vulnerability

Vulnerability in R Programming Language Could Fuel Supply Chain Attacks

CVE-2024-27322, Featured, Vulnerabilities, vulnerability /

Vulnerability in R Programming Language Could Fuel Supply Chain Attacks 2024-04-30 at 17:16 By Ionut Arghire A vulnerability (CVE-2024-27322) in the R programming language implementation can be exploited to execute arbitrary and be used as part of a supply chain attack. The post Vulnerability in R Programming Language Could Fuel Supply Chain Attacks appeared first […]

React to this headline:

Loading spinner

Vulnerability in R Programming Language Could Fuel Supply Chain Attacks Read More »

PoC for critical Progress Flowmon vulnerability released (CVE-2024-2389)

Don't miss, enterprise, network monitoring, News, PoC, Progress, Rhino Security, vulnerability /

PoC for critical Progress Flowmon vulnerability released (CVE-2024-2389) 2024-04-24 at 15:01 By Zeljka Zorz More details of and a proof-of-concept exploit for an unauthenticated OS command injection vulnerability (CVE-2024-2389) in Flowmon, Progress Software’s network monitoring/analysis and security solution, have been published. The critical vulnerability has been disclosed and patched by Progress earlier this month. “Currently,

React to this headline:

Loading spinner

PoC for critical Progress Flowmon vulnerability released (CVE-2024-2389) Read More »

Cisco Says PoC Exploit Available for Newly Patched IMC Vulnerability

Cisco, Vulnerabilities, vulnerability /

Cisco Says PoC Exploit Available for Newly Patched IMC Vulnerability 2024-04-18 at 15:46 By Ionut Arghire Cisco patches a high-severity Integrated Management Controller vulnerability for which PoC exploit code is available. The post Cisco Says PoC Exploit Available for Newly Patched IMC Vulnerability appeared first on SecurityWeek. This article is an excerpt from SecurityWeek RSS

React to this headline:

Loading spinner

Cisco Says PoC Exploit Available for Newly Patched IMC Vulnerability Read More »

Ivanti patches critical Avalanche flaw exploitable via a simple message (CVE-2024-29204)

CVE, Don't miss, Hot stuff, Ivanti, News, remote management, Tenable, vulnerability /

Ivanti patches critical Avalanche flaw exploitable via a simple message (CVE-2024-29204) 2024-04-18 at 15:02 By Zeljka Zorz The newest version of Ivanti Avalanche – the company’s enterprise mobile device management (MDM) solution – carries fixes for 27 vulnerabilities, two of which (CVE-2024-29204, CVE-2024-24996) are critical and may allow a remote unauthenticated attacker to execute arbitrary

React to this headline:

Loading spinner

Ivanti patches critical Avalanche flaw exploitable via a simple message (CVE-2024-29204) Read More »

Palo Alto firewalls: Public exploits, rising attacks, ineffective mitigation

Don't miss, enterprise, exploit, firewall, GreyNoise, Hot stuff, News, Palo Alto Networks, PoC, security update, TrustedSec, Volexity, vulnerability, WatchTowr /

Palo Alto firewalls: Public exploits, rising attacks, ineffective mitigation 2024-04-17 at 12:31 By Zeljka Zorz While it initially seemed that protecting Palo Alto Network firewalls from attacks leveraging CVE-2024-3400 would be as easy a disabling the devices’ telemetry, it has now been comfirmed that this mitigation is ineffectual. “Device telemetry does not need to be

React to this headline:

Loading spinner

Palo Alto firewalls: Public exploits, rising attacks, ineffective mitigation Read More »

PuTTY vulnerability can be exploited to recover private keys (CVE-2024-31497)

Don't miss, Hot stuff, News, public-key cryptography, SSH, vulnerability /

PuTTY vulnerability can be exploited to recover private keys (CVE-2024-31497) 2024-04-16 at 19:46 By Zeljka Zorz A vulnerability (CVE-2024-31497) in PuTTY, a popular SSH and Telnet client, could allow attackers to recover NIST P-521 client keys due to the “heavily biased” ECDSA nonces (random values used once), researchers have discovered. “To be more precise, the

React to this headline:

Loading spinner

PuTTY vulnerability can be exploited to recover private keys (CVE-2024-31497) Read More »

Delinea Scrambles to Patch Critical Flaw After Failed Responsible Disclosure Attempt

Delinea, Featured, Vulnerabilities, vulnerability /

Delinea Scrambles to Patch Critical Flaw After Failed Responsible Disclosure Attempt 2024-04-16 at 13:46 By Eduard Kovacs PAM company Delinea over the weekend rushed to patch a critical authentication bypass vulnerability after it apparently ignored the researcher who found the flaw. The post Delinea Scrambles to Patch Critical Flaw After Failed Responsible Disclosure Attempt appeared

React to this headline:

Loading spinner

Delinea Scrambles to Patch Critical Flaw After Failed Responsible Disclosure Attempt Read More »

Juniper Networks Publishes Dozens of New Security Advisories

Juniper, Vulnerabilities, vulnerability /

Juniper Networks Publishes Dozens of New Security Advisories 2024-04-15 at 17:04 By Ionut Arghire Juniper Networks patches dozens of vulnerabilities in Junos OS, Junos OS Evolved, and other products. The post Juniper Networks Publishes Dozens of New Security Advisories appeared first on SecurityWeek. This article is an excerpt from SecurityWeek RSS Feed View Original Source

React to this headline:

Loading spinner

Juniper Networks Publishes Dozens of New Security Advisories Read More »

A critical vulnerability in Delinea Secret Server allows auth bypass, admin access

access management, Delinea, Don't miss, enterprise, Hot stuff, News, PoC, privileged accounts, vulnerability, vulnerability disclosure /

A critical vulnerability in Delinea Secret Server allows auth bypass, admin access 2024-04-15 at 14:46 By Zeljka Zorz Organizations with on-prem installations of Delinea Secret Server are urged to update them immediately, to plug a critical vulnerability that may allow attackers to bypass authentication, gain admin access and extract secrets. Fixing the Delinea Secret Server

React to this headline:

Loading spinner

A critical vulnerability in Delinea Secret Server allows auth bypass, admin access Read More »

CVE-2024-3400 exploited: Unit 42, Volexity share more details about the attacks

Don't miss, exploit, firewall, Hot stuff, News, Palo Alto Networks, Volexity, vulnerability /

CVE-2024-3400 exploited: Unit 42, Volexity share more details about the attacks 2024-04-12 at 22:16 By Zeljka Zorz Earlier today, Palo Alto Networks revealed that a critical command injection vulnerability (CVE-2024-3400) in the company’s firewalls has been exploited in limited attacks and has urged customers with vulnerable devices to quickly implement mitigations and workarounds. Palo Alto

React to this headline:

Loading spinner

CVE-2024-3400 exploited: Unit 42, Volexity share more details about the attacks Read More »

‘BatBadBut’ Command Injection Vulnerability Affects Multiple Programming Languages

Application Security, vulnerability /

‘BatBadBut’ Command Injection Vulnerability Affects Multiple Programming Languages 2024-04-12 at 14:31 By Ionut Arghire A critical vulnerability in multiple programming languages allows attackers to inject commands in Windows applications. The post ‘BatBadBut’ Command Injection Vulnerability Affects Multiple Programming Languages appeared first on SecurityWeek. This article is an excerpt from SecurityWeek RSS Feed View Original Source

React to this headline:

Loading spinner

‘BatBadBut’ Command Injection Vulnerability Affects Multiple Programming Languages Read More »

Palo Alto Networks firewalls under attack, hotfixes incoming! (CVE-2024-3400)

Don't miss, exploit, firewall, Hot stuff, News, Palo Alto Networks, Volexity, vulnerability /

Palo Alto Networks firewalls under attack, hotfixes incoming! (CVE-2024-3400) 2024-04-12 at 10:46 By Zeljka Zorz Attackers are exploiting a command injection vulnerability (CVE-2024-3400) affecting Palo Alto Networks’ firewalls, the company has warned, and urged customers to implement temporary mitigations and get in touch to check whether their devices have been compromised. “Palo Alto Networks is

React to this headline:

Loading spinner

Palo Alto Networks firewalls under attack, hotfixes incoming! (CVE-2024-3400) Read More »

Critical D-Link NAS vulnerability under active exploitation 

exploit, vulnerability /

Critical D-Link NAS vulnerability under active exploitation  2024-04-11 at 14:31 By neetha871ad236bd Cyble Global Sensor Intelligence observed active exploitation of critical D-Link Vulnerability  Recently, the security community has raised concerns regarding the vulnerabilities found in D-Link Network Attached Storage (NAS) devices. The vulnerabilities, identified as CVE-2024-3272 and CVE-2024-3273 were disclosed initially by an individual who

React to this headline:

Loading spinner

Critical D-Link NAS vulnerability under active exploitation  Read More »

Microsoft patches actively exploited security feature bypass vulnerability (CVE-2024-29988)

CISA, CVE, Don't miss, Hot stuff, Microsoft, News, Patch Tuesday, security update, SonicWall, Tenable, Trend Micro, vulnerability, vulnerability management /

Microsoft patches actively exploited security feature bypass vulnerability (CVE-2024-29988) 2024-04-09 at 22:35 By Zeljka Zorz On this April 2024 Patch Tuesday, Microsoft has fixed a record 147 CVE-numbered vulnerabilities, including CVE-2024-29988, a vulnerability that Microsoft hasn’t marked as exploited, but Peter Girnus, senior threat researcher with Trend Micro’s Zero Day Initiative (ZDI), has found being

React to this headline:

Loading spinner

Microsoft patches actively exploited security feature bypass vulnerability (CVE-2024-29988) Read More »

LG smart TVs may be taken over by remote attackers

Bitdefender, Don't miss, Hot stuff, Internet of Things, LG, News, security update, smart tv, vulnerability /

LG smart TVs may be taken over by remote attackers 2024-04-09 at 21:02 By Zeljka Zorz Bitdefender researchers have uncovered four vulnerabilities in webOS, the operating system running on LG smart TVs, which may offer attackers unrestricted (root) access to the devices. “Although the vulnerable service is intended for LAN access only, Shodan, the search

React to this headline:

Loading spinner

LG smart TVs may be taken over by remote attackers Read More »

92,000+ internet-facing D-Link NAS devices accessible via “backdoor” account (CVE-2024-3273)

D-Link, Don't miss, Hot stuff, NAS, News, vulnerability /

92,000+ internet-facing D-Link NAS devices accessible via “backdoor” account (CVE-2024-3273) 2024-04-08 at 12:01 By Zeljka Zorz A vulnerability (CVE-2024-3273) in four old D-Link NAS models could be exploited to compromise internet-facing devices, a threat researcher has found. The existence of the flaw was confirmed by D-Link last week, and an exploit for opening an interactive

React to this headline:

Loading spinner

92,000+ internet-facing D-Link NAS devices accessible via “backdoor” account (CVE-2024-3273) Read More »

Ivanti vows to transform its security operating model, reveals new vulnerabilities

Don't miss, enterprise, Hot stuff, Ivanti, News, VPN, vulnerability, vulnerability management /

Ivanti vows to transform its security operating model, reveals new vulnerabilities 2024-04-04 at 16:02 By Zeljka Zorz Ivanti has released patches for new DoS vulnerabilities affecting Ivanti Connect Secure (SSL VPN solution) and Ivanti Policy Secure (NAC solution), some of which could also lead to execution of arbitrary code or information disclosure. Also, three months

React to this headline:

Loading spinner

Ivanti vows to transform its security operating model, reveals new vulnerabilities Read More »

Critical Vulnerability in Progress Flowmon Allows Remote Access to Systems

Vulnerabilities, vulnerability /

Critical Vulnerability in Progress Flowmon Allows Remote Access to Systems 2024-04-04 at 15:33 By Ionut Arghire A critical OS command injection in Progress Flowmon can be exploited to gain remote, unauthenticated access to the system. The post Critical Vulnerability in Progress Flowmon Allows Remote Access to Systems appeared first on SecurityWeek. This article is an

React to this headline:

Loading spinner

Critical Vulnerability in Progress Flowmon Allows Remote Access to Systems Read More »

Critical Vulnerability Found in LayerSlider Plugin Installed on a Million WordPress Sites

Vulnerabilities, vulnerability, WordPress /

Critical Vulnerability Found in LayerSlider Plugin Installed on a Million WordPress Sites 2024-04-03 at 16:16 By Ionut Arghire A critical SQL injection vulnerability in the LayerSlider WordPress plugin allows attackers to extract sensitive information. The post Critical Vulnerability Found in LayerSlider Plugin Installed on a Million WordPress Sites appeared first on SecurityWeek. This article is

React to this headline:

Loading spinner

Critical Vulnerability Found in LayerSlider Plugin Installed on a Million WordPress Sites Read More »

XZ Utils backdoor update: Which Linux distros are affected and what can you do?

Alpine, backdoor, Debian, Don't miss, Fedora, Hot stuff, Kali Linux, Linux, Linux Mint, News, open source, Orca Security, Red Hat, supply chain attacks, Ubuntu, vulnerability /

XZ Utils backdoor update: Which Linux distros are affected and what can you do? 2024-03-31 at 21:01 By Zeljka Zorz The news that XZ Utils, a compression utility present in most Linux distributions, has been backdoored by a supposedly trusted maintainer has rattled the open-source software community on Friday, mere hours until the beginning of

React to this headline:

Loading spinner

XZ Utils backdoor update: Which Linux distros are affected and what can you do? Read More »

Scroll to Top