vulnerability

SolarWinds Issues Hotfix for Critical Web Help Desk Vulnerability

SolarWinds, Vulnerabilities, vulnerability /

SolarWinds Issues Hotfix for Critical Web Help Desk Vulnerability 2024-08-15 at 16:32 By Ionut Arghire SolarWinds has released a hotfix for a critical Java deserialization remote code execution vulnerability in Web Help Desk. The post SolarWinds Issues Hotfix for Critical Web Help Desk Vulnerability appeared first on SecurityWeek. This article is an excerpt from SecurityWeek […]

React to this headline:

Loading spinner

SolarWinds Issues Hotfix for Critical Web Help Desk Vulnerability Read More »

Palo Alto Networks Patches Unauthenticated Command Execution Flaw in Cortex XSOAR

Palo Alto Networks, Vulnerabilities, vulnerability /

Palo Alto Networks Patches Unauthenticated Command Execution Flaw in Cortex XSOAR 2024-08-15 at 15:04 By Eduard Kovacs Palo Alto Networks has patched multiple vulnerabilities, including ones rated high severity, in several products. The post Palo Alto Networks Patches Unauthenticated Command Execution Flaw in Cortex XSOAR appeared first on SecurityWeek. This article is an excerpt from

React to this headline:

Loading spinner

Palo Alto Networks Patches Unauthenticated Command Execution Flaw in Cortex XSOAR Read More »

Critical RCE bug in SolarWinds Web Help Desk fixed (CVE-2024-28986)

CVE, Don't miss, enterprise, Hot stuff, Java, MSP, News, SMBs, vulnerability /

Critical RCE bug in SolarWinds Web Help Desk fixed (CVE-2024-28986) 2024-08-15 at 14:45 By Zeljka Zorz SolarWinds has fixed a critical vulnerability (CVE-2024-28986) in its Web Help Desk (WHD) solution that may allow attackers to run commands on the host machine. “While it was reported as an unauthenticated vulnerability, SolarWinds has been unable to reproduce

React to this headline:

Loading spinner

Critical RCE bug in SolarWinds Web Help Desk fixed (CVE-2024-28986) Read More »

GitHub Makes Copilot Autofix Generally Available

Application Security, Copilot, GitHub, vulnerability /

GitHub Makes Copilot Autofix Generally Available 2024-08-15 at 12:16 By Ionut Arghire GitHub has made AI-powered Copilot Autofix generally available to help developers fix code vulnerabilities faster. The post GitHub Makes Copilot Autofix Generally Available appeared first on SecurityWeek. This article is an excerpt from SecurityWeek RSS Feed View Original Source React to this headline:

React to this headline:

Loading spinner

GitHub Makes Copilot Autofix Generally Available Read More »

Fortinet, Zoom Patch Multiple Vulnerabilities

Fortinet, Vulnerabilities, vulnerability, Zoom /

Fortinet, Zoom Patch Multiple Vulnerabilities 2024-08-14 at 15:46 By Eduard Kovacs Fortinet and Zoom have released patches for multiple vulnerabilities in their products, including high-severity bugs. The post Fortinet, Zoom Patch Multiple Vulnerabilities appeared first on SecurityWeek. This article is an excerpt from SecurityWeek RSS Feed View Original Source React to this headline:

React to this headline:

Loading spinner

Fortinet, Zoom Patch Multiple Vulnerabilities Read More »

Ivanti Patches Critical Vulnerabilities in Neurons for ITSM, Virtual Traffic Manager

Ivanti, Vulnerabilities, vulnerability /

Ivanti Patches Critical Vulnerabilities in Neurons for ITSM, Virtual Traffic Manager 2024-08-14 at 14:02 By Ionut Arghire Ivanti has released patches for multiple vulnerabilities in Neurons for ITSM, Avalanche, and Virtual Traffic Manager, including critical bugs. The post Ivanti Patches Critical Vulnerabilities in Neurons for ITSM, Virtual Traffic Manager appeared first on SecurityWeek. This article

React to this headline:

Loading spinner

Ivanti Patches Critical Vulnerabilities in Neurons for ITSM, Virtual Traffic Manager Read More »

SAP Patches Critical Vulnerabilities in BusinessObjects, Build Apps

SAP, Vulnerabilities, vulnerability /

SAP Patches Critical Vulnerabilities in BusinessObjects, Build Apps 2024-08-13 at 18:46 By Ionut Arghire SAP has released 25 security notes on August 2024 Security Patch Day, including for critical vulnerabilities in BusinessObjects and Build Apps. The post SAP Patches Critical Vulnerabilities in BusinessObjects, Build Apps appeared first on SecurityWeek. This article is an excerpt from

React to this headline:

Loading spinner

SAP Patches Critical Vulnerabilities in BusinessObjects, Build Apps Read More »

Several Vulnerabilities Found in Google’s Quick Share Data Transfer Utility

Vulnerabilities, vulnerability /

Several Vulnerabilities Found in Google’s Quick Share Data Transfer Utility 2024-08-12 at 19:01 By Ionut Arghire SafeBreach identified 10 vulnerabilities in Google Quick Share and devised a remote code execution chain targeting the file sharing utility for Windows. The post Several Vulnerabilities Found in Google’s Quick Share Data Transfer Utility appeared first on SecurityWeek. This

React to this headline:

Loading spinner

Several Vulnerabilities Found in Google’s Quick Share Data Transfer Utility Read More »

Critical 1Password flaws may allow hackers to snatch your passwords (CVE-2024-42219, CVE-2024-42218)

1Password, CVE, Don't miss, Hot stuff, macOS, News, password manager, passwords, security assessment, vulnerability /

Critical 1Password flaws may allow hackers to snatch your passwords (CVE-2024-42219, CVE-2024-42218) 2024-08-09 at 15:31 By Zeljka Zorz Two vulnerabilities (CVE-2024-42219, CVE-2024-42218) affecting the macOS version of the popular 1Password password manager could allow malware to steal secrets stored in the software’s vaults and obtain the account unlock key, AgileBits has confirmed. Discovered by the

React to this headline:

Loading spinner

Critical 1Password flaws may allow hackers to snatch your passwords (CVE-2024-42219, CVE-2024-42218) Read More »

“0.0.0.0-Day” vulnerability affects Chrome, Safari and Firefox

0-day, Chrome, Don't miss, Firefox, Hot stuff, Linux, macOS, News, Oligo Security, Safari, vulnerability /

“0.0.0.0-Day” vulnerability affects Chrome, Safari and Firefox 2024-08-09 at 13:01 By Zeljka Zorz A “0.0.0.0-Day” vulnerability affecting Chrome, Safari and Firefox can be – and has been – exploited by attackers to gain access to services on internal networks, Oligo Security researchers have revealed. The vulnerability stems from how those popular browsers handle network requests

React to this headline:

Loading spinner

“0.0.0.0-Day” vulnerability affects Chrome, Safari and Firefox Read More »

Vulnerability Allowed Eavesdropping via Sonos Smart Speakers

eavesdrop, IoT Security, Sonos, vulnerability /

Vulnerability Allowed Eavesdropping via Sonos Smart Speakers 2024-08-09 at 12:16 By Eduard Kovacs Sonos has patched vulnerabilities in its smart speakers, including a serious flaw that could have been exploited to eavesdrop on users. The post Vulnerability Allowed Eavesdropping via Sonos Smart Speakers appeared first on SecurityWeek. This article is an excerpt from SecurityWeek RSS

React to this headline:

Loading spinner

Vulnerability Allowed Eavesdropping via Sonos Smart Speakers Read More »

Vulnerabilities Exposed Widely Used Solar Power Systems to Hacking, Disruption

ICS, ICS/OT, IoT Security, power, Vulnerabilities, vulnerability /

Vulnerabilities Exposed Widely Used Solar Power Systems to Hacking, Disruption 2024-08-08 at 16:16 By Eduard Kovacs Vulnerabilities found in solar power systems could have been exploited by hackers to cause disruption and possibly blackouts. The post Vulnerabilities Exposed Widely Used Solar Power Systems to Hacking, Disruption appeared first on SecurityWeek. This article is an excerpt

React to this headline:

Loading spinner

Vulnerabilities Exposed Widely Used Solar Power Systems to Hacking, Disruption Read More »

“Perfect” Windows downgrade attack turns fixed vulnerabilities into zero-days

0-day, attack, Don't miss, Hot stuff, News, research, SafeBreach, vulnerability, Windows, Windows Server /

“Perfect” Windows downgrade attack turns fixed vulnerabilities into zero-days 2024-08-08 at 13:01 By Zeljka Zorz A researcher has developed a downgrade attack that can make Windows machines covertly, persistently and irreversibly vulnerable, even if they were fully patched before that. A downgrade attack exploiting the Windows Update process The direction of SafeBreach researcher Alon Leviev’s

React to this headline:

Loading spinner

“Perfect” Windows downgrade attack turns fixed vulnerabilities into zero-days Read More »

Roundcube flaws allow easy email account compromise (CVE-2024-42009, CVE-2024-42008)

CVE, Don't miss, email security, Hot stuff, News, Roundcube, security update, SonarSource, vulnerability /

Roundcube flaws allow easy email account compromise (CVE-2024-42009, CVE-2024-42008) 2024-08-07 at 12:01 By Zeljka Zorz Two cross-site scripting vulnerabilities (CVE-2024-42009, CVE-2024-42008) affecting Roundcube could be exploited by attackers to steal users’ emails and contacts, email password, and send emails from their account. About the vulnerabilities Roundcube is an open-source webmail software solution popular with European

React to this headline:

Loading spinner

Roundcube flaws allow easy email account compromise (CVE-2024-42009, CVE-2024-42008) Read More »

Chrome, Firefox Updates Patch Serious Vulnerabilities 

Chrome, Firefox, Vulnerabilities, vulnerability /

Chrome, Firefox Updates Patch Serious Vulnerabilities  2024-08-07 at 11:31 By Eduard Kovacs A Chrome 127 update patches five vulnerabilities, and Firefox 129 addresses over a dozen security holes. The post Chrome, Firefox Updates Patch Serious Vulnerabilities  appeared first on SecurityWeek. This article is an excerpt from SecurityWeek RSS Feed View Original Source React to this

React to this headline:

Loading spinner

Chrome, Firefox Updates Patch Serious Vulnerabilities  Read More »

Researchers unearth MotW bypass technique used by threat actors for years

Don't miss, Elastic, Features, malware detection, Microsoft, News, security controls, vulnerability, Windows /

Researchers unearth MotW bypass technique used by threat actors for years 2024-08-06 at 14:31 By Zeljka Zorz Threat actors have been abusing a bug in how Windows handles LNK files with non-standard target paths and internal structures to prevent in-built protections from stopping malicious payloads and trick users into running them. “We identified multiple samples

React to this headline:

Loading spinner

Researchers unearth MotW bypass technique used by threat actors for years Read More »

Google Patches Android Zero-Day Exploited in Targeted Attacks

Android, exploited, Featured, Vulnerabilities, vulnerability, Zero-Day /

Google Patches Android Zero-Day Exploited in Targeted Attacks 2024-08-06 at 11:01 By Eduard Kovacs Google has patched CVE-2024-36971, a high-severity kernel zero-day vulnerability in Android that has been exploited in targeted attacks.  The post Google Patches Android Zero-Day Exploited in Targeted Attacks appeared first on SecurityWeek. This article is an excerpt from SecurityWeek RSS Feed

React to this headline:

Loading spinner

Google Patches Android Zero-Day Exploited in Targeted Attacks Read More »

From Weaponization to Victimization: Fallout from the ServiceNow Vulnerability

vulnerability /

From Weaponization to Victimization: Fallout from the ServiceNow Vulnerability 2024-08-06 at 10:16 By Cyble Threat Actors capitalize on ServiceNow vulnerability  ServiceNow is a cloud-based platform that provides enterprise service management (ESM) software. It is designed to help organizations manage digital workflows for enterprise operations.   ServiceNow offers a range of solutions, including IT Service Management (ITSM),

React to this headline:

Loading spinner

From Weaponization to Victimization: Fallout from the ServiceNow Vulnerability Read More »

From Weaponization to Victimization: Fallout from ServiceNow Vulnerability

vulnerability /

From Weaponization to Victimization: Fallout from ServiceNow Vulnerability 2024-08-06 at 10:01 By Cyble Threat Actors capitalize on ServiceNow vulnerability  ServiceNow is a cloud-based platform that provides enterprise service management (ESM) software. It is designed to help organizations manage digital workflows for enterprise operations.   ServiceNow offers a range of solutions, including IT Service Management (ITSM), IT

React to this headline:

Loading spinner

From Weaponization to Victimization: Fallout from ServiceNow Vulnerability Read More »

Critical Apache OFBiz pre-auth RCE flaw fixed, update ASAP! (CVE-2024-38856)

Apache OFBiz, CVE, Don't miss, enterprise, Hot stuff, News, open source, SonicWall, vulnerability /

Critical Apache OFBiz pre-auth RCE flaw fixed, update ASAP! (CVE-2024-38856) 2024-08-05 at 16:47 By Zeljka Zorz CVE-2024-38856, an incorrect authorization vulnerability affecting all but the latest version of Apache OFBiz, may be exploited by remote, unauthenticated attackers to execute arbitrary code on vulnerable systems. About CVE-2024-38856 Apache OFBiz is an open-source framework for enterprise resource

React to this headline:

Loading spinner

Critical Apache OFBiz pre-auth RCE flaw fixed, update ASAP! (CVE-2024-38856) Read More »

Scroll to Top