vulnerability

Zimbra Remote Code Execution Vulnerability Under Active Attack

vulnerability /

Zimbra Remote Code Execution Vulnerability Under Active Attack 2024-10-03 at 11:31 By Paul Shread Key Takeaways Overview A critical vulnerability (CVE-2024-45519) in Zimbra’s postjournal service that allows unauthenticated remote command execution is under active attack. The vulnerability allows unsanitized user input to be passed to popen, enabling attackers to inject arbitrary commands. Patched versions add input sanitization and […]

React to this headline:

Loading spinner

Zimbra Remote Code Execution Vulnerability Under Active Attack Read More »

Critical Zimbra RCE vulnerability under mass exploitation (CVE-2024-45519)

CVE, Don't miss, exploit, Hot stuff, News, PoC, ProjectDiscovery, Proofpoint, Synacor, vulnerability /

Critical Zimbra RCE vulnerability under mass exploitation (CVE-2024-45519) 2024-10-02 at 14:16 By Zeljka Zorz Attackers are actively exploiting CVE-2024-45519, a critical Zimbra vulnerability that allows them to execute arbitrary commands on vulnerable installations. Proofpoint’s threat researchers say that the attacks started on September 28 – several weeks after Zimbra developers released patches for CVE-2024-45519 and

React to this headline:

Loading spinner

Critical Zimbra RCE vulnerability under mass exploitation (CVE-2024-45519) Read More »

Weekly IT Vulnerability Report: Cyble Urges Fixes for Ivanti, GitLab and Microchip

GitLab, Ivanti, Microchip, vulnerability /

Weekly IT Vulnerability Report: Cyble Urges Fixes for Ivanti, GitLab and Microchip 2024-10-01 at 09:31 By dakshsharma16 Key Takeaways Overview Cyble Research and Intelligence Labs (CRIL) researchers this week investigated 15 vulnerabilities of particular significance for IT teams, and identified three that merit high-priority patching. Cyble’s Sept. 18-24 Weekly Vulnerability Insights Report for subscribers also

React to this headline:

Loading spinner

Weekly IT Vulnerability Report: Cyble Urges Fixes for Ivanti, GitLab and Microchip Read More »

Cyble Honeypot Sensors Detect WordPress Plugin Attack, New Banking Trojan

Banking Trojan, Honeypot, vulnerability, WordPress /

Cyble Honeypot Sensors Detect WordPress Plugin Attack, New Banking Trojan 2024-10-01 at 08:46 By dakshsharma16 Key Takeaways Overview Cyble’s Threat Hunting service this week discovered multiple instances of exploit attempts, malware intrusions, financial fraud, and brute-force attacks via its network of Honeypot sensors. In the week of Sept. 18-24, Cyble researchers identified five recent active exploits, including new

React to this headline:

Loading spinner

Cyble Honeypot Sensors Detect WordPress Plugin Attack, New Banking Trojan Read More »

CUPS vulnerabilities affecting Linux, Unix systems can lead to RCE

CVE, Don't miss, Hot stuff, Linux, News, PoC, Rapid7, Red Hat, Tenable, vulnerability /

CUPS vulnerabilities affecting Linux, Unix systems can lead to RCE 2024-09-27 at 13:31 By Zeljka Zorz After much hyping and following prematurely leaked information by a third party, security researcher Simone Margaritelli has released details about four zero-day vulnerabilities in the Common UNIX Printing System (CUPS) that can be abused by remote, unauthenticated attackers to

React to this headline:

Loading spinner

CUPS vulnerabilities affecting Linux, Unix systems can lead to RCE Read More »

Remote Code Execution, DoS Vulnerabilities Patched in OpenPLC

ICS, ICS/OT, OpenPLC, PLC, vulnerability /

Remote Code Execution, DoS Vulnerabilities Patched in OpenPLC 2024-09-26 at 18:16 By Eduard Kovacs Critical and high-severity vulnerabilities that can be exploited for DoS attacks and remote code execution have been patched in OpenPLC. The post Remote Code Execution, DoS Vulnerabilities Patched in OpenPLC appeared first on SecurityWeek. This article is an excerpt from SecurityWeek

React to this headline:

Loading spinner

Remote Code Execution, DoS Vulnerabilities Patched in OpenPLC Read More »

Cisco Patches High-Severity Vulnerabilities in IOS Software

Cisco, Vulnerabilities, vulnerability /

Cisco Patches High-Severity Vulnerabilities in IOS Software 2024-09-26 at 16:16 By Ionut Arghire Cisco has released patches for seven high-severity vulnerabilities affecting products running IOS and IOS XE software. The post Cisco Patches High-Severity Vulnerabilities in IOS Software appeared first on SecurityWeek. This article is an excerpt from SecurityWeek RSS Feed View Original Source React

React to this headline:

Loading spinner

Cisco Patches High-Severity Vulnerabilities in IOS Software Read More »

The number of Android memory safety vulnerabilities has tumbled, and here’s why

Android, code, cybersecurity, Don't miss, Hot stuff, News, programming, software development, vulnerability /

The number of Android memory safety vulnerabilities has tumbled, and here’s why 2024-09-26 at 15:32 By Zeljka Zorz Google’s decision to write new code into Android’s codebase in Rust, a memory-safe programming language, has resulted in a significant drop in memory safety vulnerabilities, despite old code (written in C/C++) not having been rewritten. The number

React to this headline:

Loading spinner

The number of Android memory safety vulnerabilities has tumbled, and here’s why Read More »

Urgent Security Advisory: CVE-2024-7593 Exposes Ivanti VTM to Attacks

CVE-2024-7593, Ivanti, vulnerability /

Urgent Security Advisory: CVE-2024-7593 Exposes Ivanti VTM to Attacks 2024-09-25 at 20:16 By dakshsharma16 Overview The Cybersecurity Infrastructure and Security Agency (CISA) and Ivanti have shared an update advisory highlighting a critical authentication bypass vulnerability, CVE-2024-7593, in Ivanti’s Virtual Traffic Manager (VTM). This vulnerability has garnered attention due to its inclusion in the CISA’s Known

React to this headline:

Loading spinner

Urgent Security Advisory: CVE-2024-7593 Exposes Ivanti VTM to Attacks Read More »

Apex Softcell Flaws Could Lead to Unauthorized Transactions, CERT-In Warns

Apex Softcell, vulnerability /

Apex Softcell Flaws Could Lead to Unauthorized Transactions, CERT-In Warns 2024-09-25 at 19:17 By dakshsharma16 Overview The Indian Computer Emergency Response Team (CERT-In) has warned users about five high-severity vulnerabilities in Apex Softcell’s mobile stock trading and back-office platforms. The 32-year-old private company focuses on products and solutions for capital markets and the financial industry,

React to this headline:

Loading spinner

Apex Softcell Flaws Could Lead to Unauthorized Transactions, CERT-In Warns Read More »

PoC for critical SolarWinds Web Help Desk vulnerability released (CVE-2024-28987)

CVE, Don't miss, education, enterprise, Government, Horizon3.ai, Hot stuff, MSP, News, PoC, SMBs, SolarWinds, vulnerability /

PoC for critical SolarWinds Web Help Desk vulnerability released (CVE-2024-28987) 2024-09-25 at 17:17 By Zeljka Zorz Details about and proof-of-concept (PoC) exploit code for CVE-2024-28987, a recently patched SolarWinds Web Help Desk (WHD) vulnerability that could be exploited by unauthenticated attackers to remotely read and modify all help desk ticket details, are now public. “When

React to this headline:

Loading spinner

PoC for critical SolarWinds Web Help Desk vulnerability released (CVE-2024-28987) Read More »

Ivanti vTM auth bypass flaw exploited in attacks, CISA warns (CVE-2024-7593)

CVE, Don't miss, enterprise, exploit, Hot stuff, Ivanti, News, PoC, vulnerability /

Ivanti vTM auth bypass flaw exploited in attacks, CISA warns (CVE-2024-7593) 2024-09-25 at 12:46 By Zeljka Zorz CVE-2024-7593, a critical authentication bypass vulnerability affecting Ivanti Virtual Traffic Manager (vTM) appliances, is actively exploited by attackers. The confirmation comes from the Cybersecurity and Infrastructure Security Agency (CISA), which added the flaw to its Known Exploited Vulnerabilities

React to this headline:

Loading spinner

Ivanti vTM auth bypass flaw exploited in attacks, CISA warns (CVE-2024-7593) Read More »

Critical Vulnerability Discovered in Versa Director: What Organizations Need to Know

CVE-2024-45229, Versa Director, vulnerability /

Critical Vulnerability Discovered in Versa Director: What Organizations Need to Know 2024-09-24 at 10:46 By dakshsharma16 Overview The Cybersecurity and Infrastructure Security Agency (CISA) has highlighted a vulnerability in Versa Networks’ Versa Director, a centralized management platform for Secure SD-WAN and SASE solutions. This vulnerability, identified as CVE-2024-45229, stems from improper input validation and affects

React to this headline:

Loading spinner

Critical Vulnerability Discovered in Versa Director: What Organizations Need to Know Read More »

Versa Networks Patches Vulnerability Exposing Authentication Tokens

Versa Director, Vulnerabilities, vulnerability /

Versa Networks Patches Vulnerability Exposing Authentication Tokens 2024-09-23 at 15:01 By Ionut Arghire Versa Networks has released patches for a Versa Director vulnerability for which proof-of-concept (PoC) code exists. The post Versa Networks Patches Vulnerability Exposing Authentication Tokens appeared first on SecurityWeek. This article is an excerpt from SecurityWeek RSS Feed View Original Source React

React to this headline:

Loading spinner

Versa Networks Patches Vulnerability Exposing Authentication Tokens Read More »

Cyble Sensor Intelligence: Attacks, Phishing Scams and Brute-Force Detections

Malware, phishing, vulnerability /

Cyble Sensor Intelligence: Attacks, Phishing Scams and Brute-Force Detections 2024-09-20 at 17:31 By dakshsharma16 Key Takeaways Overview The Cyble Global Sensor Intelligence Network, or CGSI, monitors and captures real-time attack data through Cyble’s network of Honeypot sensors. This week, Cyble’s Threat Hunting service discovered and investigated dozens of exploit attempts, malware intrusions, financial fraud, and brute-force attacks. 

React to this headline:

Loading spinner

Cyble Sensor Intelligence: Attacks, Phishing Scams and Brute-Force Detections Read More »

HED: Weekly IT Vulnerability Report for September 11 – September 17, 2024

vulnerability /

HED: Weekly IT Vulnerability Report for September 11 – September 17, 2024 2024-09-20 at 12:16 By dakshsharma16 Key Takeaways Overview This Weekly Vulnerability Intelligence Report explores vulnerability updates between September 11 and September 17. The Cyble Research and Intelligence Labs team investigated 24 vulnerabilities this week, among other disclosed vulnerabilities, to present critical, high, and

React to this headline:

Loading spinner

HED: Weekly IT Vulnerability Report for September 11 – September 17, 2024 Read More »

Atlassian Patches Vulnerabilities in Bamboo, Bitbucket, Confluence, Crowd

Atlassian, Vulnerabilities, vulnerability /

Atlassian Patches Vulnerabilities in Bamboo, Bitbucket, Confluence, Crowd 2024-09-19 at 15:46 By Ionut Arghire Atlassian’s September 2024 monthly security bulletin details multiple high-severity vulnerabilities in four products. The post Atlassian Patches Vulnerabilities in Bamboo, Bitbucket, Confluence, Crowd appeared first on SecurityWeek. This article is an excerpt from SecurityWeek RSS Feed View Original Source React to

React to this headline:

Loading spinner

Atlassian Patches Vulnerabilities in Bamboo, Bitbucket, Confluence, Crowd Read More »

Patch this critical Safeguard for Privileged Passwords auth bypass flaw (CVE-2024-45488)

access management, AmberWolf, CVE, Don't miss, enterprise, Hot stuff, News, One Identity, vulnerability /

Patch this critical Safeguard for Privileged Passwords auth bypass flaw (CVE-2024-45488) 2024-09-19 at 15:31 By Zeljka Zorz Researchers have released technical details about CVE-2024-45488, a critical authentication bypass vulnerability affecting One Identity’s Safeguard for Privileged Passwords (SPP), which could allow attackers to gain full administrative access to the virtual appliance. “Once an attacker has gained

React to this headline:

Loading spinner

Patch this critical Safeguard for Privileged Passwords auth bypass flaw (CVE-2024-45488) Read More »

GitLab Patches Critical Authentication Bypass Vulnerability

GitLab, Vulnerabilities, vulnerability /

GitLab Patches Critical Authentication Bypass Vulnerability 2024-09-19 at 13:16 By Ionut Arghire GitLab has patched a critical-severity SAML authentication bypass affecting both Community Edition (CE) and Enterprise Edition (EE) instances. The post GitLab Patches Critical Authentication Bypass Vulnerability appeared first on SecurityWeek. This article is an excerpt from SecurityWeek RSS Feed View Original Source React

React to this headline:

Loading spinner

GitLab Patches Critical Authentication Bypass Vulnerability Read More »

CISA Adds Progress WhatsUp Gold and MSHTML Vulnerabilities to Known Exploited Vulnerabilities Catalog

MSHTML, vulnerability, WhatsUp Gold /

CISA Adds Progress WhatsUp Gold and MSHTML Vulnerabilities to Known Exploited Vulnerabilities Catalog 2024-09-19 at 09:18 By dakshsharma16 Key Takeaways Overview The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added vulnerabilities affecting the Microsoft Windows MSHTML Platform and Progress WhatsUp Gold network monitoring solution to its Known Exploited Vulnerabilities catalog (KEV) after proofs of

React to this headline:

Loading spinner

CISA Adds Progress WhatsUp Gold and MSHTML Vulnerabilities to Known Exploited Vulnerabilities Catalog Read More »

Scroll to Top