Vulnerabilities

Third Recent Ivanti Vulnerability Exploited in the Wild

Third Recent Ivanti Vulnerability Exploited in the Wild 2024-09-25 at 14:17 By Eduard Kovacs CVE-2024-7593 is the third Ivanti product vulnerability patched in recent months that has been exploited in the wild. The post Third Recent Ivanti Vulnerability Exploited in the Wild appeared first on SecurityWeek. This article is an excerpt from SecurityWeek RSS Feed […]

Third Recent Ivanti Vulnerability Exploited in the Wild Read More »

Second Pwn2Own Automotive Contest Offers Over $1 Million in Prizes

Second Pwn2Own Automotive Contest Offers Over $1 Million in Prizes 2024-09-25 at 14:17 By Ionut Arghire ZDI offers over $1 million in cash and prizes at the next Pwn2Own Automotive hacking contest, set for January 2025 in Tokyo. The post Second Pwn2Own Automotive Contest Offers Over $1 Million in Prizes appeared first on SecurityWeek. This

Second Pwn2Own Automotive Contest Offers Over $1 Million in Prizes Read More »

HTML Smuggling: How Blob URLs are Abused to Deliver Phishing Content

HTML Smuggling: How Blob URLs are Abused to Deliver Phishing Content 2024-09-24 at 16:01 By Mike Casayuran HTML smuggling techniques have been around for quite some time. A previous Trustwave SpiderLabs’ blog discussed its use in distributing malware by storing binaries in immutable blob data within JavaScript code that gets decoded on the client-side browser, eventually delivering

HTML Smuggling: How Blob URLs are Abused to Deliver Phishing Content Read More »

ESET Patches Privilege Escalation Vulnerabilities in Windows, macOS Products

ESET Patches Privilege Escalation Vulnerabilities in Windows, macOS Products 2024-09-23 at 17:02 By Ionut Arghire ESET has released patches for two local privilege escalation vulnerabilities in security products for Windows and macOS. The post ESET Patches Privilege Escalation Vulnerabilities in Windows, macOS Products appeared first on SecurityWeek. This article is an excerpt from SecurityWeek RSS

ESET Patches Privilege Escalation Vulnerabilities in Windows, macOS Products Read More »

CERT/CC Warns of Unpatched Critical Vulnerability in Microchip ASF

CERT/CC Warns of Unpatched Critical Vulnerability in Microchip ASF 2024-09-23 at 17:02 By Eduard Kovacs Microchip Advanced Software Framework (ASF) 3 is affected by a critical vulnerability that could lead to remote code execution. The post CERT/CC Warns of Unpatched Critical Vulnerability in Microchip ASF appeared first on SecurityWeek. This article is an excerpt from

CERT/CC Warns of Unpatched Critical Vulnerability in Microchip ASF Read More »

Versa Networks Patches Vulnerability Exposing Authentication Tokens

Versa Networks Patches Vulnerability Exposing Authentication Tokens 2024-09-23 at 15:01 By Ionut Arghire Versa Networks has released patches for a Versa Director vulnerability for which proof-of-concept (PoC) code exists. The post Versa Networks Patches Vulnerability Exposing Authentication Tokens appeared first on SecurityWeek. This article is an excerpt from SecurityWeek RSS Feed View Original Source

Versa Networks Patches Vulnerability Exposing Authentication Tokens Read More »

Ivanti Warns of Second CSA Vulnerability Exploited in Attacks

Ivanti Warns of Second CSA Vulnerability Exploited in Attacks 2024-09-20 at 11:46 By Eduard Kovacs In addition to the Ivanti CSA flaw CVE-2024-8190, another vulnerability affecting the same product, tracked as CVE-2024-8963, has been exploited. The post Ivanti Warns of Second CSA Vulnerability Exploited in Attacks appeared first on SecurityWeek. This article is an excerpt

Ivanti Warns of Second CSA Vulnerability Exploited in Attacks Read More »

Atlassian Patches Vulnerabilities in Bamboo, Bitbucket, Confluence, Crowd

Atlassian Patches Vulnerabilities in Bamboo, Bitbucket, Confluence, Crowd 2024-09-19 at 15:46 By Ionut Arghire Atlassian’s September 2024 monthly security bulletin details multiple high-severity vulnerabilities in four products. The post Atlassian Patches Vulnerabilities in Bamboo, Bitbucket, Confluence, Crowd appeared first on SecurityWeek. This article is an excerpt from SecurityWeek RSS Feed View Original Source

Atlassian Patches Vulnerabilities in Bamboo, Bitbucket, Confluence, Crowd Read More »

GitLab Patches Critical Authentication Bypass Vulnerability

GitLab Patches Critical Authentication Bypass Vulnerability 2024-09-19 at 13:16 By Ionut Arghire GitLab has patched a critical-severity SAML authentication bypass affecting both Community Edition (CE) and Enterprise Edition (EE) instances. The post GitLab Patches Critical Authentication Bypass Vulnerability appeared first on SecurityWeek. This article is an excerpt from SecurityWeek RSS Feed View Original Source

GitLab Patches Critical Authentication Bypass Vulnerability Read More »

CISA, FBI Urge Organizations to Eliminate XSS Vulnerabilities

CISA, FBI Urge Organizations to Eliminate XSS Vulnerabilities 2024-09-18 at 15:31 By Ionut Arghire CISA and the FBI have released an alert on XSS vulnerabilities, urging organizations to adopt a secure by design approach and eliminate them. The post CISA, FBI Urge Organizations to Eliminate XSS Vulnerabilities appeared first on SecurityWeek. This article is an

CISA, FBI Urge Organizations to Eliminate XSS Vulnerabilities Read More »

Chrome 129 Patches High-Severity Vulnerability in V8 Engine

Chrome 129 Patches High-Severity Vulnerability in V8 Engine 2024-09-18 at 15:31 By Ionut Arghire Google has released Chrome 129 with patches for nine vulnerabilities, including a high-severity bug in the V8 engine. The post Chrome 129 Patches High-Severity Vulnerability in V8 Engine appeared first on SecurityWeek. This article is an excerpt from SecurityWeek RSS Feed

Chrome 129 Patches High-Severity Vulnerability in V8 Engine Read More »

VMware Patches Remote Code Execution Flaw Found in Chinese Hacking Contest

VMware Patches Remote Code Execution Flaw Found in Chinese Hacking Contest 2024-09-17 at 22:31 By Ryan Naraine VMware warned that an attacker with network access could send a specially crafted packet to execute remote code. CVSS severity score 9.8/10. The post VMware Patches Remote Code Execution Flaw Found in Chinese Hacking Contest appeared first on

VMware Patches Remote Code Execution Flaw Found in Chinese Hacking Contest Read More »

D-Link Patches Critical Router Vulnerabilities

D-Link Patches Critical Router Vulnerabilities 2024-09-17 at 17:34 By Ionut Arghire D-Link has released patches for critical vulnerabilities that could allow attackers to execute arbitrary code and commands on routers. The post D-Link Patches Critical Router Vulnerabilities appeared first on SecurityWeek. This article is an excerpt from SecurityWeek RSS Feed View Original Source

D-Link Patches Critical Router Vulnerabilities Read More »

ALPHV BlackCat Ransomware: A Technical Deep Dive and Mitigation Strategies

ALPHV BlackCat Ransomware: A Technical Deep Dive and Mitigation Strategies 2024-09-17 at 16:01 By ALPHV, also known as BlackCat or Noberus, is a sophisticated ransomware group targeting critical infrastructure and various organizations, including being the most active group used to attack the financial services sector. This article is an excerpt from Trustwave Blog View Original

ALPHV BlackCat Ransomware: A Technical Deep Dive and Mitigation Strategies Read More »

Spam With A Political Twist: Fraudsters Are Exploiting The Election Season

Spam With A Political Twist: Fraudsters Are Exploiting The Election Season 2024-09-17 at 16:01 By The US election is less than 70 days away and threat actors are busy crafting malicious spam that uses candidate names and political themes as social engineering tools to convince recipients to open their emails. This article is an excerpt

Spam With A Political Twist: Fraudsters Are Exploiting The Election Season Read More »

Recent WhatsUp Gold Vulnerabilities Possibly Exploited in Ransomware Attacks

Recent WhatsUp Gold Vulnerabilities Possibly Exploited in Ransomware Attacks 2024-09-17 at 13:01 By Eduard Kovacs Two recently patched Progress Software WhatsUp Gold vulnerabilities may have been exploited in the wild, possibly in ransomware attacks. The post Recent WhatsUp Gold Vulnerabilities Possibly Exploited in Ransomware Attacks appeared first on SecurityWeek. This article is an excerpt from

Recent WhatsUp Gold Vulnerabilities Possibly Exploited in Ransomware Attacks Read More »

Apple Patches Major Security Flaws with iOS 18 Refresh

Apple Patches Major Security Flaws with iOS 18 Refresh 2024-09-16 at 23:13 By Ryan Naraine Apple warns that attackers can use Siri to access sensitive user data, control nearby devices, or view recent photos without authentication.  The post Apple Patches Major Security Flaws with iOS 18 Refresh appeared first on SecurityWeek. This article is an

Apple Patches Major Security Flaws with iOS 18 Refresh Read More »

Microsoft Says Recent Windows Vulnerability Exploited as Zero-Day

Microsoft Says Recent Windows Vulnerability Exploited as Zero-Day 2024-09-16 at 14:46 By Ionut Arghire Microsoft warns that a recently patched Windows vulnerability was exploited in the wild as a zero-day prior to July 2024. The post Microsoft Says Recent Windows Vulnerability Exploited as Zero-Day appeared first on SecurityWeek. This article is an excerpt from SecurityWeek

Microsoft Says Recent Windows Vulnerability Exploited as Zero-Day Read More »

Ivanti CSA Vulnerability Exploited in Attacks Days After DIsclosure

Ivanti CSA Vulnerability Exploited in Attacks Days After DIsclosure 2024-09-16 at 12:31 By Eduard Kovacs The Ivanti Cloud Service Appliance vulnerability CVE-2024-8190 has been exploited in the wild, with attacks starting just days after disclosure. The post Ivanti CSA Vulnerability Exploited in Attacks Days After DIsclosure appeared first on SecurityWeek. This article is an excerpt

Ivanti CSA Vulnerability Exploited in Attacks Days After DIsclosure Read More »

SolarWinds Patches Critical Vulnerability in Access Rights Manager

SolarWinds Patches Critical Vulnerability in Access Rights Manager 2024-09-16 at 12:31 By Ionut Arghire SolarWinds has announced patches for a critical-severity remote code execution vulnerability in Access Rights Manager. The post SolarWinds Patches Critical Vulnerability in Access Rights Manager appeared first on SecurityWeek. This article is an excerpt from SecurityWeek RSS Feed View Original Source

SolarWinds Patches Critical Vulnerability in Access Rights Manager Read More »

Scroll to Top