vulnerability

Cisco patches Secure Client VPN flaw that could reveal authentication tokens (CVE-2024-20337)

access point, Cisco, Don't miss, enterprise, Hot stuff, News, security update, SMBs, VPN, vulnerability /

Cisco patches Secure Client VPN flaw that could reveal authentication tokens (CVE-2024-20337) 2024-03-08 at 13:03 By Zeljka Zorz Cisco has fixed two high-severity vulnerabilities affecting its Cisco Secure Client enterprise VPN and endpoint security solution, one of which (CVE-2024-20337) could be exploited by unauthenticated, remote attackers to grab users’ valid SAML authentication token. “The attacker […]

React to this headline:

Loading spinner

Cisco patches Secure Client VPN flaw that could reveal authentication tokens (CVE-2024-20337) Read More »

VMware patches critical flaws in ESXi, Workstation, Fusion and Cloud Foundation

Don't miss, Hot stuff, News, sandbox, security update, VMWare, vulnerability /

VMware patches critical flaws in ESXi, Workstation, Fusion and Cloud Foundation 2024-03-07 at 15:07 By Helga Labus VMware has fixed four vulnerabilities (CVE-2024-22252, CVE-2024-22253, CVE-2024-22254, CVE-2024-22255) in ESXi, Workstation, Fusion and Cloud Foundation, some of which could allow attackers to escape the sandbox and execute code on the host machine. About the vulnerabilities VMware ESXi

React to this headline:

Loading spinner

VMware patches critical flaws in ESXi, Workstation, Fusion and Cloud Foundation Read More »

JetBrains TeamCity Authentication Bypass vulnerability under Active Exploitation

exploit, vulnerability /

JetBrains TeamCity Authentication Bypass vulnerability under Active Exploitation 2024-03-07 at 12:25 By neetha871ad236bd Cyble Global Sensor Intelligence observes active exploitation of JetBrains TeamCity Authentication Bypass vulnerability. The post JetBrains TeamCity Authentication Bypass vulnerability under Active Exploitation appeared first on Cyble. This article is an excerpt from Cyble View Original Source React to this headline:

React to this headline:

Loading spinner

JetBrains TeamCity Authentication Bypass vulnerability under Active Exploitation Read More »

Critical vulnerabilities in TeamCity JetBrains fixed, release of technical details imminent, patch quickly! (CVE-2024-27198, CVE-2024-27199)

continuous integration, DevOps, Don't miss, Hot stuff, JetBrains, News, Rapid7, security update, software development, vulnerability /

Critical vulnerabilities in TeamCity JetBrains fixed, release of technical details imminent, patch quickly! (CVE-2024-27198, CVE-2024-27199) 2024-03-04 at 18:07 By Zeljka Zorz JetBrains has fixed two critical security vulnerabilities (CVE-2024-27198, CVE-2024-27199) affecting TeamCity On-Premises and is urging customers to patch them immediately. “Rapid7 originally identified and reported these vulnerabilities to us and has chosen to adhere

React to this headline:

Loading spinner

Critical vulnerabilities in TeamCity JetBrains fixed, release of technical details imminent, patch quickly! (CVE-2024-27198, CVE-2024-27199) Read More »

Hikvision Patches High-Severity Vulnerability in Security Management System

Hikvision, IoT Security, Vulnerabilities, vulnerability /

Hikvision Patches High-Severity Vulnerability in Security Management System 2024-03-04 at 15:47 By Ionut Arghire A high-severity vulnerability in HikCentral Professional could lead to unauthorized access to certain URLs. The post Hikvision Patches High-Severity Vulnerability in Security Management System appeared first on SecurityWeek. This article is an excerpt from SecurityWeek RSS Feed View Original Source React

React to this headline:

Loading spinner

Hikvision Patches High-Severity Vulnerability in Security Management System Read More »

Meta Patches Facebook Account Takeover Vulnerability

Facebook, Vulnerabilities, vulnerability /

Meta Patches Facebook Account Takeover Vulnerability 2024-02-29 at 16:34 By Eduard Kovacs Meta has patched a critical vulnerability that could have been exploited to take over any Facebook account via a brute-force attack. The post Meta Patches Facebook Account Takeover Vulnerability appeared first on SecurityWeek. This article is an excerpt from SecurityWeek RSS Feed View

React to this headline:

Loading spinner

Meta Patches Facebook Account Takeover Vulnerability Read More »

Cisco Patches High-Severity Vulnerabilities in Data Center OS

Cisco, Vulnerabilities, vulnerability /

Cisco Patches High-Severity Vulnerabilities in Data Center OS 2024-02-29 at 15:01 By Ionut Arghire Cisco’s semiannual FXOS and NX-OS security advisory bundle resolves two high- and two medium-severity vulnerabilities. The post Cisco Patches High-Severity Vulnerabilities in Data Center OS appeared first on SecurityWeek. This article is an excerpt from SecurityWeek RSS Feed View Original Source

React to this headline:

Loading spinner

Cisco Patches High-Severity Vulnerabilities in Data Center OS Read More »

ScreenConnect flaws exploited to deliver all kinds of malware (CVE-2024-1709, CVE-2024-1708)

ConnectWise, Don't miss, enterprise, exploit, Hot stuff, Huntress, Malware, Mandiant, News, Ransomware, remote access, remote management, Sophos, vulnerability /

ScreenConnect flaws exploited to deliver all kinds of malware (CVE-2024-1709, CVE-2024-1708) 2024-02-26 at 13:36 By Zeljka Zorz The recently patched vulnerabilities (CVE-2024-1709, CVE-2024-1708) in ConnectWise ScreenConnect software are being exploited by numerous attackers to deliver a variety of malicious payloads. About ConnectWise ScreenConnect ConnectWise ScreenConnect is a remote desktop solution consisting of server and client

React to this headline:

Loading spinner

ScreenConnect flaws exploited to deliver all kinds of malware (CVE-2024-1709, CVE-2024-1708) Read More »

Attackers exploiting ConnectWise ScreenConnect flaws, fixes available for all users (CVE-2024-1709, CVE-2024-1708)

ConnectWise, Don't miss, exploit, Hot stuff, Huntress, MSP, News, Palo Alto Networks, PoC, remote access, remote management, Shadowserver, vulnerability, WatchTowr /

Attackers exploiting ConnectWise ScreenConnect flaws, fixes available for all users (CVE-2024-1709, CVE-2024-1708) 2024-02-22 at 12:31 By Zeljka Zorz The two ScreenConnect vulnerabilities ConnectWise has recently urged customers to patch have finally been assigned CVE numbers: CVE-2024-1709 for the authentication bypass, CVE-2024-1708 for the path traversal flaw. ConnectWise has also released a newer version of ScreenConnect

React to this headline:

Loading spinner

Attackers exploiting ConnectWise ScreenConnect flaws, fixes available for all users (CVE-2024-1709, CVE-2024-1708) Read More »

VMware pushes admins to uninstall vulnerable, deprecated vSphere plugin (CVE-2024-22245, CVE-2024-22250)

cloud computing, CVE, Don't miss, enterprise, Hot stuff, hybrid cloud, News, Pen Test Partners, virtualization, VMWare, vulnerability /

VMware pushes admins to uninstall vulnerable, deprecated vSphere plugin (CVE-2024-22245, CVE-2024-22250) 2024-02-21 at 15:01 By Zeljka Zorz VMware Enhanced Authentication Plug-in (EAP), a plugin for VMware vSphere, has two vulnerabilities (CVE-2024-22245, CVE-2024-22250) that could be exploited by attackers to mount authentication relay and session hijack attacks. The vulnerabilities haven’t been and won’t be fixed. Instead,

React to this headline:

Loading spinner

VMware pushes admins to uninstall vulnerable, deprecated vSphere plugin (CVE-2024-22245, CVE-2024-22250) Read More »

Chrome 122, Firefox 123 Patch High-Severity Vulnerabilities

Chrome, Firefox, Vulnerabilities, vulnerability /

Chrome 122, Firefox 123 Patch High-Severity Vulnerabilities 2024-02-21 at 13:46 By Ionut Arghire Google and Mozilla resolve high-severity memory safety vulnerabilities with the latest Chrome and Firefox updates. The post Chrome 122, Firefox 123 Patch High-Severity Vulnerabilities appeared first on SecurityWeek. This article is an excerpt from SecurityWeek RSS Feed View Original Source React to

React to this headline:

Loading spinner

Chrome 122, Firefox 123 Patch High-Severity Vulnerabilities Read More »

Critical ConnectWise ScreenConnect vulnerabilities fixed, patch ASAP!

ConnectWise, Don't miss, Hot stuff, MSP, News, remote access, remote management, security update, SMBs, vulnerability /

Critical ConnectWise ScreenConnect vulnerabilities fixed, patch ASAP! 2024-02-20 at 12:16 By Zeljka Zorz ConnectWise has fixed two vulnerabilities in ScreenConnect that could allow attackers to execute remote code or directly impact confidential data or critical systems. “There is no evidence that these vulnerabilities have been exploited in the wild, but immediate action must be taken

React to this headline:

Loading spinner

Critical ConnectWise ScreenConnect vulnerabilities fixed, patch ASAP! Read More »

RCE vulnerabilities fixed in SolarWinds enterprise solutions

access management, Don't miss, enterprise, Hot stuff, News, SolarWinds, vulnerability /

RCE vulnerabilities fixed in SolarWinds enterprise solutions 2024-02-19 at 07:01 By Zeljka Zorz SolarWinds has released updates for Access Rights Manager (ARM) and (Orion) Platform that fix vulnerabilities that could allow attackers to execute code on vulnerable installations. SolarWinds ARM flaws fixed SolarWinds, the company whose Orion IT administration platform has been infamously compromised in

React to this headline:

Loading spinner

RCE vulnerabilities fixed in SolarWinds enterprise solutions Read More »

Vulnerable Fortinet Devices: Low-hanging Fruit for Threat Actors

critical infrastructure, Cybercrime forums, exploit, Fortinet, ODIN, vulnerability /

Vulnerable Fortinet Devices: Low-hanging Fruit for Threat Actors 2024-02-16 at 08:46 By cybleinc Cyble analyzes the increasing incidences of vulnerabilities in Fortinet, highlighting the impact they have on Critical Infrastructure. The post Vulnerable Fortinet Devices: Low-hanging Fruit for Threat Actors appeared first on Cyble. This article is an excerpt from Cyble View Original Source React

React to this headline:

Loading spinner

Vulnerable Fortinet Devices: Low-hanging Fruit for Threat Actors Read More »

ESET Patches High-Severity Privilege Escalation Vulnerability

ESET, Vulnerabilities, vulnerability /

ESET Patches High-Severity Privilege Escalation Vulnerability 2024-02-15 at 17:02 By Ionut Arghire ESET has released patches for a high-severity elevation of privilege vulnerability in its Windows security products. The post ESET Patches High-Severity Privilege Escalation Vulnerability appeared first on SecurityWeek. This article is an excerpt from SecurityWeek RSS Feed View Original Source React to this

React to this headline:

Loading spinner

ESET Patches High-Severity Privilege Escalation Vulnerability Read More »

Zoom Patches Critical Vulnerability in Windows Applications

Vulnerabilities, vulnerability, Zoom /

Zoom Patches Critical Vulnerability in Windows Applications 2024-02-14 at 16:17 By Ionut Arghire Zoom patches seven vulnerabilities in its products, including a critical-severity bug in its Windows applications. The post Zoom Patches Critical Vulnerability in Windows Applications appeared first on SecurityWeek. This article is an excerpt from SecurityWeek RSS Feed View Original Source React to

React to this headline:

Loading spinner

Zoom Patches Critical Vulnerability in Windows Applications Read More »

QNAP fixes OS command injection flaws affecting its NAS devices (CVE-2023-47218, CVE-2023-50358)

Don't miss, enterprise, Hot stuff, NAS, News, Palo Alto Networks, QNAP, Rapid7, security update, SMBs, vulnerability /

QNAP fixes OS command injection flaws affecting its NAS devices (CVE-2023-47218, CVE-2023-50358) 2024-02-14 at 12:46 By Zeljka Zorz QNAP Systems has patched two unauthenticated OS command injection vulnerabilities (CVE-2023-47218, CVE-2023-50358) in various versions of the operating systems embedded in the firmware of their popular network-attached storage (NAS) devices. About the vulnerabilities (CVE-2023-47218, CVE-2023-50358) Both vulnerabilities

React to this headline:

Loading spinner

QNAP fixes OS command injection flaws affecting its NAS devices (CVE-2023-47218, CVE-2023-50358) Read More »

Microsoft patches two zero-days exploited by attackers (CVE-2024-21412, CVE-2024-21351)

0-day, APT, Don't miss, Hot stuff, Microsoft, Microsoft Exchange, MS Office, News, Tenable, Trend Micro, vulnerability /

Microsoft patches two zero-days exploited by attackers (CVE-2024-21412, CVE-2024-21351) 2024-02-13 at 22:01 By Zeljka Zorz On February 2024 Patch Tuesday, Microsoft has delivered fixes for 72 CVE-numbered vulnerabilities, including two zero-days (CVE-2024-21412, CVE-2024-21351) that are being leveraged by attackers in the wild. About CVE-2024-21412 and CVE-2024-21351 CVE-2024-21412 allows attackers to bypass the Microsoft Defender SmartScreen

React to this headline:

Loading spinner

Microsoft patches two zero-days exploited by attackers (CVE-2024-21412, CVE-2024-21351) Read More »

Attackers injected novel DSLog backdoor into 670 vulnerable Ivanti devices (CVE-2024-21893)

backdoor, Don't miss, exploit, Hot stuff, Ivanti, News, Orange Cyberdefense, vulnerability /

Attackers injected novel DSLog backdoor into 670 vulnerable Ivanti devices (CVE-2024-21893) 2024-02-13 at 13:01 By Helga Labus Hackers are actively exploiting a vulnerability (CVE-2024-21893) in Ivanti Connect Secure, Policy Secure and Neurons for ZTA to inject a “previously unknown and interesting backdoor” dubbed DSLog. CVE-2024-21893 patches and exploitation Ivanti disclosed CVE-2024-21893 – a server-side request

React to this headline:

Loading spinner

Attackers injected novel DSLog backdoor into 670 vulnerable Ivanti devices (CVE-2024-21893) Read More »

Roundcube webmail XSS vulnerability exploited by attackers (CVE-2023-43770)

CISA, Don't miss, Hot stuff, News, Roundcube, vulnerability /

Roundcube webmail XSS vulnerability exploited by attackers (CVE-2023-43770) 2024-02-13 at 11:46 By Zeljka Zorz CVE-2023-43770, a vulnerability in the Roundcube webmail software that has been fixed in September 2023, is being exploited by attackers in the wild, CISA has warned by adding the vulnerability to its Known Exploited Vulnerabilities (KEV) catalog. About CVE-2023-43770 Roundcube is

React to this headline:

Loading spinner

Roundcube webmail XSS vulnerability exploited by attackers (CVE-2023-43770) Read More »

Buy Me A Coffee
Thank you for visiting!