vulnerability

Chrome, Firefox Updates Patch Serious Vulnerabilities 

Chrome, Firefox, Vulnerabilities, vulnerability /

Chrome, Firefox Updates Patch Serious Vulnerabilities  2024-08-07 at 11:31 By Eduard Kovacs A Chrome 127 update patches five vulnerabilities, and Firefox 129 addresses over a dozen security holes. The post Chrome, Firefox Updates Patch Serious Vulnerabilities  appeared first on SecurityWeek. This article is an excerpt from SecurityWeek RSS Feed View Original Source React to this […]

React to this headline:

Loading spinner

Chrome, Firefox Updates Patch Serious Vulnerabilities  Read More »

Researchers unearth MotW bypass technique used by threat actors for years

Don't miss, Elastic, Features, malware detection, Microsoft, News, security controls, vulnerability, Windows /

Researchers unearth MotW bypass technique used by threat actors for years 2024-08-06 at 14:31 By Zeljka Zorz Threat actors have been abusing a bug in how Windows handles LNK files with non-standard target paths and internal structures to prevent in-built protections from stopping malicious payloads and trick users into running them. “We identified multiple samples

React to this headline:

Loading spinner

Researchers unearth MotW bypass technique used by threat actors for years Read More »

Google Patches Android Zero-Day Exploited in Targeted Attacks

Android, exploited, Featured, Vulnerabilities, vulnerability, Zero-Day /

Google Patches Android Zero-Day Exploited in Targeted Attacks 2024-08-06 at 11:01 By Eduard Kovacs Google has patched CVE-2024-36971, a high-severity kernel zero-day vulnerability in Android that has been exploited in targeted attacks.  The post Google Patches Android Zero-Day Exploited in Targeted Attacks appeared first on SecurityWeek. This article is an excerpt from SecurityWeek RSS Feed

React to this headline:

Loading spinner

Google Patches Android Zero-Day Exploited in Targeted Attacks Read More »

From Weaponization to Victimization: Fallout from the ServiceNow Vulnerability

vulnerability /

From Weaponization to Victimization: Fallout from the ServiceNow Vulnerability 2024-08-06 at 10:16 By Cyble Threat Actors capitalize on ServiceNow vulnerability  ServiceNow is a cloud-based platform that provides enterprise service management (ESM) software. It is designed to help organizations manage digital workflows for enterprise operations.   ServiceNow offers a range of solutions, including IT Service Management (ITSM),

React to this headline:

Loading spinner

From Weaponization to Victimization: Fallout from the ServiceNow Vulnerability Read More »

From Weaponization to Victimization: Fallout from ServiceNow Vulnerability

vulnerability /

From Weaponization to Victimization: Fallout from ServiceNow Vulnerability 2024-08-06 at 10:01 By Cyble Threat Actors capitalize on ServiceNow vulnerability  ServiceNow is a cloud-based platform that provides enterprise service management (ESM) software. It is designed to help organizations manage digital workflows for enterprise operations.   ServiceNow offers a range of solutions, including IT Service Management (ITSM), IT

React to this headline:

Loading spinner

From Weaponization to Victimization: Fallout from ServiceNow Vulnerability Read More »

Critical Apache OFBiz pre-auth RCE flaw fixed, update ASAP! (CVE-2024-38856)

Apache OFBiz, CVE, Don't miss, enterprise, Hot stuff, News, open source, SonicWall, vulnerability /

Critical Apache OFBiz pre-auth RCE flaw fixed, update ASAP! (CVE-2024-38856) 2024-08-05 at 16:47 By Zeljka Zorz CVE-2024-38856, an incorrect authorization vulnerability affecting all but the latest version of Apache OFBiz, may be exploited by remote, unauthenticated attackers to execute arbitrary code on vulnerable systems. About CVE-2024-38856 Apache OFBiz is an open-source framework for enterprise resource

React to this headline:

Loading spinner

Critical Apache OFBiz pre-auth RCE flaw fixed, update ASAP! (CVE-2024-38856) Read More »

Apache OFBiz Users Warned of New and Exploited Vulnerabilities

Apache, OFBiz, Vulnerabilities, vulnerability /

Apache OFBiz Users Warned of New and Exploited Vulnerabilities 2024-08-05 at 15:01 By Eduard Kovacs Organizations are being warned of a newly discovered Apache OFBiz vulnerability as exploitation of another recent flaw is observed. The post Apache OFBiz Users Warned of New and Exploited Vulnerabilities appeared first on SecurityWeek. This article is an excerpt from

React to this headline:

Loading spinner

Apache OFBiz Users Warned of New and Exploited Vulnerabilities Read More »

CISA Warns of Avtech Camera Vulnerability Exploited in Wild

exploited, Vulnerabilities, vulnerability /

CISA Warns of Avtech Camera Vulnerability Exploited in Wild 2024-08-02 at 13:46 By Eduard Kovacs An Avtech camera vulnerability that likely remains unfixed has been exploited in the wild, according to CISA. The post CISA Warns of Avtech Camera Vulnerability Exploited in Wild appeared first on SecurityWeek. This article is an excerpt from SecurityWeek RSS

React to this headline:

Loading spinner

CISA Warns of Avtech Camera Vulnerability Exploited in Wild Read More »

Homebrew Security Audit Finds 25 Vulnerabilities

Application Security, audit, Homebrew, Vulnerabilities, vulnerability /

Homebrew Security Audit Finds 25 Vulnerabilities 2024-08-01 at 15:16 By Ionut Arghire Vulnerabilities in Homebrew could have allowed attackers to load executable code and modify binary builds, security audit finds. The post Homebrew Security Audit Finds 25 Vulnerabilities appeared first on SecurityWeek. This article is an excerpt from SecurityWeek RSS Feed View Original Source React

React to this headline:

Loading spinner

Homebrew Security Audit Finds 25 Vulnerabilities Read More »

VMware ESXi auth bypass zero-day exploited by ransomware operators (CVE-2024-37085)

CVE, Don't miss, enterprise, Hot stuff, Microsoft, News, Ransomware, virtualization, VMWare, vulnerability /

VMware ESXi auth bypass zero-day exploited by ransomware operators (CVE-2024-37085) 2024-07-30 at 14:01 By Zeljka Zorz Ransomware operators have been leveraging CVE-2024-37085, an authentication bypass vulnerability affecting Active Directory domain-joined VMware ESXi hypervisors, to gain full administrative access to them and encrypt their file system. VMware owner Broadcom has released a fix for CVE-2024-37085 on

React to this headline:

Loading spinner

VMware ESXi auth bypass zero-day exploited by ransomware operators (CVE-2024-37085) Read More »

Critical Acronis Cyber Infrastructure vulnerability exploited in the wild (CVE-2023-45249)

Acronis, CVE, Don't miss, Hot stuff, MSP, News, storage, vulnerability /

Critical Acronis Cyber Infrastructure vulnerability exploited in the wild (CVE-2023-45249) 2024-07-29 at 15:46 By Zeljka Zorz CVE-2023-45249, a critical vulnerability affecting older versions of Acronis Cyber Infrastructure, is being exploited by attackers. About Acronis Cyber Infrastructure Acronis is a privately held Swiss cybersecurity and data protection technology company. Acronis Cyber Infrastructure (ACI) is an IT

React to this headline:

Loading spinner

Critical Acronis Cyber Infrastructure vulnerability exploited in the wild (CVE-2023-45249) Read More »

PKfail Vulnerability Allows Secure Boot Bypass on Hundreds of Computer Models 

PKfail, secure boot, UEFI, Vulnerabilities, vulnerability /

PKfail Vulnerability Allows Secure Boot Bypass on Hundreds of Computer Models  2024-07-26 at 13:01 By Eduard Kovacs A vulnerability dubbed PKfail can allow attackers to run malicious code during the boot process, which can be used to deliver UEFI bootkits. The post PKfail Vulnerability Allows Secure Boot Bypass on Hundreds of Computer Models  appeared first

React to this headline:

Loading spinner

PKfail Vulnerability Allows Secure Boot Bypass on Hundreds of Computer Models  Read More »

Progress fixes critical RCE flaw in Telerik Report Server, upgrade ASAP! (CVE-2024-6327)

Code White, CVE, Don't miss, enterprise, Hot stuff, News, Progress, vulnerability /

Progress fixes critical RCE flaw in Telerik Report Server, upgrade ASAP! (CVE-2024-6327) 2024-07-26 at 09:46 By Zeljka Zorz Progress Software has fixed a critical vulnerability (CVE-2024-6327) in its Telerik Report Server solution and is urging users to upgrade as soon as possible. About CVE-2024-6327 (and CVE-2024-6096) Telerik Report Server is an enterprise solution for storing,

React to this headline:

Loading spinner

Progress fixes critical RCE flaw in Telerik Report Server, upgrade ASAP! (CVE-2024-6327) Read More »

BIND Updates Resolve High-Severity DoS Vulnerabilities

BIND, Vulnerabilities, vulnerability /

BIND Updates Resolve High-Severity DoS Vulnerabilities 2024-07-25 at 16:16 By Ionut Arghire The latest BIND security updates address remotely exploitable vulnerabilities leading to denial-of-service. The post BIND Updates Resolve High-Severity DoS Vulnerabilities appeared first on SecurityWeek. This article is an excerpt from SecurityWeek RSS Feed View Original Source React to this headline:

React to this headline:

Loading spinner

BIND Updates Resolve High-Severity DoS Vulnerabilities Read More »

Docker fixes critical auth bypass flaw, again (CVE-2024-41110)

containers, CVE, Docker, Don't miss, Hot stuff, News, security update, virtualization, vulnerability /

Docker fixes critical auth bypass flaw, again (CVE-2024-41110) 2024-07-25 at 15:01 By Zeljka Zorz A critical-severity Docker Engine vulnerability (CVE-2024-41110) may be exploited by attackers to bypass authorization plugins (AuthZ) via specially crafted API request, allowing them to perform unauthorized actions, including privilege escalation. About CVE-2024-41110 CVE-2024-41110 is a vulnerability that can be exploited remotely,

React to this headline:

Loading spinner

Docker fixes critical auth bypass flaw, again (CVE-2024-41110) Read More »

Nvidia Patches High-Severity Vulnerabilities in AI, Networking Products

NVIDIA, Vulnerabilities, vulnerability /

Nvidia Patches High-Severity Vulnerabilities in AI, Networking Products 2024-07-25 at 12:16 By Eduard Kovacs Nvidia has patched high-severity vulnerabilities in its Jetson, Mellanox OS, OnyX, Skyway, and MetroX products. The post Nvidia Patches High-Severity Vulnerabilities in AI, Networking Products appeared first on SecurityWeek. This article is an excerpt from SecurityWeek RSS Feed View Original Source

React to this headline:

Loading spinner

Nvidia Patches High-Severity Vulnerabilities in AI, Networking Products Read More »

Siemens Patches Power Grid Product Flaw Allowing Backdoor Deployment

ICS, ICS/OT, Siemens, Vulnerabilities, vulnerability /

Siemens Patches Power Grid Product Flaw Allowing Backdoor Deployment 2024-07-24 at 17:46 By Eduard Kovacs Siemens has released out-of-band updates to patch two potentially serious vulnerabilities in products used in energy supply.  The post Siemens Patches Power Grid Product Flaw Allowing Backdoor Deployment appeared first on SecurityWeek. This article is an excerpt from SecurityWeek RSS

React to this headline:

Loading spinner

Siemens Patches Power Grid Product Flaw Allowing Backdoor Deployment Read More »

Philips Discloses Multiple VUE PACS Vulnerabilities: Healthcare Sector Walking on Thin Ice 

vulnerability /

Philips Discloses Multiple VUE PACS Vulnerabilities: Healthcare Sector Walking on Thin Ice  2024-07-23 at 08:46 By Neetha Internet Exposed VUE PACS a Storm Brewing in Hindsight On July 18, 2024, Philips issued a security advisory addressing vulnerabilities within Philips Vue Picture Archiving and Communication System (PACS) versions prior to 12.2.8.410.   The Philips Vue PACS is

React to this headline:

Loading spinner

Philips Discloses Multiple VUE PACS Vulnerabilities: Healthcare Sector Walking on Thin Ice  Read More »

Recent Splunk Enterprise Vulnerability Easy to Exploit: Security Firm

Splunk, Vulnerabilities, vulnerability /

Recent Splunk Enterprise Vulnerability Easy to Exploit: Security Firm 2024-07-19 at 18:01 By Ionut Arghire SonicWall warns that a simple GET request is enough to exploit a recent Splunk Enterprise vulnerability. The post Recent Splunk Enterprise Vulnerability Easy to Exploit: Security Firm appeared first on SecurityWeek. This article is an excerpt from SecurityWeek RSS Feed

React to this headline:

Loading spinner

Recent Splunk Enterprise Vulnerability Easy to Exploit: Security Firm Read More »

Critical Splunk flaw can be exploited to grab passwords (CVE-2024-36991)

CVE, data analytics, Don't miss, enterprise, Hot stuff, News, security update, SonicWall, Splunk, vulnerability /

Critical Splunk flaw can be exploited to grab passwords (CVE-2024-36991) 2024-07-18 at 18:01 By Zeljka Zorz A recently fixed vulnerability (CVE-2024-36991) affecting Splunk Enterprise on Windows “is more severe than it initially appeared,” according to SonicWall’s threat researchers. Several PoC exploits have been published, including one by IT consultant Mohamed Nabil Ali that performs bulk

React to this headline:

Loading spinner

Critical Splunk flaw can be exploited to grab passwords (CVE-2024-36991) Read More »

Scroll to Top