vulnerability

Cisco Patches Critical Vulnerabilities in Secure Email Gateway, SSM

Cisco, Vulnerabilities, vulnerability /

Cisco Patches Critical Vulnerabilities in Secure Email Gateway, SSM 2024-07-18 at 14:46 By Ionut Arghire Cisco has released patches for critical vulnerabilities in Secure Email Gateway and Smart Software Manager On-Prem. The post Cisco Patches Critical Vulnerabilities in Secure Email Gateway, SSM appeared first on SecurityWeek. This article is an excerpt from SecurityWeek RSS Feed […]

React to this headline:

Loading spinner

Cisco Patches Critical Vulnerabilities in Secure Email Gateway, SSM Read More »

Cisco fixes critical flaws in Secure Email Gateway and SSM On-Prem (CVE-2024-20401, CVE-2024-20419)

Cisco, Don't miss, email security, Hot stuff, News, security update, vulnerability /

Cisco fixes critical flaws in Secure Email Gateway and SSM On-Prem (CVE-2024-20401, CVE-2024-20419) 2024-07-18 at 12:16 By Zeljka Zorz Cisco has fixed two critical vulnerabilities that may allow attackers to overwrite files on its Secure Email Gateways (CVE-2024-20401) and change the password of any user on its Smart Software Manager On-Prem license servers (CVE-2024-20419). Neither

React to this headline:

Loading spinner

Cisco fixes critical flaws in Secure Email Gateway and SSM On-Prem (CVE-2024-20401, CVE-2024-20419) Read More »

Apache HugeGraph Vulnerability Exploited in Wild

Apache HugeGraph, exploited, Vulnerabilities, vulnerability /

Apache HugeGraph Vulnerability Exploited in Wild 2024-07-17 at 14:16 By Eduard Kovacs A recently patched Apache HugeGraph-Server vulnerability tracked as CVE-2024-27348 is being targeted in attacks. The post Apache HugeGraph Vulnerability Exploited in Wild appeared first on SecurityWeek. This article is an excerpt from SecurityWeek RSS Feed View Original Source React to this headline:

React to this headline:

Loading spinner

Apache HugeGraph Vulnerability Exploited in Wild Read More »

Critical Exim vulnerability facilitates malware delivery (CVE-2024-39929)

Censys, CVE, Don't miss, email security, Exim, Hot stuff, Malware, News, vulnerability /

Critical Exim vulnerability facilitates malware delivery (CVE-2024-39929) 2024-07-15 at 14:20 By Zeljka Zorz The maintainers of the Exim mail transfer agent (MTA) have fixed a critical vulnerability (CVE-2024-39929) that currently affects around 1.5 million public-facing servers and can help attackers deliver malware to users. About CVE-2024-39929 The vulnerability stems from a bug in RFC 2231

React to this headline:

Loading spinner

Critical Exim vulnerability facilitates malware delivery (CVE-2024-39929) Read More »

Critical Exim Flaw Allows Attackers to Deliver Malicious Executables to Mailboxes

email security, Exim, Vulnerabilities, vulnerability /

Critical Exim Flaw Allows Attackers to Deliver Malicious Executables to Mailboxes 2024-07-12 at 18:31 By Ionut Arghire Successful exploitation could allow attackers to deliver executable attachments to inboxes. The post Critical Exim Flaw Allows Attackers to Deliver Malicious Executables to Mailboxes appeared first on SecurityWeek. This article is an excerpt from SecurityWeek RSS Feed View

React to this headline:

Loading spinner

Critical Exim Flaw Allows Attackers to Deliver Malicious Executables to Mailboxes Read More »

Zero-day patched by Microsoft has been exploited by attackers for over a year (CVE-2024-38112)

0-day, Check Point, CVE, Don't miss, Hot stuff, Internet Explorer, Morphisec, MS Office, News, vulnerability /

Zero-day patched by Microsoft has been exploited by attackers for over a year (CVE-2024-38112) 2024-07-10 at 15:46 By Zeljka Zorz CVE-2024-38112, a spoofing vulnerability in Windows MSHTML Platform for which Microsoft has released a fix on Tuesday, has likely been exploited by attackers in the wild for over a year, Check Point researcher Haifei Li

React to this headline:

Loading spinner

Zero-day patched by Microsoft has been exploited by attackers for over a year (CVE-2024-38112) Read More »

Microsoft fixes two zero-days exploited by attackers (CVE-2024-38080, CVE-2024-38112)

0-day, Action1, Automox, CVE, Don't miss, Hot stuff, Microsoft, MS SQL Server, News, Patch Tuesday, security update, Trend Micro, virtualization, vulnerability, Windows /

Microsoft fixes two zero-days exploited by attackers (CVE-2024-38080, CVE-2024-38112) 2024-07-09 at 22:31 By Zeljka Zorz For July 2024 Patch Tuesday, Microsoft has released security updates and patches that fix 142 CVEs, including two exploited zero-days (CVE-2024-38080, CVE-2024-38112) in Windows Hyper-V and Windows MSHTML Platform (respectively). Zero-days exploited in the wild (CVE-2024-38080, CVE-2024-38112) CVE-2024-38080 is a

React to this headline:

Loading spinner

Microsoft fixes two zero-days exploited by attackers (CVE-2024-38080, CVE-2024-38112) Read More »

Critical vulnerability in the RADIUS protocol leaves networking equipment open to attack

Don't miss, FreeRADIUS, Hot stuff, InkBridge Networks, networking, News, vulnerability /

Critical vulnerability in the RADIUS protocol leaves networking equipment open to attack 2024-07-09 at 15:01 By Help Net Security A new critical security vulnerability in the RADIUS protocol, dubbed BlastRADIUS, leaves most networking equipment open to Man-in-the-Middle (MitM) attacks. While the vulnerability can be difficult to exploit, the possible impact of an exploit is substantial.

React to this headline:

Loading spinner

Critical vulnerability in the RADIUS protocol leaves networking equipment open to attack Read More »

Attackers Exploiting Remote Code Execution Vulnerability in Ghostscript

CVE-2024-29510, Vulnerabilities, vulnerability /

Attackers Exploiting Remote Code Execution Vulnerability in Ghostscript 2024-07-08 at 15:01 By Ionut Arghire Vulnerability in Ghostscript (CVE-2024-29510) allows attackers to bypass sandbox for remote code execution. The post Attackers Exploiting Remote Code Execution Vulnerability in Ghostscript appeared first on SecurityWeek. This article is an excerpt from SecurityWeek RSS Feed View Original Source React to

React to this headline:

Loading spinner

Attackers Exploiting Remote Code Execution Vulnerability in Ghostscript Read More »

Increase in the exploitation of Microsoft SmartScreen vulnerability CVE-2024-21412

exploit, vulnerability /

Increase in the exploitation of Microsoft SmartScreen vulnerability CVE-2024-21412 2024-07-05 at 16:48 By Neetha Key Takeaways  Overview  The Zero Day Initiative (ZDI) uncovered a sophisticated DarkGate campaign in mid-January 2024, exploiting CVE-2024-21412 through fake software installers. On February 13, 2024, Microsoft patched this Microsoft Defender SmartScreen vulnerability, which involved internet shortcuts. Later, the APT group

React to this headline:

Loading spinner

Increase in the exploitation of Microsoft SmartScreen vulnerability CVE-2024-21412 Read More »

regreSSHion OpenSSH Flaw: Potential Exploitation Attempts Seen, but Mass Attacks Unlikely

OpenSSH, regreSSHion, Vulnerabilities, vulnerability /

regreSSHion OpenSSH Flaw: Potential Exploitation Attempts Seen, but Mass Attacks Unlikely 2024-07-03 at 13:31 By Eduard Kovacs The critical OpenSSH vulnerability tracked as regreSSHion and CVE-2024-6387 may already be targeted by attackers, but mass exploitation is unlikely. The post regreSSHion OpenSSH Flaw: Potential Exploitation Attempts Seen, but Mass Attacks Unlikely appeared first on SecurityWeek. This

React to this headline:

Loading spinner

regreSSHion OpenSSH Flaw: Potential Exploitation Attempts Seen, but Mass Attacks Unlikely Read More »

Critical CocoaPods Flaws Exposed Many iOS, macOS Apps to Supply Chain Attacks 

Application Security, Vulnerabilities, vulnerability /

Critical CocoaPods Flaws Exposed Many iOS, macOS Apps to Supply Chain Attacks  2024-07-02 at 16:31 By Ionut Arghire EVA Information Security has shared details on three CocoaPods vulnerabilities impacting millions of macOS and iOS applications. The post Critical CocoaPods Flaws Exposed Many iOS, macOS Apps to Supply Chain Attacks  appeared first on SecurityWeek. This article

React to this headline:

Loading spinner

Critical CocoaPods Flaws Exposed Many iOS, macOS Apps to Supply Chain Attacks  Read More »

Critical Flaw in PTC License Server Can Allow Lateral Movement in Industrial Organizations

ICS, ICS/OT, PTC, vulnerability /

Critical Flaw in PTC License Server Can Allow Lateral Movement in Industrial Organizations 2024-07-02 at 12:16 By Eduard Kovacs PTC has patched a critical vulnerability in the Creo Elements/Direct License Server that can be exploited for unauthenticated command execution. The post Critical Flaw in PTC License Server Can Allow Lateral Movement in Industrial Organizations appeared

React to this headline:

Loading spinner

Critical Flaw in PTC License Server Can Allow Lateral Movement in Industrial Organizations Read More »

Juniper Networks Warns of Critical Authentication Bypass Vulnerability

Juniper, Vulnerabilities, vulnerability /

Juniper Networks Warns of Critical Authentication Bypass Vulnerability 2024-07-01 at 14:31 By Ionut Arghire Juniper Networks warns of a critical authentication bypass flaw impacting Session Smart routers and conductors. The post Juniper Networks Warns of Critical Authentication Bypass Vulnerability appeared first on SecurityWeek. This article is an excerpt from SecurityWeek RSS Feed View Original Source

React to this headline:

Loading spinner

Juniper Networks Warns of Critical Authentication Bypass Vulnerability Read More »

Fortra Patches Critical SQL Injection in FileCatalyst Workflow

Fortra, Vulnerabilities, vulnerability /

Fortra Patches Critical SQL Injection in FileCatalyst Workflow 2024-06-28 at 14:16 By Ionut Arghire Fortra has patched a critical-severity vulnerability in FileCatalyst Workflow leading to the creation of administrator accounts. The post Fortra Patches Critical SQL Injection in FileCatalyst Workflow appeared first on SecurityWeek. This article is an excerpt from SecurityWeek RSS Feed View Original

React to this headline:

Loading spinner

Fortra Patches Critical SQL Injection in FileCatalyst Workflow Read More »

CISA Warns of Exploited GeoServer, Linux Kernel, and Roundcube Vulnerabilities

CISA KEV, exploited, Vulnerabilities, vulnerability /

CISA Warns of Exploited GeoServer, Linux Kernel, and Roundcube Vulnerabilities 2024-06-27 at 15:31 By Ionut Arghire CISA on Wednesday warned that three older flaws in GeoServer, Linux kernel, and Roundcube webmail are exploited in the wild. The post CISA Warns of Exploited GeoServer, Linux Kernel, and Roundcube Vulnerabilities appeared first on SecurityWeek. This article is

React to this headline:

Loading spinner

CISA Warns of Exploited GeoServer, Linux Kernel, and Roundcube Vulnerabilities Read More »

PoC exploit for critical Fortra FileCatalyst flaw published (CVE-2024-5276)

CVE, Don't miss, exploit, file-sharing, Fortra, Hot stuff, MFT, News, PoC, SQL injection, Tenable, vulnerability /

PoC exploit for critical Fortra FileCatalyst flaw published (CVE-2024-5276) 2024-06-27 at 12:31 By Zeljka Zorz A critical SQL injection vulnerability in Fortra FileCatalyst Workflow (CVE-2024-5276) has been patched; a PoC exploit is already available online. While there’s currently no reports of in-the-wild exploitation, enterprise admins are advised to patch their installations as soon as possible.

React to this headline:

Loading spinner

PoC exploit for critical Fortra FileCatalyst flaw published (CVE-2024-5276) Read More »

75% of new vulnerabilities exploited within 19 days

CVE, cybersecurity, News, report, Skybox Security, survey, vulnerability, vulnerability management /

75% of new vulnerabilities exploited within 19 days 2024-06-27 at 06:31 By Help Net Security Last year alone, over 30,000 new vulnerabilities were published, with a new vulnerability emerging approximately every 17 minutes — averaging 600 new vulnerabilities per week, according to Skybox Security. The report highlights a critical gap in remediation efforts, with the

React to this headline:

Loading spinner

75% of new vulnerabilities exploited within 19 days Read More »

Siemens Sicam Vulnerabilities Could Facilitate Attacks on Energy Sector

energy, ICS, ICS/OT, Siemens, vulnerability /

Siemens Sicam Vulnerabilities Could Facilitate Attacks on Energy Sector 2024-06-26 at 13:01 By Eduard Kovacs Several vulnerabilities patched recently in Siemens Sicam products could be exploited in attacks aimed at the energy sector. The post Siemens Sicam Vulnerabilities Could Facilitate Attacks on Energy Sector appeared first on SecurityWeek. This article is an excerpt from SecurityWeek

React to this headline:

Loading spinner

Siemens Sicam Vulnerabilities Could Facilitate Attacks on Energy Sector Read More »

New security loophole allows spying on internet users’ online activity

attacks, cybersecurity, Don't miss, Graz University of Technology, Hot stuff, News, Privacy, research, vulnerability /

New security loophole allows spying on internet users’ online activity 2024-06-25 at 13:16 By Help Net Security Researchers at Graz University of Technology were able to spy on users’ online activities simply by monitoring fluctuations in the speed of their internet connection. This vulnerability, known as SnailLoad, does not require malicious code to exploit, and

React to this headline:

Loading spinner

New security loophole allows spying on internet users’ online activity Read More »

Scroll to Top