vulnerability

‘BatBadBut’ Command Injection Vulnerability Affects Multiple Programming Languages

‘BatBadBut’ Command Injection Vulnerability Affects Multiple Programming Languages 2024-04-12 at 14:31 By Ionut Arghire A critical vulnerability in multiple programming languages allows attackers to inject commands in Windows applications. The post ‘BatBadBut’ Command Injection Vulnerability Affects Multiple Programming Languages appeared first on SecurityWeek. This article is an excerpt from SecurityWeek RSS Feed View Original Source …

‘BatBadBut’ Command Injection Vulnerability Affects Multiple Programming Languages Read More »

React to this headline:

Loading spinner

Palo Alto Networks firewalls under attack, hotfixes incoming! (CVE-2024-3400)

Palo Alto Networks firewalls under attack, hotfixes incoming! (CVE-2024-3400) 2024-04-12 at 10:46 By Zeljka Zorz Attackers are exploiting a command injection vulnerability (CVE-2024-3400) affecting Palo Alto Networks’ firewalls, the company has warned, and urged customers to implement temporary mitigations and get in touch to check whether their devices have been compromised. “Palo Alto Networks is …

Palo Alto Networks firewalls under attack, hotfixes incoming! (CVE-2024-3400) Read More »

React to this headline:

Loading spinner

Critical D-Link NAS vulnerability under active exploitation 

Critical D-Link NAS vulnerability under active exploitation  2024-04-11 at 14:31 By neetha871ad236bd Cyble Global Sensor Intelligence observed active exploitation of critical D-Link Vulnerability  Recently, the security community has raised concerns regarding the vulnerabilities found in D-Link Network Attached Storage (NAS) devices. The vulnerabilities, identified as CVE-2024-3272 and CVE-2024-3273 were disclosed initially by an individual who …

Critical D-Link NAS vulnerability under active exploitation  Read More »

React to this headline:

Loading spinner

Microsoft patches actively exploited security feature bypass vulnerability (CVE-2024-29988)

Microsoft patches actively exploited security feature bypass vulnerability (CVE-2024-29988) 2024-04-09 at 22:35 By Zeljka Zorz On this April 2024 Patch Tuesday, Microsoft has fixed a record 147 CVE-numbered vulnerabilities, including CVE-2024-29988, a vulnerability that Microsoft hasn’t marked as exploited, but Peter Girnus, senior threat researcher with Trend Micro’s Zero Day Initiative (ZDI), has found being …

Microsoft patches actively exploited security feature bypass vulnerability (CVE-2024-29988) Read More »

React to this headline:

Loading spinner

LG smart TVs may be taken over by remote attackers

LG smart TVs may be taken over by remote attackers 2024-04-09 at 21:02 By Zeljka Zorz Bitdefender researchers have uncovered four vulnerabilities in webOS, the operating system running on LG smart TVs, which may offer attackers unrestricted (root) access to the devices. “Although the vulnerable service is intended for LAN access only, Shodan, the search …

LG smart TVs may be taken over by remote attackers Read More »

React to this headline:

Loading spinner

92,000+ internet-facing D-Link NAS devices accessible via “backdoor” account (CVE-2024-3273)

92,000+ internet-facing D-Link NAS devices accessible via “backdoor” account (CVE-2024-3273) 2024-04-08 at 12:01 By Zeljka Zorz A vulnerability (CVE-2024-3273) in four old D-Link NAS models could be exploited to compromise internet-facing devices, a threat researcher has found. The existence of the flaw was confirmed by D-Link last week, and an exploit for opening an interactive …

92,000+ internet-facing D-Link NAS devices accessible via “backdoor” account (CVE-2024-3273) Read More »

React to this headline:

Loading spinner

Ivanti vows to transform its security operating model, reveals new vulnerabilities

Ivanti vows to transform its security operating model, reveals new vulnerabilities 2024-04-04 at 16:02 By Zeljka Zorz Ivanti has released patches for new DoS vulnerabilities affecting Ivanti Connect Secure (SSL VPN solution) and Ivanti Policy Secure (NAC solution), some of which could also lead to execution of arbitrary code or information disclosure. Also, three months …

Ivanti vows to transform its security operating model, reveals new vulnerabilities Read More »

React to this headline:

Loading spinner

Critical Vulnerability in Progress Flowmon Allows Remote Access to Systems

Critical Vulnerability in Progress Flowmon Allows Remote Access to Systems 2024-04-04 at 15:33 By Ionut Arghire A critical OS command injection in Progress Flowmon can be exploited to gain remote, unauthenticated access to the system. The post Critical Vulnerability in Progress Flowmon Allows Remote Access to Systems appeared first on SecurityWeek. This article is an …

Critical Vulnerability in Progress Flowmon Allows Remote Access to Systems Read More »

React to this headline:

Loading spinner

Critical Vulnerability Found in LayerSlider Plugin Installed on a Million WordPress Sites

Critical Vulnerability Found in LayerSlider Plugin Installed on a Million WordPress Sites 2024-04-03 at 16:16 By Ionut Arghire A critical SQL injection vulnerability in the LayerSlider WordPress plugin allows attackers to extract sensitive information. The post Critical Vulnerability Found in LayerSlider Plugin Installed on a Million WordPress Sites appeared first on SecurityWeek. This article is …

Critical Vulnerability Found in LayerSlider Plugin Installed on a Million WordPress Sites Read More »

React to this headline:

Loading spinner

XZ Utils backdoor update: Which Linux distros are affected and what can you do?

XZ Utils backdoor update: Which Linux distros are affected and what can you do? 2024-03-31 at 21:01 By Zeljka Zorz The news that XZ Utils, a compression utility present in most Linux distributions, has been backdoored by a supposedly trusted maintainer has rattled the open-source software community on Friday, mere hours until the beginning of …

XZ Utils backdoor update: Which Linux distros are affected and what can you do? Read More »

React to this headline:

Loading spinner

Beware! Backdoor found in XZ utilities used by many Linux distros (CVE-2024-3094)

Beware! Backdoor found in XZ utilities used by many Linux distros (CVE-2024-3094) 2024-03-29 at 20:31 By Zeljka Zorz A vulnerability (CVE-2024-3094) in XZ Utils, the XZ format compression utilities included in most Linux distributions, may “enable a malicious actor to break sshd authentication and gain unauthorized access to the entire system remotely,” Red Hat warns. …

Beware! Backdoor found in XZ utilities used by many Linux distros (CVE-2024-3094) Read More »

React to this headline:

Loading spinner

26 Security Issues Patched in TeamCity

26 Security Issues Patched in TeamCity 2024-03-29 at 13:17 By Eduard Kovacs JetBrains patches 26 security issues in TeamCity and takes steps to avoid malicious exploitation of vulnerabilities. The post 26 Security Issues Patched in TeamCity appeared first on SecurityWeek. This article is an excerpt from SecurityWeek RSS Feed View Original Source React to this …

26 Security Issues Patched in TeamCity Read More »

React to this headline:

Loading spinner

Patch actively exploited Microsoft SharePoint bug, CISA orders federal agencies (CVE-2023-24955)

Patch actively exploited Microsoft SharePoint bug, CISA orders federal agencies (CVE-2023-24955) 2024-03-28 at 12:32 By Zeljka Zorz The Cybersecurity and Infrastructure Security Agency (CISA) has added CVE-2023-24955 – a code injection vulnerability that allows authenticated attackers to execute code remotely on a vulnerable Microsoft SharePoint Server – to its KEV catalog and is demanding that …

Patch actively exploited Microsoft SharePoint bug, CISA orders federal agencies (CVE-2023-24955) Read More »

React to this headline:

Loading spinner

AI framework vulnerability is being used to compromise enterprise servers (CVE-2023-48022)

AI framework vulnerability is being used to compromise enterprise servers (CVE-2023-48022) 2024-03-27 at 13:16 By Zeljka Zorz Attackers are leveraging a vulnerability (CVE-2023-48022) in Anyscale’s Ray AI software to compromise enterprise servers and saddle them with cryptominers and reverse shells. “To our knowledge, the attack started 7 months ago,” Avi Lumelsky, a researcher at Oligo …

AI framework vulnerability is being used to compromise enterprise servers (CVE-2023-48022) Read More »

React to this headline:

Loading spinner

17,000+ Microsoft Exchange servers in Germany are vulnerable to attack, BSI warns

17,000+ Microsoft Exchange servers in Germany are vulnerable to attack, BSI warns 2024-03-26 at 15:31 By Zeljka Zorz Around 12% of the 45,000 or so Microsoft Exchange servers in Germany that can be accessed from the Internet without restrictions “are so outdated that security updates are no longer offered for them,” the German Federal Office …

17,000+ Microsoft Exchange servers in Germany are vulnerable to attack, BSI warns Read More »

React to this headline:

Loading spinner

ParaSwap begins returning crypto after critical smart contract bug

ParaSwap begins returning crypto after critical smart contract bug 2024-03-25 at 06:01 By Cointelegraph by Martin Young ParaSwap has now returned assets to wallets that have revoked their permissions to the AugustusV6 smart contract, which was found to have a critical vulnerability last week. This article is an excerpt from Cointelegraph.com News View Original Source …

ParaSwap begins returning crypto after critical smart contract bug Read More »

React to this headline:

Loading spinner

Microsoft Patches Xbox Vulnerability Following Public Disclosure

Microsoft Patches Xbox Vulnerability Following Public Disclosure 2024-03-21 at 15:46 By Eduard Kovacs Microsoft patches Xbox Gaming Services vulnerability CVE-2024-28916 after initially saying it was not a security issue. The post Microsoft Patches Xbox Vulnerability Following Public Disclosure appeared first on SecurityWeek. This article is an excerpt from SecurityWeek RSS Feed View Original Source React …

Microsoft Patches Xbox Vulnerability Following Public Disclosure Read More »

React to this headline:

Loading spinner

Attackers are exploiting JetBrains TeamCity flaw to deliver a variety of malware

Attackers are exploiting JetBrains TeamCity flaw to deliver a variety of malware 2024-03-21 at 12:01 By Helga Labus Attackers are exploiting the recently patched JetBrains TeamCity auth bypass vulnerability (CVE-2024-27198) to deliver ransomware, cryptominers and remote access trojans (RATs), according to Trend Micro researchers. The CVE-2024-27198 timeline CVE-2024-27198, an authentication bypass vulnerability affecting the TeamCity …

Attackers are exploiting JetBrains TeamCity flaw to deliver a variety of malware Read More »

React to this headline:

Loading spinner

Ivanti fixes RCE vulnerability reported by NATO cybersecurity researchers (CVE-2023-41724)

Ivanti fixes RCE vulnerability reported by NATO cybersecurity researchers (CVE-2023-41724) 2024-03-20 at 21:01 By Zeljka Zorz Ivanti has fixed a critical RCE vulnerability (CVE-2023-41724) in Ivanti Standalone Sentry that has been reported by researchers with the NATO Cyber Security Centre. Though the company is not aware of customers being compromised via the flaw, it “strongly …

Ivanti fixes RCE vulnerability reported by NATO cybersecurity researchers (CVE-2023-41724) Read More »

React to this headline:

Loading spinner

Atlassian Patches Critical Vulnerability in Bamboo Data Center and Server

Atlassian Patches Critical Vulnerability in Bamboo Data Center and Server 2024-03-20 at 16:46 By Ionut Arghire Atlassian releases patches for two dozen vulnerabilities, including a critical-severity bug in Bamboo Data Center and Server. The post Atlassian Patches Critical Vulnerability in Bamboo Data Center and Server appeared first on SecurityWeek. This article is an excerpt from …

Atlassian Patches Critical Vulnerability in Bamboo Data Center and Server Read More »

React to this headline:

Loading spinner
Scroll to Top