vulnerability

Beware! Backdoor found in XZ utilities used by many Linux distros (CVE-2024-3094)

backdoor, CISA, CVE, Debian, Don't miss, Fedora, Hot stuff, Linux, News, open source, Red Hat, SUSE, vulnerability /

Beware! Backdoor found in XZ utilities used by many Linux distros (CVE-2024-3094) 2024-03-29 at 20:31 By Zeljka Zorz A vulnerability (CVE-2024-3094) in XZ Utils, the XZ format compression utilities included in most Linux distributions, may “enable a malicious actor to break sshd authentication and gain unauthorized access to the entire system remotely,” Red Hat warns. […]

React to this headline:

Loading spinner

Beware! Backdoor found in XZ utilities used by many Linux distros (CVE-2024-3094) Read More »

26 Security Issues Patched in TeamCity

TeamCity, Vulnerabilities, vulnerability /

26 Security Issues Patched in TeamCity 2024-03-29 at 13:17 By Eduard Kovacs JetBrains patches 26 security issues in TeamCity and takes steps to avoid malicious exploitation of vulnerabilities. The post 26 Security Issues Patched in TeamCity appeared first on SecurityWeek. This article is an excerpt from SecurityWeek RSS Feed View Original Source React to this

React to this headline:

Loading spinner

26 Security Issues Patched in TeamCity Read More »

Patch actively exploited Microsoft SharePoint bug, CISA orders federal agencies (CVE-2023-24955)

CISA, Don't miss, enterprise, Government, Hot stuff, News, Synopsys, vulnerability /

Patch actively exploited Microsoft SharePoint bug, CISA orders federal agencies (CVE-2023-24955) 2024-03-28 at 12:32 By Zeljka Zorz The Cybersecurity and Infrastructure Security Agency (CISA) has added CVE-2023-24955 – a code injection vulnerability that allows authenticated attackers to execute code remotely on a vulnerable Microsoft SharePoint Server – to its KEV catalog and is demanding that

React to this headline:

Loading spinner

Patch actively exploited Microsoft SharePoint bug, CISA orders federal agencies (CVE-2023-24955) Read More »

AI framework vulnerability is being used to compromise enterprise servers (CVE-2023-48022)

Anyscale, authentication, Bishop Fox, Don't miss, enterprise, Hot stuff, machine learning, News, Oligo Security, vulnerability /

AI framework vulnerability is being used to compromise enterprise servers (CVE-2023-48022) 2024-03-27 at 13:16 By Zeljka Zorz Attackers are leveraging a vulnerability (CVE-2023-48022) in Anyscale’s Ray AI software to compromise enterprise servers and saddle them with cryptominers and reverse shells. “To our knowledge, the attack started 7 months ago,” Avi Lumelsky, a researcher at Oligo

React to this headline:

Loading spinner

AI framework vulnerability is being used to compromise enterprise servers (CVE-2023-48022) Read More »

17,000+ Microsoft Exchange servers in Germany are vulnerable to attack, BSI warns

BSI, Don't miss, enterprise, Germany, Hot stuff, Microsoft Exchange, News, Shadowserver, vulnerability /

17,000+ Microsoft Exchange servers in Germany are vulnerable to attack, BSI warns 2024-03-26 at 15:31 By Zeljka Zorz Around 12% of the 45,000 or so Microsoft Exchange servers in Germany that can be accessed from the Internet without restrictions “are so outdated that security updates are no longer offered for them,” the German Federal Office

React to this headline:

Loading spinner

17,000+ Microsoft Exchange servers in Germany are vulnerable to attack, BSI warns Read More »

ParaSwap begins returning crypto after critical smart contract bug

DeFi, hack, ParaSwap, revoke, smart contract, vulnerability /

ParaSwap begins returning crypto after critical smart contract bug 2024-03-25 at 06:01 By Cointelegraph by Martin Young ParaSwap has now returned assets to wallets that have revoked their permissions to the AugustusV6 smart contract, which was found to have a critical vulnerability last week. This article is an excerpt from Cointelegraph.com News View Original Source

React to this headline:

Loading spinner

ParaSwap begins returning crypto after critical smart contract bug Read More »

Microsoft Patches Xbox Vulnerability Following Public Disclosure

Microsoft, Vulnerabilities, vulnerability, Xbox /

Microsoft Patches Xbox Vulnerability Following Public Disclosure 2024-03-21 at 15:46 By Eduard Kovacs Microsoft patches Xbox Gaming Services vulnerability CVE-2024-28916 after initially saying it was not a security issue. The post Microsoft Patches Xbox Vulnerability Following Public Disclosure appeared first on SecurityWeek. This article is an excerpt from SecurityWeek RSS Feed View Original Source React

React to this headline:

Loading spinner

Microsoft Patches Xbox Vulnerability Following Public Disclosure Read More »

Attackers are exploiting JetBrains TeamCity flaw to deliver a variety of malware

Don't miss, exploit, Hot stuff, JetBrains, Malware, News, Ransomware, Remote Access Trojan, Trend Micro, vulnerability /

Attackers are exploiting JetBrains TeamCity flaw to deliver a variety of malware 2024-03-21 at 12:01 By Helga Labus Attackers are exploiting the recently patched JetBrains TeamCity auth bypass vulnerability (CVE-2024-27198) to deliver ransomware, cryptominers and remote access trojans (RATs), according to Trend Micro researchers. The CVE-2024-27198 timeline CVE-2024-27198, an authentication bypass vulnerability affecting the TeamCity

React to this headline:

Loading spinner

Attackers are exploiting JetBrains TeamCity flaw to deliver a variety of malware Read More »

Ivanti fixes RCE vulnerability reported by NATO cybersecurity researchers (CVE-2023-41724)

Don't miss, enterprise, Hot stuff, Ivanti, NATO, News, security update, vulnerability /

Ivanti fixes RCE vulnerability reported by NATO cybersecurity researchers (CVE-2023-41724) 2024-03-20 at 21:01 By Zeljka Zorz Ivanti has fixed a critical RCE vulnerability (CVE-2023-41724) in Ivanti Standalone Sentry that has been reported by researchers with the NATO Cyber Security Centre. Though the company is not aware of customers being compromised via the flaw, it “strongly

React to this headline:

Loading spinner

Ivanti fixes RCE vulnerability reported by NATO cybersecurity researchers (CVE-2023-41724) Read More »

Atlassian Patches Critical Vulnerability in Bamboo Data Center and Server

Atlassian, Vulnerabilities, vulnerability /

Atlassian Patches Critical Vulnerability in Bamboo Data Center and Server 2024-03-20 at 16:46 By Ionut Arghire Atlassian releases patches for two dozen vulnerabilities, including a critical-severity bug in Bamboo Data Center and Server. The post Atlassian Patches Critical Vulnerability in Bamboo Data Center and Server appeared first on SecurityWeek. This article is an excerpt from

React to this headline:

Loading spinner

Atlassian Patches Critical Vulnerability in Bamboo Data Center and Server Read More »

Chrome 123, Firefox 124 Patch Serious Vulnerabilities

Chrome, Firefox, Vulnerabilities, vulnerability /

Chrome 123, Firefox 124 Patch Serious Vulnerabilities 2024-03-20 at 15:01 By Ionut Arghire Chrome and Firefox security updates released on Tuesday resolve a critical-severity and multiple high-severity vulnerabilities. The post Chrome 123, Firefox 124 Patch Serious Vulnerabilities appeared first on SecurityWeek. This article is an excerpt from SecurityWeek RSS Feed View Original Source React to

React to this headline:

Loading spinner

Chrome 123, Firefox 124 Patch Serious Vulnerabilities Read More »

NIST’s NVD has encountered a problem

Chainguard, Don't miss, enterprise, Hot stuff, News, NIST, Qualys, Rapid7, vulnerability, vulnerability management /

NIST’s NVD has encountered a problem 2024-03-19 at 15:47 By Zeljka Zorz Whether the cause is insurmountable technical debt, lack of funds, a third reason or all of them, NIST’s National Vulnerability Database (NVD) is struggling, and it’s affecting vulnerability management efforts. What happened? Anyone who regularly uses the NVD as a source of information

React to this headline:

Loading spinner

NIST’s NVD has encountered a problem Read More »

PoC exploit for critical Fortra FileCatalyst MFT vulnerability released (CVE-2024-25153)

Don't miss, exploit, Fortra, Hot stuff, News, PoC, security update, vulnerability /

PoC exploit for critical Fortra FileCatalyst MFT vulnerability released (CVE-2024-25153) 2024-03-19 at 14:01 By Helga Labus Proof-of-concept (PoC) exploit code for a critical RCE vulnerability (CVE-2024-25153) in Fortra FileCatalyst MFT solution has been published. About CVE-2024-25153 Fortra FileCatalyst is an enterprise managed file transfer (MFT) software solution that includes several components: FileCatalyst Direct, Workflow, and

React to this headline:

Loading spinner

PoC exploit for critical Fortra FileCatalyst MFT vulnerability released (CVE-2024-25153) Read More »

Pentagon Received Over 50,000 Vulnerability Reports Since 2016

bug bounty program, Pentagon, Vulnerabilities, vulnerability /

Pentagon Received Over 50,000 Vulnerability Reports Since 2016 2024-03-18 at 15:17 By Ionut Arghire Since 2016, the US DoD has received over 50,000 submissions through its vulnerability disclosure program. The post Pentagon Received Over 50,000 Vulnerability Reports Since 2016 appeared first on SecurityWeek. This article is an excerpt from SecurityWeek RSS Feed View Original Source

React to this headline:

Loading spinner

Pentagon Received Over 50,000 Vulnerability Reports Since 2016 Read More »

PoC Published for Critical Fortra Code Execution Vulnerability

Fortra, Vulnerabilities, vulnerability /

PoC Published for Critical Fortra Code Execution Vulnerability 2024-03-18 at 13:46 By Ionut Arghire A critical directory traversal vulnerability in Fortra FileCatalyst Workflow could lead to remote code execution. The post PoC Published for Critical Fortra Code Execution Vulnerability appeared first on SecurityWeek. This article is an excerpt from SecurityWeek RSS Feed View Original Source

React to this headline:

Loading spinner

PoC Published for Critical Fortra Code Execution Vulnerability Read More »

CGSI Probes: ShadowSyndicate Group’s Possible Exploitation of Aiohttp Vulnerability (CVE-2024-23334) 

exploit, vulnerability /

CGSI Probes: ShadowSyndicate Group’s Possible Exploitation of Aiohttp Vulnerability (CVE-2024-23334)  2024-03-15 at 11:01 By neetha871ad236bd CGSI captures potential exploitation of an Aiohttp vulnerability by the ShadowSyndicate Group. The post CGSI Probes: ShadowSyndicate Group’s Possible Exploitation of Aiohttp Vulnerability (CVE-2024-23334)  appeared first on Cyble. This article is an excerpt from Cyble View Original Source React to

React to this headline:

Loading spinner

CGSI Probes: ShadowSyndicate Group’s Possible Exploitation of Aiohttp Vulnerability (CVE-2024-23334)  Read More »

Critical FortiClient EMS vulnerability fixed, (fake?) PoC for sale (CVE-2023-48788)

Don't miss, endpoint management, Fortinet, Horizon3.ai, Hot stuff, News, PoC, SANS ISC, vulnerability /

Critical FortiClient EMS vulnerability fixed, (fake?) PoC for sale (CVE-2023-48788) 2024-03-14 at 16:36 By Zeljka Zorz A recently fixed SQL injection vulnerability (CVE-2023-48788) in Fortinet’s FortiClient Endpoint Management Server (EMS) solution has apparently piqued the interest of many: Horizon3’s Attack Team means to publish technical details and a proof-of-concept exploit for it next week, and

React to this headline:

Loading spinner

Critical FortiClient EMS vulnerability fixed, (fake?) PoC for sale (CVE-2023-48788) Read More »

BSAM: Open-source methodology for Bluetooth security assessment

Bluetooth, Bluetooth Low Energy, consumer, Don't miss, enterprise, Hot stuff, News, security auditing, SMBs, Tarlogic, vulnerability, wireless /

BSAM: Open-source methodology for Bluetooth security assessment 2024-03-13 at 08:39 By Zeljka Zorz Many wireless headsets using Bluetooth technology have vulnerabilities that may allow malicious individuals to covertly listen in on private conversations, Tarlogic Security researchers have demonstrated last week at RootedCON in Madrid. “Many of the examples presented during the conference were real tests

React to this headline:

Loading spinner

BSAM: Open-source methodology for Bluetooth security assessment Read More »

Exploited Building Access System Vulnerability Patched 5 Years After Disclosure

building, exploited, Featured, ICS/OT, IoT Security, vulnerability /

Exploited Building Access System Vulnerability Patched 5 Years After Disclosure 2024-03-12 at 13:18 By Eduard Kovacs Vulnerabilities affecting a Nice Linear physical access product, including an exploited flaw, patched five years after their disclosure. The post Exploited Building Access System Vulnerability Patched 5 Years After Disclosure appeared first on SecurityWeek. This article is an excerpt

React to this headline:

Loading spinner

Exploited Building Access System Vulnerability Patched 5 Years After Disclosure Read More »

Hackers leverage 1-day vulnerabilities to deliver custom Linux malware

backdoor, Check Point, Don't miss, exploit, Hot stuff, Linux, Malware, News, vulnerability, Windows /

Hackers leverage 1-day vulnerabilities to deliver custom Linux malware 2024-03-12 at 11:01 By Helga Labus A financially motivated threat actor is using known vulnerabilities to target public-facing services and deliver custom malware to unpatched Windows and Linux systems. Among the exploited vulnerabilities are also two recently discovered Ivanti Connect Secure VPN flaws that are widely

React to this headline:

Loading spinner

Hackers leverage 1-day vulnerabilities to deliver custom Linux malware Read More »

Scroll to Top