Vulnerabilities - Security Ticks

Critical Vulnerability in Progress Flowmon Allows Remote Access to Systems

Vulnerabilities, vulnerability / SecurityTicks

Critical Vulnerability in Progress Flowmon Allows Remote Access to Systems 2024-04-04 at 15:33 By Ionut Arghire A critical OS command injection in Progress Flowmon can be exploited to gain remote, unauthenticated access to the system. The post Critical Vulnerability in Progress Flowmon Allows Remote Access to Systems appeared first on SecurityWeek. This article is an […]

Critical Vulnerability in Progress Flowmon Allows Remote Access to Systems Read More »

Zoom Paid Out $10 Million via Bug Bounty Program Since 2019

bug bounty program, Vulnerabilities, Zoom / SecurityTicks

Zoom Paid Out $10 Million via Bug Bounty Program Since 2019 2024-04-04 at 13:16 By Eduard Kovacs Video conferencing giant Zoom has paid out $10 million through its bug bounty program since it was launched in 2019. The post Zoom Paid Out $10 Million via Bug Bounty Program Since 2019 appeared first on SecurityWeek. This

Zoom Paid Out $10 Million via Bug Bounty Program Since 2019 Read More »

CVE and NVD – A Weak and Fractured Source of Vulnerability Truth

CVE, Featured, MITRE, NVD, Vulnerabilities / SecurityTicks

CVE and NVD – A Weak and Fractured Source of Vulnerability Truth 2024-04-03 at 17:17 By Kevin Townsend MITRE is unable to compile a list of all new vulnerabilities, and NIST is unable to subsequently, and consequently, provide an enriched database of all vulnerabilities. What went wrong, and what can be done? The post CVE

CVE and NVD – A Weak and Fractured Source of Vulnerability Truth Read More »

Critical Vulnerability Found in LayerSlider Plugin Installed on a Million WordPress Sites

Vulnerabilities, vulnerability, WordPress / SecurityTicks

Critical Vulnerability Found in LayerSlider Plugin Installed on a Million WordPress Sites 2024-04-03 at 16:16 By Ionut Arghire A critical SQL injection vulnerability in the LayerSlider WordPress plugin allows attackers to extract sensitive information. The post Critical Vulnerability Found in LayerSlider Plugin Installed on a Million WordPress Sites appeared first on SecurityWeek. This article is

Critical Vulnerability Found in LayerSlider Plugin Installed on a Million WordPress Sites Read More »

Google Patches Chrome Flaw That Earned Hackers $42,500 at Pwn2Own

Chrome, Pwn2Own, Vulnerabilities / SecurityTicks

Google Patches Chrome Flaw That Earned Hackers $42,500 at Pwn2Own 2024-04-03 at 14:16 By Ionut Arghire Google pushes a new Chrome update to patch another zero-day vulnerability demonstrated at a hacking contest. The post Google Patches Chrome Flaw That Earned Hackers $42,500 at Pwn2Own appeared first on SecurityWeek. This article is an excerpt from SecurityWeek

Google Patches Chrome Flaw That Earned Hackers $42,500 at Pwn2Own Read More »

Security Flaw in WP-Members Plugin Leads to Script Injection

Application Security, CVE-2024-1852, Vulnerabilities, Wordfence, WordPress, WP-Members / SecurityTicks

Security Flaw in WP-Members Plugin Leads to Script Injection 2024-04-02 at 18:46 By Ionut Arghire A cross-site scripting vulnerability in the WP-Members Membership plugin could allow attackers to inject scripts into user profile pages. The post Security Flaw in WP-Members Plugin Leads to Script Injection appeared first on SecurityWeek. This article is an excerpt from

Security Flaw in WP-Members Plugin Leads to Script Injection Read More »

Hotel Self Check-In Kiosks Exposed Room Access Codes

door hack, hotel, IoT Security, Vulnerabilities / SecurityTicks

Hotel Self Check-In Kiosks Exposed Room Access Codes 2024-04-02 at 17:01 By Eduard Kovacs Self check-in kiosks at Ibis Budget hotels were affected by a vulnerability that exposed keypad codes that could be used to enter rooms. The post Hotel Self Check-In Kiosks Exposed Room Access Codes appeared first on SecurityWeek. This article is an

Hotel Self Check-In Kiosks Exposed Room Access Codes Read More »

‘WallEscape’ Linux Vulnerability Leaks User Passwords

CVE-2024-28085, Linux, Malware & Threats, Ubuntu, Vulnerabilities, WallEscape / SecurityTicks

‘WallEscape’ Linux Vulnerability Leaks User Passwords 2024-04-01 at 19:31 By Ionut Arghire A vulnerability in util-linux, a core utilities package in Linux systems, allows attackers to leak user passwords and modify the clipboard. The post ‘WallEscape’ Linux Vulnerability Leaks User Passwords appeared first on SecurityWeek. This article is an excerpt from SecurityWeek RSS Feed View

‘WallEscape’ Linux Vulnerability Leaks User Passwords Read More »

Supply Chain Attack: Major Linux Distributions Impacted by XZ Utils Backdoor

Featured, Supply Chain Security, Vulnerabilities / SecurityTicks

Supply Chain Attack: Major Linux Distributions Impacted by XZ Utils Backdoor 2024-04-01 at 17:16 By Ionut Arghire Urgent security alerts issued as malicious code was found embedded in the XZ Utils data compression library used in many Linux distributions. The post Supply Chain Attack: Major Linux Distributions Impacted by XZ Utils Backdoor appeared first on

Supply Chain Attack: Major Linux Distributions Impacted by XZ Utils Backdoor Read More »

26 Security Issues Patched in TeamCity

TeamCity, Vulnerabilities, vulnerability / SecurityTicks

26 Security Issues Patched in TeamCity 2024-03-29 at 13:17 By Eduard Kovacs JetBrains patches 26 security issues in TeamCity and takes steps to avoid malicious exploitation of vulnerabilities. The post 26 Security Issues Patched in TeamCity appeared first on SecurityWeek. This article is an excerpt from SecurityWeek RSS Feed View Original Source

26 Security Issues Patched in TeamCity Read More »

Splunk Patches Vulnerabilities in Enterprise Product

Splunk, Vulnerabilities / SecurityTicks

Splunk Patches Vulnerabilities in Enterprise Product 2024-03-28 at 18:32 By Eduard Kovacs Splunk patches high-severity vulnerabilities in Enterprise, including an authentication token exposure issue. The post Splunk Patches Vulnerabilities in Enterprise Product appeared first on SecurityWeek. This article is an excerpt from SecurityWeek RSS Feed View Original Source

Splunk Patches Vulnerabilities in Enterprise Product Read More »

Cisco Patches DoS Vulnerabilities in Networking Products

Cisco, Network Security, Vulnerabilities / SecurityTicks

Cisco Patches DoS Vulnerabilities in Networking Products 2024-03-28 at 15:17 By Ionut Arghire Cisco has released patches for multiple IOS and IOS XE software vulnerabilities leading to denial-of-service (DoS). The post Cisco Patches DoS Vulnerabilities in Networking Products appeared first on SecurityWeek. This article is an excerpt from SecurityWeek RSS Feed View Original Source

Cisco Patches DoS Vulnerabilities in Networking Products Read More »

Code Execution Flaws Haunt NVIDIA ChatRTX for Windows

Artificial Intelligence, ChatGPT, ChatRTX, generative AI, NVIDIA, Vulnerabilities / SecurityTicks

Code Execution Flaws Haunt NVIDIA ChatRTX for Windows 2024-03-27 at 21:01 By Ryan Naraine Artificial intelligence computing giant NVIDIA patches flaws in ChatRTX for Windows and warns of code execution and data tampering risks. The post Code Execution Flaws Haunt NVIDIA ChatRTX for Windows appeared first on SecurityWeek. This article is an excerpt from SecurityWeek

Code Execution Flaws Haunt NVIDIA ChatRTX for Windows Read More »

Google Report: Despite Surge in Zero-Day Attacks, Exploit Mitigations Are Working

Google TAG, Lockdown Mode, Malware & Threats, Mandiant, Nation-State, Vulnerabilities, Zero-Day / SecurityTicks

Google Report: Despite Surge in Zero-Day Attacks, Exploit Mitigations Are Working 2024-03-27 at 17:01 By Ryan Naraine Despite a surge in zero-day attacks, data shows that security investments into OS and software exploit mitigations are forcing attackers to find new attack surfaces and bug patterns. The post Google Report: Despite Surge in Zero-Day Attacks, Exploit

Google Report: Despite Surge in Zero-Day Attacks, Exploit Mitigations Are Working Read More »

Chrome Update Patches Zero-Day Vulnerabilities Exploited at Pwn2Own

Google Chrome, Malware & Threats, Pwn2Own, Vulnerabilities, Zero-Day / SecurityTicks

Chrome Update Patches Zero-Day Vulnerabilities Exploited at Pwn2Own 2024-03-27 at 17:01 By Ionut Arghire Google ships a security-themed Chrome browser refresh to fix flaws exploited at the CanSecWest Pwn2Own hacking contest. The post Chrome Update Patches Zero-Day Vulnerabilities Exploited at Pwn2Own appeared first on SecurityWeek. This article is an excerpt from SecurityWeek RSS Feed View

Chrome Update Patches Zero-Day Vulnerabilities Exploited at Pwn2Own Read More »

CISA: Second SharePoint Flaw Disclosed at Pwn2Own Exploited in Attacks

CISA KEV, exploited, SharePoint, Vulnerabilities / SecurityTicks

CISA: Second SharePoint Flaw Disclosed at Pwn2Own Exploited in Attacks 2024-03-27 at 12:46 By Eduard Kovacs CISA says a second SharePoint vulnerability demonstrated last year at Pwn2Own, CVE-2023-24955, has been exploited in the wild. The post CISA: Second SharePoint Flaw Disclosed at Pwn2Own Exploited in Attacks appeared first on SecurityWeek. This article is an excerpt

CISA: Second SharePoint Flaw Disclosed at Pwn2Own Exploited in Attacks Read More »

ZenHammer Attack Targets DRAM on Systems With AMD CPUs

Amd, CPU vulnerability, Endpoint Security, Featured, Rowhammer, Vulnerabilities / SecurityTicks

ZenHammer Attack Targets DRAM on Systems With AMD CPUs 2024-03-26 at 17:01 By Eduard Kovacs A new Rowhammer attack named ZenHammer has been demonstrated against DRAM on systems with AMD CPUs, including DDR5. The post ZenHammer Attack Targets DRAM on Systems With AMD CPUs appeared first on SecurityWeek. This article is an excerpt from SecurityWeek

ZenHammer Attack Targets DRAM on Systems With AMD CPUs Read More »

Apple Patches Code Execution Vulnerability in iOS, macOS

apple, Vulnerabilities / SecurityTicks

Apple Patches Code Execution Vulnerability in iOS, macOS 2024-03-26 at 15:02 By Ionut Arghire Apple has released iOS 17.4.1 and macOS Sonoma 14.4.1 with patches for an arbitrary code execution vulnerability. The post Apple Patches Code Execution Vulnerability in iOS, macOS appeared first on SecurityWeek. This article is an excerpt from SecurityWeek RSS Feed View

Apple Patches Code Execution Vulnerability in iOS, macOS Read More »

US Government Urges Software Makers to Eliminate SQL Injection Vulnerabilities

CISA, SQL injection, Vulnerabilities / SecurityTicks

US Government Urges Software Makers to Eliminate SQL Injection Vulnerabilities 2024-03-26 at 13:16 By Ionut Arghire CISA and the FBI issue a secure-by-design alert on eliminating SQL injection vulnerabilities from software. The post US Government Urges Software Makers to Eliminate SQL Injection Vulnerabilities appeared first on SecurityWeek. This article is an excerpt from SecurityWeek RSS

US Government Urges Software Makers to Eliminate SQL Injection Vulnerabilities Read More »

Recent Fortinet FortiClient EMS Vulnerability Exploited in Attacks

exploited, Featured, Fortinet, Ivanti, Vulnerabilities / SecurityTicks

Recent Fortinet FortiClient EMS Vulnerability Exploited in Attacks 2024-03-26 at 12:46 By Eduard Kovacs CVE-2023-48788, a critical SQL injection vulnerability in Fortinet’s FortiClient EMS product, is being exploited in the wild. The post Recent Fortinet FortiClient EMS Vulnerability Exploited in Attacks appeared first on SecurityWeek. This article is an excerpt from SecurityWeek RSS Feed View

Recent Fortinet FortiClient EMS Vulnerability Exploited in Attacks Read More »