vulnerability

Atlassian Patches Critical Vulnerability in Bamboo Data Center and Server

Atlassian, Vulnerabilities, vulnerability /

Atlassian Patches Critical Vulnerability in Bamboo Data Center and Server 2024-03-20 at 16:46 By Ionut Arghire Atlassian releases patches for two dozen vulnerabilities, including a critical-severity bug in Bamboo Data Center and Server. The post Atlassian Patches Critical Vulnerability in Bamboo Data Center and Server appeared first on SecurityWeek. This article is an excerpt from […]

React to this headline:

Loading spinner

Atlassian Patches Critical Vulnerability in Bamboo Data Center and Server Read More »

Chrome 123, Firefox 124 Patch Serious Vulnerabilities

Chrome, Firefox, Vulnerabilities, vulnerability /

Chrome 123, Firefox 124 Patch Serious Vulnerabilities 2024-03-20 at 15:01 By Ionut Arghire Chrome and Firefox security updates released on Tuesday resolve a critical-severity and multiple high-severity vulnerabilities. The post Chrome 123, Firefox 124 Patch Serious Vulnerabilities appeared first on SecurityWeek. This article is an excerpt from SecurityWeek RSS Feed View Original Source React to

React to this headline:

Loading spinner

Chrome 123, Firefox 124 Patch Serious Vulnerabilities Read More »

NIST’s NVD has encountered a problem

Chainguard, Don't miss, enterprise, Hot stuff, News, NIST, Qualys, Rapid7, vulnerability, vulnerability management /

NIST’s NVD has encountered a problem 2024-03-19 at 15:47 By Zeljka Zorz Whether the cause is insurmountable technical debt, lack of funds, a third reason or all of them, NIST’s National Vulnerability Database (NVD) is struggling, and it’s affecting vulnerability management efforts. What happened? Anyone who regularly uses the NVD as a source of information

React to this headline:

Loading spinner

NIST’s NVD has encountered a problem Read More »

PoC exploit for critical Fortra FileCatalyst MFT vulnerability released (CVE-2024-25153)

Don't miss, exploit, Fortra, Hot stuff, News, PoC, security update, vulnerability /

PoC exploit for critical Fortra FileCatalyst MFT vulnerability released (CVE-2024-25153) 2024-03-19 at 14:01 By Helga Labus Proof-of-concept (PoC) exploit code for a critical RCE vulnerability (CVE-2024-25153) in Fortra FileCatalyst MFT solution has been published. About CVE-2024-25153 Fortra FileCatalyst is an enterprise managed file transfer (MFT) software solution that includes several components: FileCatalyst Direct, Workflow, and

React to this headline:

Loading spinner

PoC exploit for critical Fortra FileCatalyst MFT vulnerability released (CVE-2024-25153) Read More »

Pentagon Received Over 50,000 Vulnerability Reports Since 2016

bug bounty program, Pentagon, Vulnerabilities, vulnerability /

Pentagon Received Over 50,000 Vulnerability Reports Since 2016 2024-03-18 at 15:17 By Ionut Arghire Since 2016, the US DoD has received over 50,000 submissions through its vulnerability disclosure program. The post Pentagon Received Over 50,000 Vulnerability Reports Since 2016 appeared first on SecurityWeek. This article is an excerpt from SecurityWeek RSS Feed View Original Source

React to this headline:

Loading spinner

Pentagon Received Over 50,000 Vulnerability Reports Since 2016 Read More »

PoC Published for Critical Fortra Code Execution Vulnerability

Fortra, Vulnerabilities, vulnerability /

PoC Published for Critical Fortra Code Execution Vulnerability 2024-03-18 at 13:46 By Ionut Arghire A critical directory traversal vulnerability in Fortra FileCatalyst Workflow could lead to remote code execution. The post PoC Published for Critical Fortra Code Execution Vulnerability appeared first on SecurityWeek. This article is an excerpt from SecurityWeek RSS Feed View Original Source

React to this headline:

Loading spinner

PoC Published for Critical Fortra Code Execution Vulnerability Read More »

CGSI Probes: ShadowSyndicate Group’s Possible Exploitation of Aiohttp Vulnerability (CVE-2024-23334) 

exploit, vulnerability /

CGSI Probes: ShadowSyndicate Group’s Possible Exploitation of Aiohttp Vulnerability (CVE-2024-23334)  2024-03-15 at 11:01 By neetha871ad236bd CGSI captures potential exploitation of an Aiohttp vulnerability by the ShadowSyndicate Group. The post CGSI Probes: ShadowSyndicate Group’s Possible Exploitation of Aiohttp Vulnerability (CVE-2024-23334)  appeared first on Cyble. This article is an excerpt from Cyble View Original Source React to

React to this headline:

Loading spinner

CGSI Probes: ShadowSyndicate Group’s Possible Exploitation of Aiohttp Vulnerability (CVE-2024-23334)  Read More »

Critical FortiClient EMS vulnerability fixed, (fake?) PoC for sale (CVE-2023-48788)

Don't miss, endpoint management, Fortinet, Horizon3.ai, Hot stuff, News, PoC, SANS ISC, vulnerability /

Critical FortiClient EMS vulnerability fixed, (fake?) PoC for sale (CVE-2023-48788) 2024-03-14 at 16:36 By Zeljka Zorz A recently fixed SQL injection vulnerability (CVE-2023-48788) in Fortinet’s FortiClient Endpoint Management Server (EMS) solution has apparently piqued the interest of many: Horizon3’s Attack Team means to publish technical details and a proof-of-concept exploit for it next week, and

React to this headline:

Loading spinner

Critical FortiClient EMS vulnerability fixed, (fake?) PoC for sale (CVE-2023-48788) Read More »

BSAM: Open-source methodology for Bluetooth security assessment

Bluetooth, Bluetooth Low Energy, consumer, Don't miss, enterprise, Hot stuff, News, security auditing, SMBs, Tarlogic, vulnerability, wireless /

BSAM: Open-source methodology for Bluetooth security assessment 2024-03-13 at 08:39 By Zeljka Zorz Many wireless headsets using Bluetooth technology have vulnerabilities that may allow malicious individuals to covertly listen in on private conversations, Tarlogic Security researchers have demonstrated last week at RootedCON in Madrid. “Many of the examples presented during the conference were real tests

React to this headline:

Loading spinner

BSAM: Open-source methodology for Bluetooth security assessment Read More »

Exploited Building Access System Vulnerability Patched 5 Years After Disclosure

building, exploited, Featured, ICS/OT, IoT Security, vulnerability /

Exploited Building Access System Vulnerability Patched 5 Years After Disclosure 2024-03-12 at 13:18 By Eduard Kovacs Vulnerabilities affecting a Nice Linear physical access product, including an exploited flaw, patched five years after their disclosure. The post Exploited Building Access System Vulnerability Patched 5 Years After Disclosure appeared first on SecurityWeek. This article is an excerpt

React to this headline:

Loading spinner

Exploited Building Access System Vulnerability Patched 5 Years After Disclosure Read More »

Hackers leverage 1-day vulnerabilities to deliver custom Linux malware

backdoor, Check Point, Don't miss, exploit, Hot stuff, Linux, Malware, News, vulnerability, Windows /

Hackers leverage 1-day vulnerabilities to deliver custom Linux malware 2024-03-12 at 11:01 By Helga Labus A financially motivated threat actor is using known vulnerabilities to target public-facing services and deliver custom malware to unpatched Windows and Linux systems. Among the exploited vulnerabilities are also two recently discovered Ivanti Connect Secure VPN flaws that are widely

React to this headline:

Loading spinner

Hackers leverage 1-day vulnerabilities to deliver custom Linux malware Read More »

Cisco patches Secure Client VPN flaw that could reveal authentication tokens (CVE-2024-20337)

access point, Cisco, Don't miss, enterprise, Hot stuff, News, security update, SMBs, VPN, vulnerability /

Cisco patches Secure Client VPN flaw that could reveal authentication tokens (CVE-2024-20337) 2024-03-08 at 13:03 By Zeljka Zorz Cisco has fixed two high-severity vulnerabilities affecting its Cisco Secure Client enterprise VPN and endpoint security solution, one of which (CVE-2024-20337) could be exploited by unauthenticated, remote attackers to grab users’ valid SAML authentication token. “The attacker

React to this headline:

Loading spinner

Cisco patches Secure Client VPN flaw that could reveal authentication tokens (CVE-2024-20337) Read More »

VMware patches critical flaws in ESXi, Workstation, Fusion and Cloud Foundation

Don't miss, Hot stuff, News, sandbox, security update, VMWare, vulnerability /

VMware patches critical flaws in ESXi, Workstation, Fusion and Cloud Foundation 2024-03-07 at 15:07 By Helga Labus VMware has fixed four vulnerabilities (CVE-2024-22252, CVE-2024-22253, CVE-2024-22254, CVE-2024-22255) in ESXi, Workstation, Fusion and Cloud Foundation, some of which could allow attackers to escape the sandbox and execute code on the host machine. About the vulnerabilities VMware ESXi

React to this headline:

Loading spinner

VMware patches critical flaws in ESXi, Workstation, Fusion and Cloud Foundation Read More »

JetBrains TeamCity Authentication Bypass vulnerability under Active Exploitation

exploit, vulnerability /

JetBrains TeamCity Authentication Bypass vulnerability under Active Exploitation 2024-03-07 at 12:25 By neetha871ad236bd Cyble Global Sensor Intelligence observes active exploitation of JetBrains TeamCity Authentication Bypass vulnerability. The post JetBrains TeamCity Authentication Bypass vulnerability under Active Exploitation appeared first on Cyble. This article is an excerpt from Cyble View Original Source React to this headline:

React to this headline:

Loading spinner

JetBrains TeamCity Authentication Bypass vulnerability under Active Exploitation Read More »

Critical vulnerabilities in TeamCity JetBrains fixed, release of technical details imminent, patch quickly! (CVE-2024-27198, CVE-2024-27199)

continuous integration, DevOps, Don't miss, Hot stuff, JetBrains, News, Rapid7, security update, software development, vulnerability /

Critical vulnerabilities in TeamCity JetBrains fixed, release of technical details imminent, patch quickly! (CVE-2024-27198, CVE-2024-27199) 2024-03-04 at 18:07 By Zeljka Zorz JetBrains has fixed two critical security vulnerabilities (CVE-2024-27198, CVE-2024-27199) affecting TeamCity On-Premises and is urging customers to patch them immediately. “Rapid7 originally identified and reported these vulnerabilities to us and has chosen to adhere

React to this headline:

Loading spinner

Critical vulnerabilities in TeamCity JetBrains fixed, release of technical details imminent, patch quickly! (CVE-2024-27198, CVE-2024-27199) Read More »

Hikvision Patches High-Severity Vulnerability in Security Management System

Hikvision, IoT Security, Vulnerabilities, vulnerability /

Hikvision Patches High-Severity Vulnerability in Security Management System 2024-03-04 at 15:47 By Ionut Arghire A high-severity vulnerability in HikCentral Professional could lead to unauthorized access to certain URLs. The post Hikvision Patches High-Severity Vulnerability in Security Management System appeared first on SecurityWeek. This article is an excerpt from SecurityWeek RSS Feed View Original Source React

React to this headline:

Loading spinner

Hikvision Patches High-Severity Vulnerability in Security Management System Read More »

Meta Patches Facebook Account Takeover Vulnerability

Facebook, Vulnerabilities, vulnerability /

Meta Patches Facebook Account Takeover Vulnerability 2024-02-29 at 16:34 By Eduard Kovacs Meta has patched a critical vulnerability that could have been exploited to take over any Facebook account via a brute-force attack. The post Meta Patches Facebook Account Takeover Vulnerability appeared first on SecurityWeek. This article is an excerpt from SecurityWeek RSS Feed View

React to this headline:

Loading spinner

Meta Patches Facebook Account Takeover Vulnerability Read More »

Cisco Patches High-Severity Vulnerabilities in Data Center OS

Cisco, Vulnerabilities, vulnerability /

Cisco Patches High-Severity Vulnerabilities in Data Center OS 2024-02-29 at 15:01 By Ionut Arghire Cisco’s semiannual FXOS and NX-OS security advisory bundle resolves two high- and two medium-severity vulnerabilities. The post Cisco Patches High-Severity Vulnerabilities in Data Center OS appeared first on SecurityWeek. This article is an excerpt from SecurityWeek RSS Feed View Original Source

React to this headline:

Loading spinner

Cisco Patches High-Severity Vulnerabilities in Data Center OS Read More »

ScreenConnect flaws exploited to deliver all kinds of malware (CVE-2024-1709, CVE-2024-1708)

ConnectWise, Don't miss, enterprise, exploit, Hot stuff, Huntress, Malware, Mandiant, News, Ransomware, remote access, remote management, Sophos, vulnerability /

ScreenConnect flaws exploited to deliver all kinds of malware (CVE-2024-1709, CVE-2024-1708) 2024-02-26 at 13:36 By Zeljka Zorz The recently patched vulnerabilities (CVE-2024-1709, CVE-2024-1708) in ConnectWise ScreenConnect software are being exploited by numerous attackers to deliver a variety of malicious payloads. About ConnectWise ScreenConnect ConnectWise ScreenConnect is a remote desktop solution consisting of server and client

React to this headline:

Loading spinner

ScreenConnect flaws exploited to deliver all kinds of malware (CVE-2024-1709, CVE-2024-1708) Read More »

Attackers exploiting ConnectWise ScreenConnect flaws, fixes available for all users (CVE-2024-1709, CVE-2024-1708)

ConnectWise, Don't miss, exploit, Hot stuff, Huntress, MSP, News, Palo Alto Networks, PoC, remote access, remote management, Shadowserver, vulnerability, WatchTowr /

Attackers exploiting ConnectWise ScreenConnect flaws, fixes available for all users (CVE-2024-1709, CVE-2024-1708) 2024-02-22 at 12:31 By Zeljka Zorz The two ScreenConnect vulnerabilities ConnectWise has recently urged customers to patch have finally been assigned CVE numbers: CVE-2024-1709 for the authentication bypass, CVE-2024-1708 for the path traversal flaw. ConnectWise has also released a newer version of ScreenConnect

React to this headline:

Loading spinner

Attackers exploiting ConnectWise ScreenConnect flaws, fixes available for all users (CVE-2024-1709, CVE-2024-1708) Read More »

Scroll to Top