Vulnerabilities - Security Ticks

In Other News: European Banks Put to Test, Voting DDoS Attacks, Tenable Exploring Sale

In Other News, Vulnerabilities / SecurityTicks

In Other News: European Banks Put to Test, Voting DDoS Attacks, Tenable Exploring Sale 2024-08-02 at 17:16 By SecurityWeek News Noteworthy stories that might have slipped under the radar: over 100 European banks undergo cyber resilience test, DDoS attacks don’t impact voting, and Tenable exploring a potential sale. The post In Other News: European Banks […]

In Other News: European Banks Put to Test, Voting DDoS Attacks, Tenable Exploring Sale Read More »

CISA Warns of Avtech Camera Vulnerability Exploited in Wild

exploited, Vulnerabilities, vulnerability / SecurityTicks

CISA Warns of Avtech Camera Vulnerability Exploited in Wild 2024-08-02 at 13:46 By Eduard Kovacs An Avtech camera vulnerability that likely remains unfixed has been exploited in the wild, according to CISA. The post CISA Warns of Avtech Camera Vulnerability Exploited in Wild appeared first on SecurityWeek. This article is an excerpt from SecurityWeek RSS

CISA Warns of Avtech Camera Vulnerability Exploited in Wild Read More »

Exploited Vulnerability Could Impact 20k Internet-Exposed VMware ESXi Instances

exploited, Ransomware, VMWare, VMware ESXi, Vulnerabilities / SecurityTicks

Exploited Vulnerability Could Impact 20k Internet-Exposed VMware ESXi Instances 2024-08-01 at 16:16 By Ionut Arghire Shadowserver has observed over 20,000 internet-accessible VMware ESXi instances impacted by an exploited vulnerability. The post Exploited Vulnerability Could Impact 20k Internet-Exposed VMware ESXi Instances appeared first on SecurityWeek. This article is an excerpt from SecurityWeek RSS Feed View Original

Exploited Vulnerability Could Impact 20k Internet-Exposed VMware ESXi Instances Read More »

Homebrew Security Audit Finds 25 Vulnerabilities

Application Security, audit, Homebrew, Vulnerabilities, vulnerability / SecurityTicks

Homebrew Security Audit Finds 25 Vulnerabilities 2024-08-01 at 15:16 By Ionut Arghire Vulnerabilities in Homebrew could have allowed attackers to load executable code and modify binary builds, security audit finds. The post Homebrew Security Audit Finds 25 Vulnerabilities appeared first on SecurityWeek. This article is an excerpt from SecurityWeek RSS Feed View Original Source

Homebrew Security Audit Finds 25 Vulnerabilities Read More »

Apple Rolls Out Security Updates for iOS, macOS

apple, patch, Vulnerabilities / SecurityTicks

Apple Rolls Out Security Updates for iOS, macOS 2024-07-30 at 12:01 By Ionut Arghire Apple has released security patches for dozens of vulnerabilities in iOS, macOS, tvOS, visionOS, watchOS, and Safari. The post Apple Rolls Out Security Updates for iOS, macOS appeared first on SecurityWeek. This article is an excerpt from SecurityWeek RSS Feed View

Apple Rolls Out Security Updates for iOS, macOS Read More »

Microsoft Says Ransomware Gangs Exploiting Just-Patched VMware ESXi Flaw

CVE-2024-37085, Microsoft, Ransomware, VMWare, VMware ESXi, Vulnerabilities / SecurityTicks

Microsoft Says Ransomware Gangs Exploiting Just-Patched VMware ESXi Flaw 2024-07-29 at 21:46 By Ryan Naraine VMware did not mention in-the-wild exploitation for CVE-2024-37085 but Microsoft says ransomware gangs are abusing the just-patched flaw. The post Microsoft Says Ransomware Gangs Exploiting Just-Patched VMware ESXi Flaw appeared first on SecurityWeek. This article is an excerpt from SecurityWeek

Microsoft Says Ransomware Gangs Exploiting Just-Patched VMware ESXi Flaw Read More »

Acronis Product Vulnerability Exploited in the Wild

Acronis, exploited, Vulnerabilities / SecurityTicks

Acronis Product Vulnerability Exploited in the Wild 2024-07-29 at 15:16 By Ionut Arghire Acronis warns of a critical-severity Acronis Cyber Infrastructure (ACI) vulnerability being exploited in attacks. The post Acronis Product Vulnerability Exploited in the Wild appeared first on SecurityWeek. This article is an excerpt from SecurityWeek RSS Feed View Original Source

Acronis Product Vulnerability Exploited in the Wild Read More »

Millions of Websites Susceptible XSS Attack via OAuth Implementation Flaw

Application Security, Featured, OAuth, Vulnerabilities, XSS / SecurityTicks

Millions of Websites Susceptible XSS Attack via OAuth Implementation Flaw 2024-07-29 at 15:16 By Kevin Townsend Researchers discovered and published details of an XSS attack that could potentially impact millions of websites around the world. The post Millions of Websites Susceptible XSS Attack via OAuth Implementation Flaw appeared first on SecurityWeek. This article is an

Millions of Websites Susceptible XSS Attack via OAuth Implementation Flaw Read More »

Progress Patches Critical Telerik Report Server Vulnerability

CISA, CVE-2024-6327, ICS/OT, Progress Software, Telerik Report Server, Vulnerabilities / SecurityTicks

Progress Patches Critical Telerik Report Server Vulnerability 2024-07-26 at 17:46 By Ionut Arghire Progress Software calls attention to a critical remote code execution flaw in the Telerik Report Server product. The post Progress Patches Critical Telerik Report Server Vulnerability appeared first on SecurityWeek. This article is an excerpt from SecurityWeek RSS Feed View Original Source

Progress Patches Critical Telerik Report Server Vulnerability Read More »

Threat Actors Exploit Fresh ServiceNow Vulnerabilities in Attacks

exploited, ServiceNow, Vulnerabilities / SecurityTicks

Threat Actors Exploit Fresh ServiceNow Vulnerabilities in Attacks 2024-07-26 at 15:31 By Ionut Arghire Threat actors have started exploiting critical-severity vulnerabilities in ServiceNow shortly after public disclosure. The post Threat Actors Exploit Fresh ServiceNow Vulnerabilities in Attacks appeared first on SecurityWeek. This article is an excerpt from SecurityWeek RSS Feed View Original Source

Threat Actors Exploit Fresh ServiceNow Vulnerabilities in Attacks Read More »

PKfail Vulnerability Allows Secure Boot Bypass on Hundreds of Computer Models

PKfail, secure boot, UEFI, Vulnerabilities, vulnerability / SecurityTicks

PKfail Vulnerability Allows Secure Boot Bypass on Hundreds of Computer Models 2024-07-26 at 13:01 By Eduard Kovacs A vulnerability dubbed PKfail can allow attackers to run malicious code during the boot process, which can be used to deliver UEFI bootkits. The post PKfail Vulnerability Allows Secure Boot Bypass on Hundreds of Computer Models appeared first

PKfail Vulnerability Allows Secure Boot Bypass on Hundreds of Computer Models Read More »

BIND Updates Resolve High-Severity DoS Vulnerabilities

BIND, Vulnerabilities, vulnerability / SecurityTicks

BIND Updates Resolve High-Severity DoS Vulnerabilities 2024-07-25 at 16:16 By Ionut Arghire The latest BIND security updates address remotely exploitable vulnerabilities leading to denial-of-service. The post BIND Updates Resolve High-Severity DoS Vulnerabilities appeared first on SecurityWeek. This article is an excerpt from SecurityWeek RSS Feed View Original Source

BIND Updates Resolve High-Severity DoS Vulnerabilities Read More »

Nvidia Patches High-Severity Vulnerabilities in AI, Networking Products

NVIDIA, Vulnerabilities, vulnerability / SecurityTicks

Nvidia Patches High-Severity Vulnerabilities in AI, Networking Products 2024-07-25 at 12:16 By Eduard Kovacs Nvidia has patched high-severity vulnerabilities in its Jetson, Mellanox OS, OnyX, Skyway, and MetroX products. The post Nvidia Patches High-Severity Vulnerabilities in AI, Networking Products appeared first on SecurityWeek. This article is an excerpt from SecurityWeek RSS Feed View Original Source

Nvidia Patches High-Severity Vulnerabilities in AI, Networking Products Read More »

Docker Patches Critical AuthZ Plugin Bypass Vulnerability Dating Back to 2018

AuthZ bypass, cloud security, CVE-2024-41110, CVSS 10, Docker, Docker Engine, Vulnerabilities / SecurityTicks

Docker Patches Critical AuthZ Plugin Bypass Vulnerability Dating Back to 2018 2024-07-25 at 02:31 By Ryan Naraine The vulnerability, tagged as CVE-2024-41110 with a CVSS severity score of 10/10, was originally found and fixed in 2018. The post Docker Patches Critical AuthZ Plugin Bypass Vulnerability Dating Back to 2018 appeared first on SecurityWeek. This article

Docker Patches Critical AuthZ Plugin Bypass Vulnerability Dating Back to 2018 Read More »

Organizations Warned of Exploited Twilio Authy Vulnerability

exploited, Twilio, Vulnerabilities / SecurityTicks

Organizations Warned of Exploited Twilio Authy Vulnerability 2024-07-24 at 17:46 By Ionut Arghire CISA warns of the in-the-wild exploitation of CVE-2024-39891, a Twilio Authy bug leading to the disclosure of phone number data. The post Organizations Warned of Exploited Twilio Authy Vulnerability appeared first on SecurityWeek. This article is an excerpt from SecurityWeek RSS Feed

Organizations Warned of Exploited Twilio Authy Vulnerability Read More »

Siemens Patches Power Grid Product Flaw Allowing Backdoor Deployment

ICS, ICS/OT, Siemens, Vulnerabilities, vulnerability / SecurityTicks

Siemens Patches Power Grid Product Flaw Allowing Backdoor Deployment 2024-07-24 at 17:46 By Eduard Kovacs Siemens has released out-of-band updates to patch two potentially serious vulnerabilities in products used in energy supply. The post Siemens Patches Power Grid Product Flaw Allowing Backdoor Deployment appeared first on SecurityWeek. This article is an excerpt from SecurityWeek RSS

Siemens Patches Power Grid Product Flaw Allowing Backdoor Deployment Read More »

Chrome 127 Patches 24 Vulnerabilities

Chrome, Vulnerabilities / SecurityTicks

Chrome 127 Patches 24 Vulnerabilities 2024-07-24 at 15:46 By Ionut Arghire Chrome 127 was promoted to the stable channel with patches for 24 vulnerabilities, including 16 reported externally. The post Chrome 127 Patches 24 Vulnerabilities appeared first on SecurityWeek. This article is an excerpt from SecurityWeek RSS Feed View Original Source

Chrome 127 Patches 24 Vulnerabilities Read More »

Recent Splunk Enterprise Vulnerability Easy to Exploit: Security Firm

Splunk, Vulnerabilities, vulnerability / SecurityTicks

Recent Splunk Enterprise Vulnerability Easy to Exploit: Security Firm 2024-07-19 at 18:01 By Ionut Arghire SonicWall warns that a simple GET request is enough to exploit a recent Splunk Enterprise vulnerability. The post Recent Splunk Enterprise Vulnerability Easy to Exploit: Security Firm appeared first on SecurityWeek. This article is an excerpt from SecurityWeek RSS Feed

Recent Splunk Enterprise Vulnerability Easy to Exploit: Security Firm Read More »

SolarWinds Patches Critical Vulnerabilities in Access Rights Manager

SolarWinds, Vulnerabilities / SecurityTicks

SolarWinds Patches Critical Vulnerabilities in Access Rights Manager 2024-07-19 at 14:01 By Ionut Arghire SolarWinds has released patches for 13 vulnerabilities in Access Rights Manager, including eight critical bugs. The post SolarWinds Patches Critical Vulnerabilities in Access Rights Manager appeared first on SecurityWeek. This article is an excerpt from SecurityWeek RSS Feed View Original Source

SolarWinds Patches Critical Vulnerabilities in Access Rights Manager Read More »

$300,000 Offered for WhatsApp Exploit at Pwn2Own Ireland

Pwn2Own, Vulnerabilities / SecurityTicks

$300,000 Offered for WhatsApp Exploit at Pwn2Own Ireland 2024-07-19 at 12:47 By Eduard Kovacs The Pwn2Own hacking competition is moving to Ireland and $300,000 is being offered for a zero-click exploit against WhatsApp. The post $300,000 Offered for WhatsApp Exploit at Pwn2Own Ireland appeared first on SecurityWeek. This article is an excerpt from SecurityWeek RSS

$300,000 Offered for WhatsApp Exploit at Pwn2Own Ireland Read More »