vulnerability

IT Vulnerability Report: Cyble Urges Fixes for Apache Struts, Qualcomm & More

IT Vulnerability, vulnerability /

IT Vulnerability Report: Cyble Urges Fixes for Apache Struts, Qualcomm & More 2024-12-24 at 12:34 By daksh sharma Overview Cyble’s December 19 IT vulnerability report to clients highlighted nine vulnerabilities at high risk of attack, including five under active discussion on dark web forums. Cyble vulnerability intelligence and dark web researchers also noted threat actor […]

React to this headline:

Loading spinner

IT Vulnerability Report: Cyble Urges Fixes for Apache Struts, Qualcomm & More Read More »

Cyble Sensors Detect Attacks on Ivanti, PHP, SAML, Network Devices, and More

Ivanti, vulnerability /

Cyble Sensors Detect Attacks on Ivanti, PHP, SAML, Network Devices, and More 2024-12-24 at 10:03 By daksh sharma Overview Cyble honeypot sensors detected dozens of vulnerabilities under attack in the threat intelligence leader’s most recent sensor intelligence report, including fresh attacks on an Ivanti vulnerability. Threat actors also targeted vulnerabilities affecting PHP and the Ruby

React to this headline:

Loading spinner

Cyble Sensors Detect Attacks on Ivanti, PHP, SAML, Network Devices, and More Read More »

BeyondTrust fixes critical vulnerability in remote access, support solutions (CVE-2024-12356)

BeyondTrust, CVE, Don't miss, enterprise, Hot stuff, News, remote access, vulnerability /

BeyondTrust fixes critical vulnerability in remote access, support solutions (CVE-2024-12356) 2024-12-18 at 11:48 By Zeljka Zorz BeyondTrust has fixed an unauthenticated command injection vulnerability (CVE-2024-12356) in its Privileged Remote Access (PRA) and Remote Support (RS) products that may allow remote code execution, and is urging organizations with on-premise installations to test the patch and implement

React to this headline:

Loading spinner

BeyondTrust fixes critical vulnerability in remote access, support solutions (CVE-2024-12356) Read More »

ACSC Warns of Remote Code Execution Risk in Apache Struts2

ACSC, Apache Struts2, vulnerability /

ACSC Warns of Remote Code Execution Risk in Apache Struts2 2024-12-18 at 11:31 By daksh sharma Overview The Australian Cyber Security Center (ACSC) has alerted organizations about a severe vulnerability in the Apache Struts2 Framework. The vulnerability, CVE-2024-53677, has been identified in the Framework, posing a critical risk to organizations that use, develop, or support

React to this headline:

Loading spinner

ACSC Warns of Remote Code Execution Risk in Apache Struts2 Read More »

Multiple Vulnerabilities in Google Chrome for Desktop: Update to Stay Secure

Google Chrome, vulnerability /

Multiple Vulnerabilities in Google Chrome for Desktop: Update to Stay Secure 2024-12-17 at 16:11 By daksh sharma Overview On December 16, 2024, the Indian Computer Emergency Response Team (CERT-In) issued a vulnerability note (CIVN-2024-0356) regarding multiple security flaws in Google Chrome for Desktop. These vulnerabilities, rated HIGH in severity, could allow remote attackers to execute

React to this headline:

Loading spinner

Multiple Vulnerabilities in Google Chrome for Desktop: Update to Stay Secure Read More »

IT Vulnerability Report: Cleo, Windows Flaws Under Attack

Cleo, IT Vulnerability, vulnerability, Windows /

IT Vulnerability Report: Cleo, Windows Flaws Under Attack 2024-12-16 at 12:18 By daksh sharma Cyble Research and Intelligence Labs (CRIL) researchers investigated 16 IT vulnerabilities and 11 dark web exploits in the week ended Dec. 10, including actively exploited vulnerabilities in Cleo managed file transfer (MFT) software and Microsoft Windows. Other vulnerabilities analyzed by Cyble

React to this headline:

Loading spinner

IT Vulnerability Report: Cleo, Windows Flaws Under Attack Read More »

CISA Adds CVE-2024-49138 to the Known Exploited Vulnerabilities Catalog, Urgency for Microsoft Users

CISA, CVE-2024-49138, vulnerability /

CISA Adds CVE-2024-49138 to the Known Exploited Vulnerabilities Catalog, Urgency for Microsoft Users 2024-12-11 at 15:03 By daksh sharma Overview The Cybersecurity and Infrastructure Security Agency (CISA) added a critical vulnerability, CVE-2024-49138, to its Known Exploited Vulnerabilities (KEV) catalog based on evidence that this flaw is being actively exploited. The vulnerability, identified in the Microsoft

React to this headline:

Loading spinner

CISA Adds CVE-2024-49138 to the Known Exploited Vulnerabilities Catalog, Urgency for Microsoft Users Read More »

BadRAM: $10 hack unlocks AMD encrypted memory

Amd, chip, CVE, Don't miss, hardware, News, Raspberry Pi, research, vulnerability /

BadRAM: $10 hack unlocks AMD encrypted memory 2024-12-11 at 13:16 By Mirko Zorz Cybersecurity researchers have identified a vulnerability (CVE-2024-21944, aka BadRAM) affecting ADM processors that can be triggered by rogue memory modules to unlock the chips’ encrypted memory. The SPD chip can be modified using an off-the-shelf microcontroller. The researchers used a Raspberry Pi

React to this headline:

Loading spinner

BadRAM: $10 hack unlocks AMD encrypted memory Read More »

Attackers actively exploiting flaw(s) in Cleo file transfer software (CVE-2024-50623)

Cleo, CVE, Don't miss, file-sharing, Hot stuff, Huntress, News, vulnerability /

Attackers actively exploiting flaw(s) in Cleo file transfer software (CVE-2024-50623) 2024-12-10 at 15:35 By Zeljka Zorz Attackers are exploiting a vulnerability (CVE-2024-50623) in file transfer software by Cleo – LexiCo, VLTransfer, and Harmony – to gain access to organizations’ systems, Huntress researchers warned on Monday. “We’ve discovered at least 10 businesses whose Cleo servers were

React to this headline:

Loading spinner

Attackers actively exploiting flaw(s) in Cleo file transfer software (CVE-2024-50623) Read More »

Security Risks in TP-Link Archer Router Could Lead to Unauthorized Access

TP-Link Archer, vulnerability /

Security Risks in TP-Link Archer Router Could Lead to Unauthorized Access 2024-12-10 at 14:33 By daksh sharma Overview The TP-Link Archer C50 V4, a popular dual-band wireless router designed for small office and home office (SOHO) networks, has been found to contain multiple security vulnerabilities that could expose users to a range of cyber threats.

React to this headline:

Loading spinner

Security Risks in TP-Link Archer Router Could Lead to Unauthorized Access Read More »

Update your OpenWrt router! Security issue made supply chain attack possible

Don't miss, embedded systems, Hot stuff, Linux, networking, News, open source, OpenWRT, router, security update, vulnerability /

Update your OpenWrt router! Security issue made supply chain attack possible 2024-12-09 at 20:51 By Zeljka Zorz A security issue that could have allowed attackers to serve malicious firmware images to users has been fixed by OpenWrt Project, the organization that helms the development of the popular Linux distribution for embedded devices. About OpenWrt OpenWrt

React to this headline:

Loading spinner

Update your OpenWrt router! Security issue made supply chain attack possible Read More »

Cyble’s Weekly Vulnerability Report: Critical Flaws in Major Software Including Progress Software, QNAP, and 7-Zip

vulnerability, Weekly Vulnerability /

Cyble’s Weekly Vulnerability Report: Critical Flaws in Major Software Including Progress Software, QNAP, and 7-Zip 2024-12-09 at 16:20 By daksh sharma Overview The Cyble Research & Intelligence Labs (CRIL) has released its Weekly Vulnerability Insights Report, highlighting a series of critical vulnerabilities reported between November 27, 2024, and December 3, 2024. This week’s findings focus

React to this headline:

Loading spinner

Cyble’s Weekly Vulnerability Report: Critical Flaws in Major Software Including Progress Software, QNAP, and 7-Zip Read More »

QNAP NAS Vulnerabilities Exposed: What You Need to Know to Stay Secure

QNAP, vulnerability /

QNAP NAS Vulnerabilities Exposed: What You Need to Know to Stay Secure 2024-12-09 at 13:18 By daksh sharma Overview QNAP NAS systems, a trusted choice for personal and enterprise data storage, have recently been flagged for multiple critical vulnerabilities. Multiple vulnerabilities have been identified in QNAP’s operating systems, leaving users exposed to a variety of

React to this headline:

Loading spinner

QNAP NAS Vulnerabilities Exposed: What You Need to Know to Stay Secure Read More »

CISA Updates Known Exploited Vulnerabilities Catalog, Adding 3 Critical Flaws

vulnerability /

CISA Updates Known Exploited Vulnerabilities Catalog, Adding 3 Critical Flaws 2024-12-06 at 09:18 By Cyble Overview  The Cybersecurity and Infrastructure Security Agency (CISA) has recently updated its Known Exploited Vulnerabilities (KEV) Catalog, adding three critical flaws that are currently being actively exploited. These vulnerabilities impact a range of products, from industrial control systems (ICS) to

React to this headline:

Loading spinner

CISA Updates Known Exploited Vulnerabilities Catalog, Adding 3 Critical Flaws Read More »

Vulnerabilities in ICS: A Detailed Analysis of Recent Security Advisories and Threats 

CISA, CVE-2021-22763, ICS products, ICS sector, ICS Vulnerabilities, vulnerability /

Vulnerabilities in ICS: A Detailed Analysis of Recent Security Advisories and Threats  2024-12-04 at 16:31 By Cyble Overview  The recent Weekly Industrial Control System Vulnerability Intelligence Report from Cyble Research & Intelligence Labs (CRIL) covers the vulnerabilities disclosed by the Cybersecurity and Infrastructure Security Agency (CISA) from November 26, 2024, to December 02, 2024.   The

React to this headline:

Loading spinner

Vulnerabilities in ICS: A Detailed Analysis of Recent Security Advisories and Threats  Read More »

Australia’s ACSC and ASD Team Up with CISA, NSA, FBI, and International Allies to Protect Communications Infrastructure

ACSC, ASD, CISA, FBI, hardening guidance, NSA, secure by design, vulnerability /

Australia’s ACSC and ASD Team Up with CISA, NSA, FBI, and International Allies to Protect Communications Infrastructure 2024-12-04 at 16:18 By Cyble Overview  A coalition of cybersecurity agencies, including the Cybersecurity and Infrastructure Security Agency (CISA), the National Security Agency (NSA), the Federal Bureau of Investigation (FBI), Australia’s Australian Signals Directorate (ASD), the Australian Cyber

React to this headline:

Loading spinner

Australia’s ACSC and ASD Team Up with CISA, NSA, FBI, and International Allies to Protect Communications Infrastructure Read More »

PoC exploit for critical WhatsUp Gold RCE vulnerability released (CVE-2024-8785)

CVE, Don't miss, enterprise, exploit, Hot stuff, network monitoring, News, PoC, Progress, Tenable, vulnerability /

PoC exploit for critical WhatsUp Gold RCE vulnerability released (CVE-2024-8785) 2024-12-04 at 13:38 By Zeljka Zorz Researchers have published a proof-of-concept (PoC) exploit for CVE-2024-8785, a critical remote code execution vulnerability affecting Progress WhatsUp Gold, a popular network monitoring solution for enterprises. CVE-2024-8785 and the PoC exploit CVE-2024-8785 stems from the incorrect use of a

React to this headline:

Loading spinner

PoC exploit for critical WhatsUp Gold RCE vulnerability released (CVE-2024-8785) Read More »

Veeam plugs serious holes in Service Provider Console (CVE-2024-42448, CVE-2024-42449)

backup, CVE, Don't miss, enterprise, Hot stuff, MSP, News, Veeam Software, vulnerability /

Veeam plugs serious holes in Service Provider Console (CVE-2024-42448, CVE-2024-42449) 2024-12-03 at 19:48 By Zeljka Zorz Veeam has fixed two vulnerabilities in Veeam Service Provider Console (VSPC), one of which (CVE-2024-42448) may allow remote attackers to achieve code exection on the VSPC server machine. The vulnerabilities Veeam Service Provider Console is a cloud-enabled platform that

React to this headline:

Loading spinner

Veeam plugs serious holes in Service Provider Console (CVE-2024-42448, CVE-2024-42449) Read More »

CISA Releases New List of Known Exploited Vulnerabilities, Urges Immediate Actions 

CISA, CVE-2024-11680, CVE-2024-23113, CVE-2024-47575, exploit, KEV, Known Exploited Vulnerabilities, vulnerability /

CISA Releases New List of Known Exploited Vulnerabilities, Urges Immediate Actions  2024-12-02 at 14:15 By Cyble Overview  The Cybersecurity and Infrastructure Security Agency (CISA) has once again emphasized the critical importance of addressing IT vulnerabilities. This week, Cyble has reported multiple vulnerabilities across IT devices based on the findings published in the Known Exploited Vulnerabilities

React to this headline:

Loading spinner

CISA Releases New List of Known Exploited Vulnerabilities, Urges Immediate Actions  Read More »

Top ICS Vulnerabilities This Week: Schneider Electric, mySCADA, and Automated Logic

ICS, vulnerability /

Top ICS Vulnerabilities This Week: Schneider Electric, mySCADA, and Automated Logic 2024-11-28 at 13:32 By daksh sharma This week’s Cyble ICS vulnerability report includes critical vulnerabilities like CVE-2024-10575 in Schneider Electric’s EcoStruxure IT Gateway, CVE-2024-47407 in mySCADA myPRO Manager/Runtime, and CVE-2024-8525 in Automated Logic that need urgent patching. Overview Cyble Research and Intelligence Labs (CRIL)

React to this headline:

Loading spinner

Top ICS Vulnerabilities This Week: Schneider Electric, mySCADA, and Automated Logic Read More »

Scroll to Top