflow 2024-08-30 at 14:31 By Ionut Arghire Fortra limits access to FileCatalyst Workflow database after vendor knowledgebase article leaks default credentials. The post Fortra Patches Critical Vulnerability in FileCatalyst Workflow appeared first on SecurityWeek. This article is an excerpt from SecurityWeek RSS Feed View Original Source

Fortra Patches Critical Vulnerability in FileCatalyst Workflow Read More »

Critical Flaws in Progress Software WhatsUp Gold Expose Systems to Full Compromise

Vulnerabilities, vulnerability /

Critical Flaws in Progress Software WhatsUp Gold Expose Systems to Full Compromise 2024-08-30 at 11:46 By Ionut Arghire Censys warns of over 1,200 internet-accessible WhatsUp Gold instances potentially exposed to malicious attacks. The post Critical Flaws in Progress Software WhatsUp Gold Expose Systems to Full Compromise appeared first on SecurityWeek. This article is an excerpt

Critical Flaws in Progress Software WhatsUp Gold Expose Systems to Full Compromise Read More »

Incident Response Testing: An Australian Perspective

DFIR, Emerging Threats, penetration testing, Trustwave Rapid Response, Vulnerabilities /

Incident Response Testing: An Australian Perspective 2024-08-29 at 16:02 By In today’s rapidly evolving digital landscape, organizations must be prepared for the inevitable occurrence of cybersecurity incidents. Incident response testing is a critical component of a robust cybersecurity strategy, ensuring an organization can swiftly and effectively respond to incidents when they occur. This article highlights

Incident Response Testing: An Australian Perspective Read More »

Cisco Patches Multiple NX-OS Software Vulnerabilities

Cisco, Vulnerabilities, vulnerability /

Cisco Patches Multiple NX-OS Software Vulnerabilities 2024-08-29 at 15:16 By Ionut Arghire Cisco on Wednesday announced NX-OS software updates that resolve multiple vulnerabilities, including a high-severity DoS bug. The post Cisco Patches Multiple NX-OS Software Vulnerabilities appeared first on SecurityWeek. This article is an excerpt from SecurityWeek RSS Feed View Original Source

Cisco Patches Multiple NX-OS Software Vulnerabilities Read More »

Google Now Offering Up to $250,000 for Chrome Vulnerabilities

bug bounty program, Chrome, Vulnerabilities /

Google Now Offering Up to $250,000 for Chrome Vulnerabilities 2024-08-28 at 21:16 By Ionut Arghire Google has significantly increased the rewards for Chrome browser vulnerabilities, offering up to $250,000 for remote code execution bugs. The post Google Now Offering Up to $250,000 for Chrome Vulnerabilities appeared first on SecurityWeek. This article is an excerpt from

Google Now Offering Up to $250,000 for Chrome Vulnerabilities Read More »

Second Apache OFBiz Vulnerability Exploited in Attacks

Apache OFBiz, CISA KEV, exploited, Vulnerabilities, vulnerability /

Second Apache OFBiz Vulnerability Exploited in Attacks 2024-08-28 at 14:01 By Eduard Kovacs CISA is warning organizations that a second Apache OFBiz flaw is being exploited in the wild shortly after the release of PoC exploits. The post Second Apache OFBiz Vulnerability Exploited in Attacks appeared first on SecurityWeek. This article is an excerpt from

Second Apache OFBiz Vulnerability Exploited in Attacks Read More »

Protecting Patient Safety: Trustwave’s Role in Healthcare Cybersecurity

Database Protection, database security, Emerging Threats, penetration testing, Vulnerabilities /

Protecting Patient Safety: Trustwave’s Role in Healthcare Cybersecurity 2024-08-27 at 19:16 By The healthcare industry’s digital transformation has brought unprecedented advancements in patient care. However, it has also introduced new vulnerabilities that put sensitive patient data at risk. This article is an excerpt from Trustwave Blog View Original Source

Protecting Patient Safety: Trustwave’s Role in Healthcare Cybersecurity Read More »

Code Execution Vulnerability Found in WPML Plugin Installed on 1M WordPress Sites

Vulnerabilities, WordPress /

Code Execution Vulnerability Found in WPML Plugin Installed on 1M WordPress Sites 2024-08-27 at 18:16 By Ionut Arghire A critical vulnerability in the WPML WordPress plugin could allow a remote attacker to execute arbitrary code on the server. The post Code Execution Vulnerability Found in WPML Plugin Installed on 1M WordPress Sites appeared first on

Code Execution Vulnerability Found in WPML Plugin Installed on 1M WordPress Sites Read More »

Google Warns of Exploited Chrome Vulnerability

Chrome, exploited, Vulnerabilities, Zero-Day /

Google Warns of Exploited Chrome Vulnerability 2024-08-27 at 13:33 By Ionut Arghire Google flags another high-severity vulnerability patched with the latest Chrome 128 release as exploited in the wild. The post Google Warns of Exploited Chrome Vulnerability appeared first on SecurityWeek. This article is an excerpt from SecurityWeek RSS Feed View Original Source

Google Warns of Exploited Chrome Vulnerability Read More »

SonicWall Patches Critical SonicOS Vulnerability 

SonicWall, Vulnerabilities, vulnerability /

SonicWall Patches Critical SonicOS Vulnerability  2024-08-26 at 16:16 By Eduard Kovacs SonicWall has patched CVE-2024-40766, a critical SonicOS vulnerability that can lead to unauthorized access or a firewall crash. The post SonicWall Patches Critical SonicOS Vulnerability  appeared first on SecurityWeek. This article is an excerpt from SecurityWeek RSS Feed View Original Source

SonicWall Patches Critical SonicOS Vulnerability  Read More »

SolarWinds Leaks Credentials in Hotfix for Exploited Web Help Desk Flaw

exploited, patch, SolarWinds, Vulnerabilities /

SolarWinds Leaks Credentials in Hotfix for Exploited Web Help Desk Flaw 2024-08-23 at 11:17 By Ionut Arghire SolarWinds has issued a Web Help Desk hotfix to remove hardcoded credentials from last week’s hotfix for a critical-severity vulnerability. The post SolarWinds Leaks Credentials in Hotfix for Exploited Web Help Desk Flaw appeared first on SecurityWeek. This

SolarWinds Leaks Credentials in Hotfix for Exploited Web Help Desk Flaw Read More »

China-Linked ‘Velvet Ant’ Hackers Exploited Zero-Day to Deploy Malware on Cisco Nexus Switches

Cisco, Nation-State, Network Security, Vulnerabilities, vulnerability /

China-Linked ‘Velvet Ant’ Hackers Exploited Zero-Day to Deploy Malware on Cisco Nexus Switches 2024-08-22 at 20:03 By Kevin Townsend Hackers gained access to the switch using valid administrator credentials, and then ‘jailbroke’ from the application level into the OS level. The post China-Linked ‘Velvet Ant’ Hackers Exploited Zero-Day to Deploy Malware on Cisco Nexus Switches

China-Linked ‘Velvet Ant’ Hackers Exploited Zero-Day to Deploy Malware on Cisco Nexus Switches Read More »

Two Years On, Log4Shell Vulnerability Still Being Exploited to Deploy Malware

CVE-2021-44228, Datadog, Log4j, Log4Shell, Malware & Threats, Vulnerabilities /

Two Years On, Log4Shell Vulnerability Still Being Exploited to Deploy Malware 2024-08-22 at 19:01 By Ryan Naraine More than two years after the Log4j crisis, organizations are still being hit by crypto-currency miners and backdoor scripts. The post Two Years On, Log4Shell Vulnerability Still Being Exploited to Deploy Malware appeared first on SecurityWeek. This article

Two Years On, Log4Shell Vulnerability Still Being Exploited to Deploy Malware Read More »

Scroll to Top