vulnerability

SonicWall Patches Critical SonicOS Vulnerability 

SonicWall, Vulnerabilities, vulnerability /

SonicWall Patches Critical SonicOS Vulnerability  2024-08-26 at 16:16 By Eduard Kovacs SonicWall has patched CVE-2024-40766, a critical SonicOS vulnerability that can lead to unauthorized access or a firewall crash. The post SonicWall Patches Critical SonicOS Vulnerability  appeared first on SecurityWeek. This article is an excerpt from SecurityWeek RSS Feed View Original Source React to this […]

React to this headline:

Loading spinner

SonicWall Patches Critical SonicOS Vulnerability  Read More »

The SAML Exploit That Could Take Down GitHub: What You Need to Know About CVE-2024-6800 

vulnerability /

The SAML Exploit That Could Take Down GitHub: What You Need to Know About CVE-2024-6800  2024-08-26 at 13:35 By Cyble Key Takeaways  Overview  Cyble Research & Intelligence Labs’ (CRIL) Weekly Vulnerability Intelligence Report has recently revealed critical flaws with the potential to impact major technology platforms. Among the most concerning is a security issue affecting

React to this headline:

Loading spinner

The SAML Exploit That Could Take Down GitHub: What You Need to Know About CVE-2024-6800  Read More »

Weekly IT Vulnerability Report for August 20, 2024: Urgent Fixes Recommended for GitHub, PHP, Windows, and SAP 

vulnerability /

Weekly IT Vulnerability Report for August 20, 2024: Urgent Fixes Recommended for GitHub, PHP, Windows, and SAP  2024-08-26 at 13:35 By Cyble Key Takeaways  Overview  Cyble Research and Intelligence Labs (CRIL) researchers investigated 12 vulnerabilities from August 14 to August 20, ranging in severity from medium to critical.  CRIL researchers also observed five instances of

React to this headline:

Loading spinner

Weekly IT Vulnerability Report for August 20, 2024: Urgent Fixes Recommended for GitHub, PHP, Windows, and SAP  Read More »

Another critical SolarWinds Web Help Desk bug fixed (CVE-2024-28987)

CVE, Don't miss, enterprise, Hot stuff, MSP, News, SMBs, SolarWinds, vulnerability /

Another critical SolarWinds Web Help Desk bug fixed (CVE-2024-28987) 2024-08-23 at 13:31 By Zeljka Zorz A week after SolarWinds released a fix for a critical code-injection-to-RCE vulnerability (CVE-2024-28986) in Web Help Desk (WHD), another patch for another critical flaw (CVE-2024-28987) in the company’s IT help desk solution has been pushed out. CVE-2024-28987 CVE-2024-28987 stems from

React to this headline:

Loading spinner

Another critical SolarWinds Web Help Desk bug fixed (CVE-2024-28987) Read More »

China-Linked ‘Velvet Ant’ Hackers Exploited Zero-Day to Deploy Malware on Cisco Nexus Switches

Cisco, Nation-State, Network Security, Vulnerabilities, vulnerability /

China-Linked ‘Velvet Ant’ Hackers Exploited Zero-Day to Deploy Malware on Cisco Nexus Switches 2024-08-22 at 20:03 By Kevin Townsend Hackers gained access to the switch using valid administrator credentials, and then ‘jailbroke’ from the application level into the OS level. The post China-Linked ‘Velvet Ant’ Hackers Exploited Zero-Day to Deploy Malware on Cisco Nexus Switches

React to this headline:

Loading spinner

China-Linked ‘Velvet Ant’ Hackers Exploited Zero-Day to Deploy Malware on Cisco Nexus Switches Read More »

Comprehensive Analysis of Critical Vulnerabilities in Atlassian Products

vulnerability /

Comprehensive Analysis of Critical Vulnerabilities in Atlassian Products 2024-08-22 at 18:31 By Cyble Key Takeaways Overview  CERT-In has added multiple critical Atlassian vulnerabilities to its catalog following the disclosure by the organization in its August 2024 Security Bulletin. These vulnerabilities   target a range of Atlassian products, including Bamboo, Confluence, and more. This analysis aims to

React to this headline:

Loading spinner

Comprehensive Analysis of Critical Vulnerabilities in Atlassian Products Read More »

Critical GitHub Enterprise Server auth bypass flaw fixed (CVE-2024-6800)

CVE, Don't miss, enterprise, GitHub, Hot stuff, News, security update, software development, vulnerability /

Critical GitHub Enterprise Server auth bypass flaw fixed (CVE-2024-6800) 2024-08-22 at 15:31 By Zeljka Zorz A critical vulnerability (CVE-2024-6800) affecting all currently supported versions of GitHub Enterprise Server (GHES) may allow attackers to gain unrestricted access to the instance’s contents. The issue, reported via the GitHub Bug Bounty program, has been addressed and administrators are

React to this headline:

Loading spinner

Critical GitHub Enterprise Server auth bypass flaw fixed (CVE-2024-6800) Read More »

Microsoft Copilot Studio Vulnerability Led to Information Disclosure

Artificial Intelligence, Copilot, Microsoft, vulnerability /

Microsoft Copilot Studio Vulnerability Led to Information Disclosure 2024-08-21 at 16:01 By Ionut Arghire A vulnerability in Microsoft Copilot Studio exposed information on internal services shared among tenants, potentially impacting multiple customers. The post Microsoft Copilot Studio Vulnerability Led to Information Disclosure appeared first on SecurityWeek. This article is an excerpt from SecurityWeek RSS Feed

React to this headline:

Loading spinner

Microsoft Copilot Studio Vulnerability Led to Information Disclosure Read More »

Critical Flaw in Donation Plugin Exposed 100,000 WordPress Sites to Takeover

plugin, Vulnerabilities, vulnerability, WordPress /

Critical Flaw in Donation Plugin Exposed 100,000 WordPress Sites to Takeover 2024-08-20 at 18:16 By Ionut Arghire A critical vulnerability in the GiveWP WordPress plugin could be exploited for remote code execution and arbitrary file deletion. The post Critical Flaw in Donation Plugin Exposed 100,000 WordPress Sites to Takeover appeared first on SecurityWeek. This article

React to this headline:

Loading spinner

Critical Flaw in Donation Plugin Exposed 100,000 WordPress Sites to Takeover Read More »

0-day in Windows driver exploited by North Korean hackers to deliver rootkit (CVE-2024-38193)

0-day, APT, Don't miss, drivers, Hot stuff, News, North Korea, rootkits, vulnerability /

0-day in Windows driver exploited by North Korean hackers to deliver rootkit (CVE-2024-38193) 2024-08-20 at 16:01 By Zeljka Zorz CVE-2024-38193, an actively exploited zero-day that Microsoft patched earlier this month, has been leveraged by North Korean hackers to install a rootkit on targets’ computers, Gen Digital researchers have revealed. About CVE-2024-38193 CVE-2024-38193 is a use-after-free

React to this headline:

Loading spinner

0-day in Windows driver exploited by North Korean hackers to deliver rootkit (CVE-2024-38193) Read More »

Cisco, Microsoft Disagree on Severity of macOS App Vulnerabilities 

Cisco, Microsoft, Vulnerabilities, vulnerability /

Cisco, Microsoft Disagree on Severity of macOS App Vulnerabilities  2024-08-20 at 15:31 By Ionut Arghire Multiple vulnerabilities in Microsoft applications for macOS could be exploited to send emails, leak sensitive information, and escalate privileges. The post Cisco, Microsoft Disagree on Severity of macOS App Vulnerabilities  appeared first on SecurityWeek. This article is an excerpt from

React to this headline:

Loading spinner

Cisco, Microsoft Disagree on Severity of macOS App Vulnerabilities  Read More »

F5 Patches High-Severity Vulnerabilities in BIG-IP, NGINX Plus

F5, Vulnerabilities, vulnerability /

F5 Patches High-Severity Vulnerabilities in BIG-IP, NGINX Plus 2024-08-20 at 14:16 By Ionut Arghire F5’s latest quarterly security notification includes nine advisories, including four for high-severity vulnerabilities in BIG-IP and NGINX Plus. The post F5 Patches High-Severity Vulnerabilities in BIG-IP, NGINX Plus appeared first on SecurityWeek. This article is an excerpt from SecurityWeek RSS Feed

React to this headline:

Loading spinner

F5 Patches High-Severity Vulnerabilities in BIG-IP, NGINX Plus Read More »

Vulnerabilities in Microsoft macOS apps may give attackers access to microphone, camera

apple, Cisco, Don't miss, Hot stuff, Microsoft, Microsoft Teams, News, vulnerability /

Vulnerabilities in Microsoft macOS apps may give attackers access to microphone, camera 2024-08-20 at 13:46 By Zeljka Zorz Vulnerabilities in popular Microsoft apps for macOS can be abused by attackers to record video and audio clips, take pictures, access and exfiltrate data and send emails, Cisco Talos researchers have discovered. Library injection vulnerabilities in Microsoft

React to this headline:

Loading spinner

Vulnerabilities in Microsoft macOS apps may give attackers access to microphone, camera Read More »

Stolen, locked payment cards can be used with digital wallet apps

apple, Banks, digital wallet, Don't miss, financial industry, fraud, Google, Hot stuff, mobile payment, News, online payment, PayPal, research, vulnerability /

Stolen, locked payment cards can be used with digital wallet apps 2024-08-19 at 21:32 By Zeljka Zorz Fraudsters can add stolen payment cards to digital wallet apps and continue making online purchases even after victims’ report the card stolen and the bank blocks it, computer engineers with University of Massachusetts Amherst and Pennsylvania State University

React to this headline:

Loading spinner

Stolen, locked payment cards can be used with digital wallet apps Read More »

SolarWinds Issues Hotfix for Critical Web Help Desk Vulnerability

SolarWinds, Vulnerabilities, vulnerability /

SolarWinds Issues Hotfix for Critical Web Help Desk Vulnerability 2024-08-15 at 16:32 By Ionut Arghire SolarWinds has released a hotfix for a critical Java deserialization remote code execution vulnerability in Web Help Desk. The post SolarWinds Issues Hotfix for Critical Web Help Desk Vulnerability appeared first on SecurityWeek. This article is an excerpt from SecurityWeek

React to this headline:

Loading spinner

SolarWinds Issues Hotfix for Critical Web Help Desk Vulnerability Read More »

Palo Alto Networks Patches Unauthenticated Command Execution Flaw in Cortex XSOAR

Palo Alto Networks, Vulnerabilities, vulnerability /

Palo Alto Networks Patches Unauthenticated Command Execution Flaw in Cortex XSOAR 2024-08-15 at 15:04 By Eduard Kovacs Palo Alto Networks has patched multiple vulnerabilities, including ones rated high severity, in several products. The post Palo Alto Networks Patches Unauthenticated Command Execution Flaw in Cortex XSOAR appeared first on SecurityWeek. This article is an excerpt from

React to this headline:

Loading spinner

Palo Alto Networks Patches Unauthenticated Command Execution Flaw in Cortex XSOAR Read More »

Critical RCE bug in SolarWinds Web Help Desk fixed (CVE-2024-28986)

CVE, Don't miss, enterprise, Hot stuff, Java, MSP, News, SMBs, vulnerability /

Critical RCE bug in SolarWinds Web Help Desk fixed (CVE-2024-28986) 2024-08-15 at 14:45 By Zeljka Zorz SolarWinds has fixed a critical vulnerability (CVE-2024-28986) in its Web Help Desk (WHD) solution that may allow attackers to run commands on the host machine. “While it was reported as an unauthenticated vulnerability, SolarWinds has been unable to reproduce

React to this headline:

Loading spinner

Critical RCE bug in SolarWinds Web Help Desk fixed (CVE-2024-28986) Read More »

GitHub Makes Copilot Autofix Generally Available

Application Security, Copilot, GitHub, vulnerability /

GitHub Makes Copilot Autofix Generally Available 2024-08-15 at 12:16 By Ionut Arghire GitHub has made AI-powered Copilot Autofix generally available to help developers fix code vulnerabilities faster. The post GitHub Makes Copilot Autofix Generally Available appeared first on SecurityWeek. This article is an excerpt from SecurityWeek RSS Feed View Original Source React to this headline:

React to this headline:

Loading spinner

GitHub Makes Copilot Autofix Generally Available Read More »

Fortinet, Zoom Patch Multiple Vulnerabilities

Fortinet, Vulnerabilities, vulnerability, Zoom /

Fortinet, Zoom Patch Multiple Vulnerabilities 2024-08-14 at 15:46 By Eduard Kovacs Fortinet and Zoom have released patches for multiple vulnerabilities in their products, including high-severity bugs. The post Fortinet, Zoom Patch Multiple Vulnerabilities appeared first on SecurityWeek. This article is an excerpt from SecurityWeek RSS Feed View Original Source React to this headline:

React to this headline:

Loading spinner

Fortinet, Zoom Patch Multiple Vulnerabilities Read More »

Ivanti Patches Critical Vulnerabilities in Neurons for ITSM, Virtual Traffic Manager

Ivanti, Vulnerabilities, vulnerability /

Ivanti Patches Critical Vulnerabilities in Neurons for ITSM, Virtual Traffic Manager 2024-08-14 at 14:02 By Ionut Arghire Ivanti has released patches for multiple vulnerabilities in Neurons for ITSM, Avalanche, and Virtual Traffic Manager, including critical bugs. The post Ivanti Patches Critical Vulnerabilities in Neurons for ITSM, Virtual Traffic Manager appeared first on SecurityWeek. This article

React to this headline:

Loading spinner

Ivanti Patches Critical Vulnerabilities in Neurons for ITSM, Virtual Traffic Manager Read More »

Scroll to Top